1. Packages
  2. Aviatrix
  3. API Docs
  4. AviatrixGateway
Aviatrix v0.0.11 published on Saturday, Jun 17, 2023 by Aviatrix

aviatrix.AviatrixGateway

Explore with Pulumi AI

aviatrix logo
Aviatrix v0.0.11 published on Saturday, Jun 17, 2023 by Aviatrix

    Import

    gateway can be imported using the gw_name, e.g.

     $ pulumi import aviatrix:index/aviatrixGateway:AviatrixGateway test gw_name
    

    Create AviatrixGateway Resource

    new AviatrixGateway(name: string, args: AviatrixGatewayArgs, opts?: CustomResourceOptions);
    @overload
    def AviatrixGateway(resource_name: str,
                        opts: Optional[ResourceOptions] = None,
                        account_name: Optional[str] = None,
                        additional_cidrs: Optional[str] = None,
                        additional_cidrs_designated_gateway: Optional[str] = None,
                        allocate_new_eip: Optional[bool] = None,
                        availability_domain: Optional[str] = None,
                        azure_eip_name_resource_group: Optional[str] = None,
                        cloud_type: Optional[int] = None,
                        customer_managed_keys: Optional[str] = None,
                        duo_api_hostname: Optional[str] = None,
                        duo_integration_key: Optional[str] = None,
                        duo_push_mode: Optional[str] = None,
                        duo_secret_key: Optional[str] = None,
                        eip: Optional[str] = None,
                        elb_name: Optional[str] = None,
                        enable_designated_gateway: Optional[bool] = None,
                        enable_elb: Optional[bool] = None,
                        enable_encrypt_volume: Optional[bool] = None,
                        enable_jumbo_frame: Optional[bool] = None,
                        enable_ldap: Optional[bool] = None,
                        enable_monitor_gateway_subnets: Optional[bool] = None,
                        enable_public_subnet_filtering: Optional[bool] = None,
                        enable_spot_instance: Optional[bool] = None,
                        enable_vpc_dns_server: Optional[bool] = None,
                        enable_vpn_nat: Optional[bool] = None,
                        fault_domain: Optional[str] = None,
                        fqdn_lan_cidr: Optional[str] = None,
                        fqdn_lan_vpc_id: Optional[str] = None,
                        gw_name: Optional[str] = None,
                        gw_size: Optional[str] = None,
                        idle_timeout: Optional[int] = None,
                        image_version: Optional[str] = None,
                        insane_mode: Optional[bool] = None,
                        insane_mode_az: Optional[str] = None,
                        ldap_base_dn: Optional[str] = None,
                        ldap_bind_dn: Optional[str] = None,
                        ldap_password: Optional[str] = None,
                        ldap_server: Optional[str] = None,
                        ldap_username_attribute: Optional[str] = None,
                        max_vpn_conn: Optional[str] = None,
                        monitor_exclude_lists: Optional[Sequence[str]] = None,
                        name_servers: Optional[str] = None,
                        okta_token: Optional[str] = None,
                        okta_url: Optional[str] = None,
                        okta_username_suffix: Optional[str] = None,
                        otp_mode: Optional[str] = None,
                        peering_ha_availability_domain: Optional[str] = None,
                        peering_ha_azure_eip_name_resource_group: Optional[str] = None,
                        peering_ha_eip: Optional[str] = None,
                        peering_ha_fault_domain: Optional[str] = None,
                        peering_ha_gw_size: Optional[str] = None,
                        peering_ha_image_version: Optional[str] = None,
                        peering_ha_insane_mode_az: Optional[str] = None,
                        peering_ha_software_version: Optional[str] = None,
                        peering_ha_subnet: Optional[str] = None,
                        peering_ha_zone: Optional[str] = None,
                        public_subnet_filtering_guard_duty_enforced: Optional[bool] = None,
                        public_subnet_filtering_ha_route_tables: Optional[Sequence[str]] = None,
                        public_subnet_filtering_route_tables: Optional[Sequence[str]] = None,
                        renegotiation_interval: Optional[int] = None,
                        rx_queue_size: Optional[str] = None,
                        saml_enabled: Optional[bool] = None,
                        search_domains: Optional[str] = None,
                        single_az_ha: Optional[bool] = None,
                        single_ip_snat: Optional[bool] = None,
                        software_version: Optional[str] = None,
                        split_tunnel: Optional[bool] = None,
                        spot_price: Optional[str] = None,
                        subnet: Optional[str] = None,
                        tag_lists: Optional[Sequence[str]] = None,
                        tags: Optional[Mapping[str, str]] = None,
                        tunnel_detection_time: Optional[int] = None,
                        vpc_id: Optional[str] = None,
                        vpc_reg: Optional[str] = None,
                        vpn_access: Optional[bool] = None,
                        vpn_cidr: Optional[str] = None,
                        vpn_protocol: Optional[str] = None,
                        zone: Optional[str] = None)
    @overload
    def AviatrixGateway(resource_name: str,
                        args: AviatrixGatewayArgs,
                        opts: Optional[ResourceOptions] = None)
    func NewAviatrixGateway(ctx *Context, name string, args AviatrixGatewayArgs, opts ...ResourceOption) (*AviatrixGateway, error)
    public AviatrixGateway(string name, AviatrixGatewayArgs args, CustomResourceOptions? opts = null)
    public AviatrixGateway(String name, AviatrixGatewayArgs args)
    public AviatrixGateway(String name, AviatrixGatewayArgs args, CustomResourceOptions options)
    
    type: aviatrix:AviatrixGateway
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args AviatrixGatewayArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args AviatrixGatewayArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args AviatrixGatewayArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args AviatrixGatewayArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args AviatrixGatewayArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    AviatrixGateway Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The AviatrixGateway resource accepts the following input properties:

    AccountName string
    Account name. This account will be used to launch Aviatrix gateway.
    CloudType int
    Cloud service provider to use to launch the gateway. Requires an integer value. Currently supports AWS(1), GCP(4), Azure(8), OCI(16), AzureGov(32), AWSGov(256), AWSChina(1024), AzureChina(2048), Alibaba Cloud (8192), AWS Top Secret (16384) and AWS Secret (32768).
    GwName string
    Name of the Aviatrix gateway to be created.
    GwSize string
    Size of the gateway instance. Example: AWS/AWSGov/AWSChina: "t2.large", GCP: "n1-standard-1", Azure/AzureGov/AzureChina: "Standard_B1s", OCI: "VM.Standard2.2".
    Subnet string
    A VPC network address range selected from one of the available network ranges. Example: "172.31.0.0/20". NOTE: If using insane_mode, please see notes here.
    VpcId string
    VPC ID/VNet name of cloud provider. Example: AWS/AWSGov/AWSChina: "vpc-abcd1234", GCP: "vpc-gcp-test~-~project-id", Azure/AzureGov/AzureChina: "vnet_name:rg_name:resource_guid", OCI: "ocid1.vcn.oc1.iad.aaaaaaaaba3pv6wkcr4jqae5f44n2b2m2yt2j6rx32uzr4h25vqstifsfdsq".
    VpcReg string
    VPC region the gateway will be created in. Example: AWS: "us-east-1", GCP: "us-west2-a", Azure: "East US 2", OCI: "us-ashburn-1", AzureGov: "USGov Arizona", AWSGov: "us-gov-west-1", AWSChina: "cn-north-1", AzureChina: "China North", AWS Top Secret: "us-iso-east-1", AWS Secret: "us-isob-east-1".
    AdditionalCidrs string
    A list of destination CIDR ranges that will also go through the VPN tunnel when Split Tunnel Mode is enabled.
    AdditionalCidrsDesignatedGateway string
    A list of CIDR ranges separated by comma to configure when "Designated Gateway" feature is enabled. Example: "10.8.0.0/16,10.9.0.0/16,10.10.0.0/16".
    AllocateNewEip bool
    If set to false, use an available address in Elastic IP pool for this gateway. Otherwise, allocate a new Elastic IP and use it for this gateway. Available in Controller 2.7+. Valid values: true, false. Default: true.
    AvailabilityDomain string
    Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.
    AzureEipNameResourceGroup string
    Name of public IP Address resource and its resource group in Azure to be assigned to the gateway instance. Example: "IP_Name:Resource_Group_Name". Required when allocate_new_eip is false and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.
    CustomerManagedKeys string
    Customer-managed key ID.
    DuoApiHostname string
    API hostname for DUO auth mode. Required: Yes if otp_mode is "2".
    DuoIntegrationKey string
    Integration key for DUO auth mode. Required if otp_mode is "2".
    DuoPushMode string
    Push mode for DUO auth. Required if otp_mode is "2". Valid values: "auto", "selective" and "token".
    DuoSecretKey string
    Secret key for DUO auth mode. Required if otp_mode is "2".
    Eip string
    Specified EIP to use for gateway creation. Required when allocate_new_eip is false. Available in Controller version 3.5+. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.
    ElbName string
    A name for the ELB that is created. If it is not specified, a name is generated automatically.
    EnableDesignatedGateway bool
    Enable Designated Gateway feature for Gateway. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false. Please view documentation here for more information on this feature.
    EnableElb bool
    Specify whether to enable ELB or not. Not supported for OCI gateways. Valid values: true, false.
    EnableEncryptVolume bool
    Enable EBS volume encryption for the gateway. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.
    EnableJumboFrame bool
    Enable jumbo frames for this gateway. Default value is true.
    EnableLdap bool
    Enable/disable LDAP. Valid values: true, false. Default value: false.
    EnableMonitorGatewaySubnets bool
    If set to true, the Monitor Gateway Subnets feature is enabled. Default value is false. Available in provider version R2.17.1+.
    EnablePublicSubnetFiltering bool
    Create a Public Subnet Filtering gateway.
    EnableSpotInstance bool
    Enable spot instance. NOT supported for production deployment.
    EnableVpcDnsServer bool
    Enable VPC DNS Server for gateway. Currently only supported for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, Alibaba Cloud, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.
    EnableVpnNat bool
    Enable/disable VPN NAT. Only supported for VPN gateway. Valid values: true, false. Default value: true.
    FaultDomain string
    Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.
    FqdnLanCidr string
    If fqdn_lan_cidr is set, the FQDN gateway will be created with an additional LAN interface using the provided CIDR. This attribute is required when enabling FQDN gateway FireNet in Azure or GCP. Available in provider version R2.17.1+.
    FqdnLanVpcId string
    FQDN LAN VPC ID. This attribute is required when enabling FQDN gateway FireNet in GCP. Available as of provider version R2.18.1+.
    IdleTimeout int
    It sets the value (seconds) of the idle timeout. This idle timeout feature is enable only if this attribute is set, otherwise it is disabled. The entered value must be an integer number greater than 300. Available in provider version R2.17.1+.
    ImageVersion string
    The image version of the gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired software_version. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.
    InsaneMode bool
    Enable Insane Mode for Gateway. Insane Mode gateway size must be at least c5 series (AWS) or Standard_D3_v2 (Azure/AzureGov). If enabled, a valid /26 CIDR segment of the VPC must be specified to create a new subnet. Only supported for AWS, AWSGov, Azure, AzureGov, AWS China, Azure China, AWS Top Secret or AWS Secret. Valid values: true, false.
    InsaneModeAz string
    Region + Availability Zone of subnet being created for Insane Mode gateway. Required for AWS, AWSGov, AWS China, AWS Top Secret or AWS Secret if insane_mode is set. Example: AWS: "us-west-1a".
    LdapBaseDn string
    LDAP base DN. Required if enable_ldap is true.
    LdapBindDn string
    LDAP bind DN. Required if enable_ldap is true.
    LdapPassword string
    LDAP password. Required if enable_ldap is true.
    LdapServer string
    LDAP server address. Required if enable_ldap is true.
    LdapUsernameAttribute string
    LDAP user attribute. Required if enable_ldap is true.
    MaxVpnConn string
    Maximum number of active VPN users allowed to be connected to this gateway. Required if vpn_access is true. Make sure the number is smaller than the VPN CIDR block. Example: 100. NOTE: Please see notes here in regards to any deltas found in your state with the addition of this argument in R1.14.
    MonitorExcludeLists List<string>
    Set of monitored instance ids. Only valid when 'enable_monitor_gateway_subnets' = true. Available in provider version R2.17.1+.
    NameServers string
    A list of DNS servers used to resolve domain names by a connected VPN user when Split Tunnel Mode is enabled.
    OktaToken string
    Token for Okta auth mode. Required if otp_mode is "3".
    OktaUrl string
    URL for Okta auth mode. Required if otp_mode is "3".
    OktaUsernameSuffix string
    Username suffix for Okta auth mode. Example: "aviatrix.com".
    OtpMode string
    Two step authentication mode. Valid values: "2" for DUO, "3" for Okta.
    PeeringHaAvailabilityDomain string
    Peering HA gateway availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.
    PeeringHaAzureEipNameResourceGroup string
    Name of public IP address resource and its resource group in Azure to be assigned to the HA peering instance. Example: "IP_Name:Resource_Group_Name". Required if peering_ha_eip is set and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.
    PeeringHaEip string
    Public IP address to be assigned to the HA peering instance. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.
    PeeringHaFaultDomain string
    Peering HA gateway fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.
    PeeringHaGwSize string
    Size of the Peering HA Gateway to be created. Required if enabling Peering HA. NOTE: Please see notes here in regards to any deltas found in your state with the addition of this argument in R1.8.
    PeeringHaImageVersion string
    The image version of the HA gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired ha_software_version. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.
    PeeringHaInsaneModeAz string
    Region + Availability Zone of subnet being created for Insane Mode-enabled Peering HA Gateway. Required for AWS only if insane_mode is set and peering_ha_subnet is set. Example: AWS: "us-west-1a".
    PeeringHaSoftwareVersion string
    The software version of the HA gateway. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the HA gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.
    PeeringHaSubnet string
    Public subnet CIDR to create Peering HA Gateway in. Required if enabling Peering HA for AWS/AWSGov/AWS Top Secret/AWS Secret/Azure/AzureGov/Alibaba Cloud. Optional if enabling Peering HA for GCP. Example: AWS: "10.0.0.0/16".
    PeeringHaZone string
    Zone to create Peering HA Gateway in. Required if enabling Peering HA for GCP. Example: GCP: "us-west1-c". Optional for Azure. Valid values for Azure gateways are in the form "az-n". Example: "az-2". Available for Azure as of provider version R2.17+.
    PublicSubnetFilteringGuardDutyEnforced bool
    Whether to enforce Guard Duty IP blocking. Only valid when enable_public_subnet_filtering attribute is true. Valid values: true or false. Default value: true. Available as of provider version R2.18+.
    PublicSubnetFilteringHaRouteTables List<string>
    Route tables whose associated public subnets are protected for the HA PSF gateway. Required when enable_public_subnet_filtering and peering_ha_subnet are set. Available as of provider version R2.18+.
    PublicSubnetFilteringRouteTables List<string>
    Route tables whose associated public subnets are protected. Only valid when enable_public_subnet_filtering attribute is true. Available as of provider version R2.18+.
    RenegotiationInterval int
    It sets the value (seconds) of the renegotiation interval. This renegotiation interval feature is enable only if this attribute is set, otherwise it is disabled. The entered value must be an integer number greater than 300. Available in provider version R2.17.1+.
    RxQueueSize string
    Gateway ethernet interface RX queue size. Once set, can't be deleted or disabled. Available for AWS as of provider version R2.22+.
    SamlEnabled bool
    Enable/disable SAML. This field is available in Controller version 3.3 or later release. Valid values: true, false. Default value: false.
    SearchDomains string
    A list of domain names that will use the NameServer when a specific name is not in the destination when Split Tunnel Mode is enabled.
    SingleAzHa bool
    If enabled, Controller monitors the health of the gateway and restarts the gateway if it becomes unreachable. Valid values: true, false. Default value: false.
    SingleIpSnat bool
    Enable Source NAT in "single ip" mode for this gateway. Valid values: true, false. Default value: false. NOTE: If using SNAT for FQDN use-case, please see notes here.
    SoftwareVersion string
    The software version of the gateway. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.
    SplitTunnel bool
    Enable/disable Split Tunnel Mode. Valid values: true, false. Default value: true. Please see here for more information on split tunnel.
    SpotPrice string
    Price for spot instance. NOT supported for production deployment.
    TagLists List<string>
    (Optional) Tag list of the gateway instance. Only available for AWS, AWSGov, AWSChina, Azure, AzureGov and AzureChina gateways. Example: ["key1:value1", "key2:value2"].

    • storage_name (Optional) Specify a storage account. Required if cloud_type is 2048 (AzureChina). Removed in Provider version 2.21.0+.

    Deprecated:Use tags instead.

    Tags Dictionary<string, string>
    Map of tags to assign to the gateway. Only available for AWS, AWSGov, AWSChina, Azure, AzureGov, AzureChina, AWS Top Secret and AWS Secret gateways. Allowed characters vary by cloud type but always include: letters, spaces, and numbers. AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret allow the use of any character. Azure, AzureGov and AzureChina allows the following special characters: + - = . _ : @. Example: {"key1" = "value1", "key2" = "value2"}.
    TunnelDetectionTime int
    The IPSec tunnel down detection time for the Gateway.
    VpnAccess bool
    Enable user access through VPN to this gateway. Valid values: true, false.
    VpnCidr string
    VPN CIDR block for the gateway. Required if vpn_access is true. Example: "192.168.43.0/24".
    VpnProtocol string
    Transport mode for VPN connection. All cloud_types support TCP with ELB, and UDP without ELB. AWS(1) additionally supports UDP with ELB. Valid values: "TCP", "UDP". If not specified, "TCP" will be used.
    Zone string
    Availability Zone. Only available for Azure and Public Subnet Filtering gateway. Available for Azure as of provider version R2.17+.
    AccountName string
    Account name. This account will be used to launch Aviatrix gateway.
    CloudType int
    Cloud service provider to use to launch the gateway. Requires an integer value. Currently supports AWS(1), GCP(4), Azure(8), OCI(16), AzureGov(32), AWSGov(256), AWSChina(1024), AzureChina(2048), Alibaba Cloud (8192), AWS Top Secret (16384) and AWS Secret (32768).
    GwName string
    Name of the Aviatrix gateway to be created.
    GwSize string
    Size of the gateway instance. Example: AWS/AWSGov/AWSChina: "t2.large", GCP: "n1-standard-1", Azure/AzureGov/AzureChina: "Standard_B1s", OCI: "VM.Standard2.2".
    Subnet string
    A VPC network address range selected from one of the available network ranges. Example: "172.31.0.0/20". NOTE: If using insane_mode, please see notes here.
    VpcId string
    VPC ID/VNet name of cloud provider. Example: AWS/AWSGov/AWSChina: "vpc-abcd1234", GCP: "vpc-gcp-test~-~project-id", Azure/AzureGov/AzureChina: "vnet_name:rg_name:resource_guid", OCI: "ocid1.vcn.oc1.iad.aaaaaaaaba3pv6wkcr4jqae5f44n2b2m2yt2j6rx32uzr4h25vqstifsfdsq".
    VpcReg string
    VPC region the gateway will be created in. Example: AWS: "us-east-1", GCP: "us-west2-a", Azure: "East US 2", OCI: "us-ashburn-1", AzureGov: "USGov Arizona", AWSGov: "us-gov-west-1", AWSChina: "cn-north-1", AzureChina: "China North", AWS Top Secret: "us-iso-east-1", AWS Secret: "us-isob-east-1".
    AdditionalCidrs string
    A list of destination CIDR ranges that will also go through the VPN tunnel when Split Tunnel Mode is enabled.
    AdditionalCidrsDesignatedGateway string
    A list of CIDR ranges separated by comma to configure when "Designated Gateway" feature is enabled. Example: "10.8.0.0/16,10.9.0.0/16,10.10.0.0/16".
    AllocateNewEip bool
    If set to false, use an available address in Elastic IP pool for this gateway. Otherwise, allocate a new Elastic IP and use it for this gateway. Available in Controller 2.7+. Valid values: true, false. Default: true.
    AvailabilityDomain string
    Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.
    AzureEipNameResourceGroup string
    Name of public IP Address resource and its resource group in Azure to be assigned to the gateway instance. Example: "IP_Name:Resource_Group_Name". Required when allocate_new_eip is false and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.
    CustomerManagedKeys string
    Customer-managed key ID.
    DuoApiHostname string
    API hostname for DUO auth mode. Required: Yes if otp_mode is "2".
    DuoIntegrationKey string
    Integration key for DUO auth mode. Required if otp_mode is "2".
    DuoPushMode string
    Push mode for DUO auth. Required if otp_mode is "2". Valid values: "auto", "selective" and "token".
    DuoSecretKey string
    Secret key for DUO auth mode. Required if otp_mode is "2".
    Eip string
    Specified EIP to use for gateway creation. Required when allocate_new_eip is false. Available in Controller version 3.5+. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.
    ElbName string
    A name for the ELB that is created. If it is not specified, a name is generated automatically.
    EnableDesignatedGateway bool
    Enable Designated Gateway feature for Gateway. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false. Please view documentation here for more information on this feature.
    EnableElb bool
    Specify whether to enable ELB or not. Not supported for OCI gateways. Valid values: true, false.
    EnableEncryptVolume bool
    Enable EBS volume encryption for the gateway. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.
    EnableJumboFrame bool
    Enable jumbo frames for this gateway. Default value is true.
    EnableLdap bool
    Enable/disable LDAP. Valid values: true, false. Default value: false.
    EnableMonitorGatewaySubnets bool
    If set to true, the Monitor Gateway Subnets feature is enabled. Default value is false. Available in provider version R2.17.1+.
    EnablePublicSubnetFiltering bool
    Create a Public Subnet Filtering gateway.
    EnableSpotInstance bool
    Enable spot instance. NOT supported for production deployment.
    EnableVpcDnsServer bool
    Enable VPC DNS Server for gateway. Currently only supported for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, Alibaba Cloud, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.
    EnableVpnNat bool
    Enable/disable VPN NAT. Only supported for VPN gateway. Valid values: true, false. Default value: true.
    FaultDomain string
    Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.
    FqdnLanCidr string
    If fqdn_lan_cidr is set, the FQDN gateway will be created with an additional LAN interface using the provided CIDR. This attribute is required when enabling FQDN gateway FireNet in Azure or GCP. Available in provider version R2.17.1+.
    FqdnLanVpcId string
    FQDN LAN VPC ID. This attribute is required when enabling FQDN gateway FireNet in GCP. Available as of provider version R2.18.1+.
    IdleTimeout int
    It sets the value (seconds) of the idle timeout. This idle timeout feature is enable only if this attribute is set, otherwise it is disabled. The entered value must be an integer number greater than 300. Available in provider version R2.17.1+.
    ImageVersion string
    The image version of the gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired software_version. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.
    InsaneMode bool
    Enable Insane Mode for Gateway. Insane Mode gateway size must be at least c5 series (AWS) or Standard_D3_v2 (Azure/AzureGov). If enabled, a valid /26 CIDR segment of the VPC must be specified to create a new subnet. Only supported for AWS, AWSGov, Azure, AzureGov, AWS China, Azure China, AWS Top Secret or AWS Secret. Valid values: true, false.
    InsaneModeAz string
    Region + Availability Zone of subnet being created for Insane Mode gateway. Required for AWS, AWSGov, AWS China, AWS Top Secret or AWS Secret if insane_mode is set. Example: AWS: "us-west-1a".
    LdapBaseDn string
    LDAP base DN. Required if enable_ldap is true.
    LdapBindDn string
    LDAP bind DN. Required if enable_ldap is true.
    LdapPassword string
    LDAP password. Required if enable_ldap is true.
    LdapServer string
    LDAP server address. Required if enable_ldap is true.
    LdapUsernameAttribute string
    LDAP user attribute. Required if enable_ldap is true.
    MaxVpnConn string
    Maximum number of active VPN users allowed to be connected to this gateway. Required if vpn_access is true. Make sure the number is smaller than the VPN CIDR block. Example: 100. NOTE: Please see notes here in regards to any deltas found in your state with the addition of this argument in R1.14.
    MonitorExcludeLists []string
    Set of monitored instance ids. Only valid when 'enable_monitor_gateway_subnets' = true. Available in provider version R2.17.1+.
    NameServers string
    A list of DNS servers used to resolve domain names by a connected VPN user when Split Tunnel Mode is enabled.
    OktaToken string
    Token for Okta auth mode. Required if otp_mode is "3".
    OktaUrl string
    URL for Okta auth mode. Required if otp_mode is "3".
    OktaUsernameSuffix string
    Username suffix for Okta auth mode. Example: "aviatrix.com".
    OtpMode string
    Two step authentication mode. Valid values: "2" for DUO, "3" for Okta.
    PeeringHaAvailabilityDomain string
    Peering HA gateway availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.
    PeeringHaAzureEipNameResourceGroup string
    Name of public IP address resource and its resource group in Azure to be assigned to the HA peering instance. Example: "IP_Name:Resource_Group_Name". Required if peering_ha_eip is set and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.
    PeeringHaEip string
    Public IP address to be assigned to the HA peering instance. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.
    PeeringHaFaultDomain string
    Peering HA gateway fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.
    PeeringHaGwSize string
    Size of the Peering HA Gateway to be created. Required if enabling Peering HA. NOTE: Please see notes here in regards to any deltas found in your state with the addition of this argument in R1.8.
    PeeringHaImageVersion string
    The image version of the HA gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired ha_software_version. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.
    PeeringHaInsaneModeAz string
    Region + Availability Zone of subnet being created for Insane Mode-enabled Peering HA Gateway. Required for AWS only if insane_mode is set and peering_ha_subnet is set. Example: AWS: "us-west-1a".
    PeeringHaSoftwareVersion string
    The software version of the HA gateway. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the HA gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.
    PeeringHaSubnet string
    Public subnet CIDR to create Peering HA Gateway in. Required if enabling Peering HA for AWS/AWSGov/AWS Top Secret/AWS Secret/Azure/AzureGov/Alibaba Cloud. Optional if enabling Peering HA for GCP. Example: AWS: "10.0.0.0/16".
    PeeringHaZone string
    Zone to create Peering HA Gateway in. Required if enabling Peering HA for GCP. Example: GCP: "us-west1-c". Optional for Azure. Valid values for Azure gateways are in the form "az-n". Example: "az-2". Available for Azure as of provider version R2.17+.
    PublicSubnetFilteringGuardDutyEnforced bool
    Whether to enforce Guard Duty IP blocking. Only valid when enable_public_subnet_filtering attribute is true. Valid values: true or false. Default value: true. Available as of provider version R2.18+.
    PublicSubnetFilteringHaRouteTables []string
    Route tables whose associated public subnets are protected for the HA PSF gateway. Required when enable_public_subnet_filtering and peering_ha_subnet are set. Available as of provider version R2.18+.
    PublicSubnetFilteringRouteTables []string
    Route tables whose associated public subnets are protected. Only valid when enable_public_subnet_filtering attribute is true. Available as of provider version R2.18+.
    RenegotiationInterval int
    It sets the value (seconds) of the renegotiation interval. This renegotiation interval feature is enable only if this attribute is set, otherwise it is disabled. The entered value must be an integer number greater than 300. Available in provider version R2.17.1+.
    RxQueueSize string
    Gateway ethernet interface RX queue size. Once set, can't be deleted or disabled. Available for AWS as of provider version R2.22+.
    SamlEnabled bool
    Enable/disable SAML. This field is available in Controller version 3.3 or later release. Valid values: true, false. Default value: false.
    SearchDomains string
    A list of domain names that will use the NameServer when a specific name is not in the destination when Split Tunnel Mode is enabled.
    SingleAzHa bool
    If enabled, Controller monitors the health of the gateway and restarts the gateway if it becomes unreachable. Valid values: true, false. Default value: false.
    SingleIpSnat bool
    Enable Source NAT in "single ip" mode for this gateway. Valid values: true, false. Default value: false. NOTE: If using SNAT for FQDN use-case, please see notes here.
    SoftwareVersion string
    The software version of the gateway. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.
    SplitTunnel bool
    Enable/disable Split Tunnel Mode. Valid values: true, false. Default value: true. Please see here for more information on split tunnel.
    SpotPrice string
    Price for spot instance. NOT supported for production deployment.
    TagLists []string
    (Optional) Tag list of the gateway instance. Only available for AWS, AWSGov, AWSChina, Azure, AzureGov and AzureChina gateways. Example: ["key1:value1", "key2:value2"].

    • storage_name (Optional) Specify a storage account. Required if cloud_type is 2048 (AzureChina). Removed in Provider version 2.21.0+.

    Deprecated:Use tags instead.

    Tags map[string]string
    Map of tags to assign to the gateway. Only available for AWS, AWSGov, AWSChina, Azure, AzureGov, AzureChina, AWS Top Secret and AWS Secret gateways. Allowed characters vary by cloud type but always include: letters, spaces, and numbers. AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret allow the use of any character. Azure, AzureGov and AzureChina allows the following special characters: + - = . _ : @. Example: {"key1" = "value1", "key2" = "value2"}.
    TunnelDetectionTime int
    The IPSec tunnel down detection time for the Gateway.
    VpnAccess bool
    Enable user access through VPN to this gateway. Valid values: true, false.
    VpnCidr string
    VPN CIDR block for the gateway. Required if vpn_access is true. Example: "192.168.43.0/24".
    VpnProtocol string
    Transport mode for VPN connection. All cloud_types support TCP with ELB, and UDP without ELB. AWS(1) additionally supports UDP with ELB. Valid values: "TCP", "UDP". If not specified, "TCP" will be used.
    Zone string
    Availability Zone. Only available for Azure and Public Subnet Filtering gateway. Available for Azure as of provider version R2.17+.
    accountName String
    Account name. This account will be used to launch Aviatrix gateway.
    cloudType Integer
    Cloud service provider to use to launch the gateway. Requires an integer value. Currently supports AWS(1), GCP(4), Azure(8), OCI(16), AzureGov(32), AWSGov(256), AWSChina(1024), AzureChina(2048), Alibaba Cloud (8192), AWS Top Secret (16384) and AWS Secret (32768).
    gwName String
    Name of the Aviatrix gateway to be created.
    gwSize String
    Size of the gateway instance. Example: AWS/AWSGov/AWSChina: "t2.large", GCP: "n1-standard-1", Azure/AzureGov/AzureChina: "Standard_B1s", OCI: "VM.Standard2.2".
    subnet String
    A VPC network address range selected from one of the available network ranges. Example: "172.31.0.0/20". NOTE: If using insane_mode, please see notes here.
    vpcId String
    VPC ID/VNet name of cloud provider. Example: AWS/AWSGov/AWSChina: "vpc-abcd1234", GCP: "vpc-gcp-test~-~project-id", Azure/AzureGov/AzureChina: "vnet_name:rg_name:resource_guid", OCI: "ocid1.vcn.oc1.iad.aaaaaaaaba3pv6wkcr4jqae5f44n2b2m2yt2j6rx32uzr4h25vqstifsfdsq".
    vpcReg String
    VPC region the gateway will be created in. Example: AWS: "us-east-1", GCP: "us-west2-a", Azure: "East US 2", OCI: "us-ashburn-1", AzureGov: "USGov Arizona", AWSGov: "us-gov-west-1", AWSChina: "cn-north-1", AzureChina: "China North", AWS Top Secret: "us-iso-east-1", AWS Secret: "us-isob-east-1".
    additionalCidrs String
    A list of destination CIDR ranges that will also go through the VPN tunnel when Split Tunnel Mode is enabled.
    additionalCidrsDesignatedGateway String
    A list of CIDR ranges separated by comma to configure when "Designated Gateway" feature is enabled. Example: "10.8.0.0/16,10.9.0.0/16,10.10.0.0/16".
    allocateNewEip Boolean
    If set to false, use an available address in Elastic IP pool for this gateway. Otherwise, allocate a new Elastic IP and use it for this gateway. Available in Controller 2.7+. Valid values: true, false. Default: true.
    availabilityDomain String
    Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.
    azureEipNameResourceGroup String
    Name of public IP Address resource and its resource group in Azure to be assigned to the gateway instance. Example: "IP_Name:Resource_Group_Name". Required when allocate_new_eip is false and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.
    customerManagedKeys String
    Customer-managed key ID.
    duoApiHostname String
    API hostname for DUO auth mode. Required: Yes if otp_mode is "2".
    duoIntegrationKey String
    Integration key for DUO auth mode. Required if otp_mode is "2".
    duoPushMode String
    Push mode for DUO auth. Required if otp_mode is "2". Valid values: "auto", "selective" and "token".
    duoSecretKey String
    Secret key for DUO auth mode. Required if otp_mode is "2".
    eip String
    Specified EIP to use for gateway creation. Required when allocate_new_eip is false. Available in Controller version 3.5+. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.
    elbName String
    A name for the ELB that is created. If it is not specified, a name is generated automatically.
    enableDesignatedGateway Boolean
    Enable Designated Gateway feature for Gateway. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false. Please view documentation here for more information on this feature.
    enableElb Boolean
    Specify whether to enable ELB or not. Not supported for OCI gateways. Valid values: true, false.
    enableEncryptVolume Boolean
    Enable EBS volume encryption for the gateway. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.
    enableJumboFrame Boolean
    Enable jumbo frames for this gateway. Default value is true.
    enableLdap Boolean
    Enable/disable LDAP. Valid values: true, false. Default value: false.
    enableMonitorGatewaySubnets Boolean
    If set to true, the Monitor Gateway Subnets feature is enabled. Default value is false. Available in provider version R2.17.1+.
    enablePublicSubnetFiltering Boolean
    Create a Public Subnet Filtering gateway.
    enableSpotInstance Boolean
    Enable spot instance. NOT supported for production deployment.
    enableVpcDnsServer Boolean
    Enable VPC DNS Server for gateway. Currently only supported for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, Alibaba Cloud, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.
    enableVpnNat Boolean
    Enable/disable VPN NAT. Only supported for VPN gateway. Valid values: true, false. Default value: true.
    faultDomain String
    Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.
    fqdnLanCidr String
    If fqdn_lan_cidr is set, the FQDN gateway will be created with an additional LAN interface using the provided CIDR. This attribute is required when enabling FQDN gateway FireNet in Azure or GCP. Available in provider version R2.17.1+.
    fqdnLanVpcId String
    FQDN LAN VPC ID. This attribute is required when enabling FQDN gateway FireNet in GCP. Available as of provider version R2.18.1+.
    idleTimeout Integer
    It sets the value (seconds) of the idle timeout. This idle timeout feature is enable only if this attribute is set, otherwise it is disabled. The entered value must be an integer number greater than 300. Available in provider version R2.17.1+.
    imageVersion String
    The image version of the gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired software_version. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.
    insaneMode Boolean
    Enable Insane Mode for Gateway. Insane Mode gateway size must be at least c5 series (AWS) or Standard_D3_v2 (Azure/AzureGov). If enabled, a valid /26 CIDR segment of the VPC must be specified to create a new subnet. Only supported for AWS, AWSGov, Azure, AzureGov, AWS China, Azure China, AWS Top Secret or AWS Secret. Valid values: true, false.
    insaneModeAz String
    Region + Availability Zone of subnet being created for Insane Mode gateway. Required for AWS, AWSGov, AWS China, AWS Top Secret or AWS Secret if insane_mode is set. Example: AWS: "us-west-1a".
    ldapBaseDn String
    LDAP base DN. Required if enable_ldap is true.
    ldapBindDn String
    LDAP bind DN. Required if enable_ldap is true.
    ldapPassword String
    LDAP password. Required if enable_ldap is true.
    ldapServer String
    LDAP server address. Required if enable_ldap is true.
    ldapUsernameAttribute String
    LDAP user attribute. Required if enable_ldap is true.
    maxVpnConn String
    Maximum number of active VPN users allowed to be connected to this gateway. Required if vpn_access is true. Make sure the number is smaller than the VPN CIDR block. Example: 100. NOTE: Please see notes here in regards to any deltas found in your state with the addition of this argument in R1.14.
    monitorExcludeLists List<String>
    Set of monitored instance ids. Only valid when 'enable_monitor_gateway_subnets' = true. Available in provider version R2.17.1+.
    nameServers String
    A list of DNS servers used to resolve domain names by a connected VPN user when Split Tunnel Mode is enabled.
    oktaToken String
    Token for Okta auth mode. Required if otp_mode is "3".
    oktaUrl String
    URL for Okta auth mode. Required if otp_mode is "3".
    oktaUsernameSuffix String
    Username suffix for Okta auth mode. Example: "aviatrix.com".
    otpMode String
    Two step authentication mode. Valid values: "2" for DUO, "3" for Okta.
    peeringHaAvailabilityDomain String
    Peering HA gateway availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.
    peeringHaAzureEipNameResourceGroup String
    Name of public IP address resource and its resource group in Azure to be assigned to the HA peering instance. Example: "IP_Name:Resource_Group_Name". Required if peering_ha_eip is set and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.
    peeringHaEip String
    Public IP address to be assigned to the HA peering instance. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.
    peeringHaFaultDomain String
    Peering HA gateway fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.
    peeringHaGwSize String
    Size of the Peering HA Gateway to be created. Required if enabling Peering HA. NOTE: Please see notes here in regards to any deltas found in your state with the addition of this argument in R1.8.
    peeringHaImageVersion String
    The image version of the HA gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired ha_software_version. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.
    peeringHaInsaneModeAz String
    Region + Availability Zone of subnet being created for Insane Mode-enabled Peering HA Gateway. Required for AWS only if insane_mode is set and peering_ha_subnet is set. Example: AWS: "us-west-1a".
    peeringHaSoftwareVersion String
    The software version of the HA gateway. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the HA gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.
    peeringHaSubnet String
    Public subnet CIDR to create Peering HA Gateway in. Required if enabling Peering HA for AWS/AWSGov/AWS Top Secret/AWS Secret/Azure/AzureGov/Alibaba Cloud. Optional if enabling Peering HA for GCP. Example: AWS: "10.0.0.0/16".
    peeringHaZone String
    Zone to create Peering HA Gateway in. Required if enabling Peering HA for GCP. Example: GCP: "us-west1-c". Optional for Azure. Valid values for Azure gateways are in the form "az-n". Example: "az-2". Available for Azure as of provider version R2.17+.
    publicSubnetFilteringGuardDutyEnforced Boolean
    Whether to enforce Guard Duty IP blocking. Only valid when enable_public_subnet_filtering attribute is true. Valid values: true or false. Default value: true. Available as of provider version R2.18+.
    publicSubnetFilteringHaRouteTables List<String>
    Route tables whose associated public subnets are protected for the HA PSF gateway. Required when enable_public_subnet_filtering and peering_ha_subnet are set. Available as of provider version R2.18+.
    publicSubnetFilteringRouteTables List<String>
    Route tables whose associated public subnets are protected. Only valid when enable_public_subnet_filtering attribute is true. Available as of provider version R2.18+.
    renegotiationInterval Integer
    It sets the value (seconds) of the renegotiation interval. This renegotiation interval feature is enable only if this attribute is set, otherwise it is disabled. The entered value must be an integer number greater than 300. Available in provider version R2.17.1+.
    rxQueueSize String
    Gateway ethernet interface RX queue size. Once set, can't be deleted or disabled. Available for AWS as of provider version R2.22+.
    samlEnabled Boolean
    Enable/disable SAML. This field is available in Controller version 3.3 or later release. Valid values: true, false. Default value: false.
    searchDomains String
    A list of domain names that will use the NameServer when a specific name is not in the destination when Split Tunnel Mode is enabled.
    singleAzHa Boolean
    If enabled, Controller monitors the health of the gateway and restarts the gateway if it becomes unreachable. Valid values: true, false. Default value: false.
    singleIpSnat Boolean
    Enable Source NAT in "single ip" mode for this gateway. Valid values: true, false. Default value: false. NOTE: If using SNAT for FQDN use-case, please see notes here.
    softwareVersion String
    The software version of the gateway. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.
    splitTunnel Boolean
    Enable/disable Split Tunnel Mode. Valid values: true, false. Default value: true. Please see here for more information on split tunnel.
    spotPrice String
    Price for spot instance. NOT supported for production deployment.
    tagLists List<String>
    (Optional) Tag list of the gateway instance. Only available for AWS, AWSGov, AWSChina, Azure, AzureGov and AzureChina gateways. Example: ["key1:value1", "key2:value2"].

    • storage_name (Optional) Specify a storage account. Required if cloud_type is 2048 (AzureChina). Removed in Provider version 2.21.0+.

    Deprecated:Use tags instead.

    tags Map<String,String>
    Map of tags to assign to the gateway. Only available for AWS, AWSGov, AWSChina, Azure, AzureGov, AzureChina, AWS Top Secret and AWS Secret gateways. Allowed characters vary by cloud type but always include: letters, spaces, and numbers. AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret allow the use of any character. Azure, AzureGov and AzureChina allows the following special characters: + - = . _ : @. Example: {"key1" = "value1", "key2" = "value2"}.
    tunnelDetectionTime Integer
    The IPSec tunnel down detection time for the Gateway.
    vpnAccess Boolean
    Enable user access through VPN to this gateway. Valid values: true, false.
    vpnCidr String
    VPN CIDR block for the gateway. Required if vpn_access is true. Example: "192.168.43.0/24".
    vpnProtocol String
    Transport mode for VPN connection. All cloud_types support TCP with ELB, and UDP without ELB. AWS(1) additionally supports UDP with ELB. Valid values: "TCP", "UDP". If not specified, "TCP" will be used.
    zone String
    Availability Zone. Only available for Azure and Public Subnet Filtering gateway. Available for Azure as of provider version R2.17+.
    accountName string
    Account name. This account will be used to launch Aviatrix gateway.
    cloudType number
    Cloud service provider to use to launch the gateway. Requires an integer value. Currently supports AWS(1), GCP(4), Azure(8), OCI(16), AzureGov(32), AWSGov(256), AWSChina(1024), AzureChina(2048), Alibaba Cloud (8192), AWS Top Secret (16384) and AWS Secret (32768).
    gwName string
    Name of the Aviatrix gateway to be created.
    gwSize string
    Size of the gateway instance. Example: AWS/AWSGov/AWSChina: "t2.large", GCP: "n1-standard-1", Azure/AzureGov/AzureChina: "Standard_B1s", OCI: "VM.Standard2.2".
    subnet string
    A VPC network address range selected from one of the available network ranges. Example: "172.31.0.0/20". NOTE: If using insane_mode, please see notes here.
    vpcId string
    VPC ID/VNet name of cloud provider. Example: AWS/AWSGov/AWSChina: "vpc-abcd1234", GCP: "vpc-gcp-test~-~project-id", Azure/AzureGov/AzureChina: "vnet_name:rg_name:resource_guid", OCI: "ocid1.vcn.oc1.iad.aaaaaaaaba3pv6wkcr4jqae5f44n2b2m2yt2j6rx32uzr4h25vqstifsfdsq".
    vpcReg string
    VPC region the gateway will be created in. Example: AWS: "us-east-1", GCP: "us-west2-a", Azure: "East US 2", OCI: "us-ashburn-1", AzureGov: "USGov Arizona", AWSGov: "us-gov-west-1", AWSChina: "cn-north-1", AzureChina: "China North", AWS Top Secret: "us-iso-east-1", AWS Secret: "us-isob-east-1".
    additionalCidrs string
    A list of destination CIDR ranges that will also go through the VPN tunnel when Split Tunnel Mode is enabled.
    additionalCidrsDesignatedGateway string
    A list of CIDR ranges separated by comma to configure when "Designated Gateway" feature is enabled. Example: "10.8.0.0/16,10.9.0.0/16,10.10.0.0/16".
    allocateNewEip boolean
    If set to false, use an available address in Elastic IP pool for this gateway. Otherwise, allocate a new Elastic IP and use it for this gateway. Available in Controller 2.7+. Valid values: true, false. Default: true.
    availabilityDomain string
    Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.
    azureEipNameResourceGroup string
    Name of public IP Address resource and its resource group in Azure to be assigned to the gateway instance. Example: "IP_Name:Resource_Group_Name". Required when allocate_new_eip is false and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.
    customerManagedKeys string
    Customer-managed key ID.
    duoApiHostname string
    API hostname for DUO auth mode. Required: Yes if otp_mode is "2".
    duoIntegrationKey string
    Integration key for DUO auth mode. Required if otp_mode is "2".
    duoPushMode string
    Push mode for DUO auth. Required if otp_mode is "2". Valid values: "auto", "selective" and "token".
    duoSecretKey string
    Secret key for DUO auth mode. Required if otp_mode is "2".
    eip string
    Specified EIP to use for gateway creation. Required when allocate_new_eip is false. Available in Controller version 3.5+. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.
    elbName string
    A name for the ELB that is created. If it is not specified, a name is generated automatically.
    enableDesignatedGateway boolean
    Enable Designated Gateway feature for Gateway. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false. Please view documentation here for more information on this feature.
    enableElb boolean
    Specify whether to enable ELB or not. Not supported for OCI gateways. Valid values: true, false.
    enableEncryptVolume boolean
    Enable EBS volume encryption for the gateway. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.
    enableJumboFrame boolean
    Enable jumbo frames for this gateway. Default value is true.
    enableLdap boolean
    Enable/disable LDAP. Valid values: true, false. Default value: false.
    enableMonitorGatewaySubnets boolean
    If set to true, the Monitor Gateway Subnets feature is enabled. Default value is false. Available in provider version R2.17.1+.
    enablePublicSubnetFiltering boolean
    Create a Public Subnet Filtering gateway.
    enableSpotInstance boolean
    Enable spot instance. NOT supported for production deployment.
    enableVpcDnsServer boolean
    Enable VPC DNS Server for gateway. Currently only supported for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, Alibaba Cloud, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.
    enableVpnNat boolean
    Enable/disable VPN NAT. Only supported for VPN gateway. Valid values: true, false. Default value: true.
    faultDomain string
    Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.
    fqdnLanCidr string
    If fqdn_lan_cidr is set, the FQDN gateway will be created with an additional LAN interface using the provided CIDR. This attribute is required when enabling FQDN gateway FireNet in Azure or GCP. Available in provider version R2.17.1+.
    fqdnLanVpcId string
    FQDN LAN VPC ID. This attribute is required when enabling FQDN gateway FireNet in GCP. Available as of provider version R2.18.1+.
    idleTimeout number
    It sets the value (seconds) of the idle timeout. This idle timeout feature is enable only if this attribute is set, otherwise it is disabled. The entered value must be an integer number greater than 300. Available in provider version R2.17.1+.
    imageVersion string
    The image version of the gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired software_version. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.
    insaneMode boolean
    Enable Insane Mode for Gateway. Insane Mode gateway size must be at least c5 series (AWS) or Standard_D3_v2 (Azure/AzureGov). If enabled, a valid /26 CIDR segment of the VPC must be specified to create a new subnet. Only supported for AWS, AWSGov, Azure, AzureGov, AWS China, Azure China, AWS Top Secret or AWS Secret. Valid values: true, false.
    insaneModeAz string
    Region + Availability Zone of subnet being created for Insane Mode gateway. Required for AWS, AWSGov, AWS China, AWS Top Secret or AWS Secret if insane_mode is set. Example: AWS: "us-west-1a".
    ldapBaseDn string
    LDAP base DN. Required if enable_ldap is true.
    ldapBindDn string
    LDAP bind DN. Required if enable_ldap is true.
    ldapPassword string
    LDAP password. Required if enable_ldap is true.
    ldapServer string
    LDAP server address. Required if enable_ldap is true.
    ldapUsernameAttribute string
    LDAP user attribute. Required if enable_ldap is true.
    maxVpnConn string
    Maximum number of active VPN users allowed to be connected to this gateway. Required if vpn_access is true. Make sure the number is smaller than the VPN CIDR block. Example: 100. NOTE: Please see notes here in regards to any deltas found in your state with the addition of this argument in R1.14.
    monitorExcludeLists string[]
    Set of monitored instance ids. Only valid when 'enable_monitor_gateway_subnets' = true. Available in provider version R2.17.1+.
    nameServers string
    A list of DNS servers used to resolve domain names by a connected VPN user when Split Tunnel Mode is enabled.
    oktaToken string
    Token for Okta auth mode. Required if otp_mode is "3".
    oktaUrl string
    URL for Okta auth mode. Required if otp_mode is "3".
    oktaUsernameSuffix string
    Username suffix for Okta auth mode. Example: "aviatrix.com".
    otpMode string
    Two step authentication mode. Valid values: "2" for DUO, "3" for Okta.
    peeringHaAvailabilityDomain string
    Peering HA gateway availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.
    peeringHaAzureEipNameResourceGroup string
    Name of public IP address resource and its resource group in Azure to be assigned to the HA peering instance. Example: "IP_Name:Resource_Group_Name". Required if peering_ha_eip is set and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.
    peeringHaEip string
    Public IP address to be assigned to the HA peering instance. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.
    peeringHaFaultDomain string
    Peering HA gateway fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.
    peeringHaGwSize string
    Size of the Peering HA Gateway to be created. Required if enabling Peering HA. NOTE: Please see notes here in regards to any deltas found in your state with the addition of this argument in R1.8.
    peeringHaImageVersion string
    The image version of the HA gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired ha_software_version. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.
    peeringHaInsaneModeAz string
    Region + Availability Zone of subnet being created for Insane Mode-enabled Peering HA Gateway. Required for AWS only if insane_mode is set and peering_ha_subnet is set. Example: AWS: "us-west-1a".
    peeringHaSoftwareVersion string
    The software version of the HA gateway. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the HA gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.
    peeringHaSubnet string
    Public subnet CIDR to create Peering HA Gateway in. Required if enabling Peering HA for AWS/AWSGov/AWS Top Secret/AWS Secret/Azure/AzureGov/Alibaba Cloud. Optional if enabling Peering HA for GCP. Example: AWS: "10.0.0.0/16".
    peeringHaZone string
    Zone to create Peering HA Gateway in. Required if enabling Peering HA for GCP. Example: GCP: "us-west1-c". Optional for Azure. Valid values for Azure gateways are in the form "az-n". Example: "az-2". Available for Azure as of provider version R2.17+.
    publicSubnetFilteringGuardDutyEnforced boolean
    Whether to enforce Guard Duty IP blocking. Only valid when enable_public_subnet_filtering attribute is true. Valid values: true or false. Default value: true. Available as of provider version R2.18+.
    publicSubnetFilteringHaRouteTables string[]
    Route tables whose associated public subnets are protected for the HA PSF gateway. Required when enable_public_subnet_filtering and peering_ha_subnet are set. Available as of provider version R2.18+.
    publicSubnetFilteringRouteTables string[]
    Route tables whose associated public subnets are protected. Only valid when enable_public_subnet_filtering attribute is true. Available as of provider version R2.18+.
    renegotiationInterval number
    It sets the value (seconds) of the renegotiation interval. This renegotiation interval feature is enable only if this attribute is set, otherwise it is disabled. The entered value must be an integer number greater than 300. Available in provider version R2.17.1+.
    rxQueueSize string
    Gateway ethernet interface RX queue size. Once set, can't be deleted or disabled. Available for AWS as of provider version R2.22+.
    samlEnabled boolean
    Enable/disable SAML. This field is available in Controller version 3.3 or later release. Valid values: true, false. Default value: false.
    searchDomains string
    A list of domain names that will use the NameServer when a specific name is not in the destination when Split Tunnel Mode is enabled.
    singleAzHa boolean
    If enabled, Controller monitors the health of the gateway and restarts the gateway if it becomes unreachable. Valid values: true, false. Default value: false.
    singleIpSnat boolean
    Enable Source NAT in "single ip" mode for this gateway. Valid values: true, false. Default value: false. NOTE: If using SNAT for FQDN use-case, please see notes here.
    softwareVersion string
    The software version of the gateway. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.
    splitTunnel boolean
    Enable/disable Split Tunnel Mode. Valid values: true, false. Default value: true. Please see here for more information on split tunnel.
    spotPrice string
    Price for spot instance. NOT supported for production deployment.
    tagLists string[]
    (Optional) Tag list of the gateway instance. Only available for AWS, AWSGov, AWSChina, Azure, AzureGov and AzureChina gateways. Example: ["key1:value1", "key2:value2"].

    • storage_name (Optional) Specify a storage account. Required if cloud_type is 2048 (AzureChina). Removed in Provider version 2.21.0+.

    Deprecated:Use tags instead.

    tags {[key: string]: string}
    Map of tags to assign to the gateway. Only available for AWS, AWSGov, AWSChina, Azure, AzureGov, AzureChina, AWS Top Secret and AWS Secret gateways. Allowed characters vary by cloud type but always include: letters, spaces, and numbers. AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret allow the use of any character. Azure, AzureGov and AzureChina allows the following special characters: + - = . _ : @. Example: {"key1" = "value1", "key2" = "value2"}.
    tunnelDetectionTime number
    The IPSec tunnel down detection time for the Gateway.
    vpnAccess boolean
    Enable user access through VPN to this gateway. Valid values: true, false.
    vpnCidr string
    VPN CIDR block for the gateway. Required if vpn_access is true. Example: "192.168.43.0/24".
    vpnProtocol string
    Transport mode for VPN connection. All cloud_types support TCP with ELB, and UDP without ELB. AWS(1) additionally supports UDP with ELB. Valid values: "TCP", "UDP". If not specified, "TCP" will be used.
    zone string
    Availability Zone. Only available for Azure and Public Subnet Filtering gateway. Available for Azure as of provider version R2.17+.
    account_name str
    Account name. This account will be used to launch Aviatrix gateway.
    cloud_type int
    Cloud service provider to use to launch the gateway. Requires an integer value. Currently supports AWS(1), GCP(4), Azure(8), OCI(16), AzureGov(32), AWSGov(256), AWSChina(1024), AzureChina(2048), Alibaba Cloud (8192), AWS Top Secret (16384) and AWS Secret (32768).
    gw_name str
    Name of the Aviatrix gateway to be created.
    gw_size str
    Size of the gateway instance. Example: AWS/AWSGov/AWSChina: "t2.large", GCP: "n1-standard-1", Azure/AzureGov/AzureChina: "Standard_B1s", OCI: "VM.Standard2.2".
    subnet str
    A VPC network address range selected from one of the available network ranges. Example: "172.31.0.0/20". NOTE: If using insane_mode, please see notes here.
    vpc_id str
    VPC ID/VNet name of cloud provider. Example: AWS/AWSGov/AWSChina: "vpc-abcd1234", GCP: "vpc-gcp-test~-~project-id", Azure/AzureGov/AzureChina: "vnet_name:rg_name:resource_guid", OCI: "ocid1.vcn.oc1.iad.aaaaaaaaba3pv6wkcr4jqae5f44n2b2m2yt2j6rx32uzr4h25vqstifsfdsq".
    vpc_reg str
    VPC region the gateway will be created in. Example: AWS: "us-east-1", GCP: "us-west2-a", Azure: "East US 2", OCI: "us-ashburn-1", AzureGov: "USGov Arizona", AWSGov: "us-gov-west-1", AWSChina: "cn-north-1", AzureChina: "China North", AWS Top Secret: "us-iso-east-1", AWS Secret: "us-isob-east-1".
    additional_cidrs str
    A list of destination CIDR ranges that will also go through the VPN tunnel when Split Tunnel Mode is enabled.
    additional_cidrs_designated_gateway str
    A list of CIDR ranges separated by comma to configure when "Designated Gateway" feature is enabled. Example: "10.8.0.0/16,10.9.0.0/16,10.10.0.0/16".
    allocate_new_eip bool
    If set to false, use an available address in Elastic IP pool for this gateway. Otherwise, allocate a new Elastic IP and use it for this gateway. Available in Controller 2.7+. Valid values: true, false. Default: true.
    availability_domain str
    Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.
    azure_eip_name_resource_group str
    Name of public IP Address resource and its resource group in Azure to be assigned to the gateway instance. Example: "IP_Name:Resource_Group_Name". Required when allocate_new_eip is false and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.
    customer_managed_keys str
    Customer-managed key ID.
    duo_api_hostname str
    API hostname for DUO auth mode. Required: Yes if otp_mode is "2".
    duo_integration_key str
    Integration key for DUO auth mode. Required if otp_mode is "2".
    duo_push_mode str
    Push mode for DUO auth. Required if otp_mode is "2". Valid values: "auto", "selective" and "token".
    duo_secret_key str
    Secret key for DUO auth mode. Required if otp_mode is "2".
    eip str
    Specified EIP to use for gateway creation. Required when allocate_new_eip is false. Available in Controller version 3.5+. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.
    elb_name str
    A name for the ELB that is created. If it is not specified, a name is generated automatically.
    enable_designated_gateway bool
    Enable Designated Gateway feature for Gateway. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false. Please view documentation here for more information on this feature.
    enable_elb bool
    Specify whether to enable ELB or not. Not supported for OCI gateways. Valid values: true, false.
    enable_encrypt_volume bool
    Enable EBS volume encryption for the gateway. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.
    enable_jumbo_frame bool
    Enable jumbo frames for this gateway. Default value is true.
    enable_ldap bool
    Enable/disable LDAP. Valid values: true, false. Default value: false.
    enable_monitor_gateway_subnets bool
    If set to true, the Monitor Gateway Subnets feature is enabled. Default value is false. Available in provider version R2.17.1+.
    enable_public_subnet_filtering bool
    Create a Public Subnet Filtering gateway.
    enable_spot_instance bool
    Enable spot instance. NOT supported for production deployment.
    enable_vpc_dns_server bool
    Enable VPC DNS Server for gateway. Currently only supported for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, Alibaba Cloud, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.
    enable_vpn_nat bool
    Enable/disable VPN NAT. Only supported for VPN gateway. Valid values: true, false. Default value: true.
    fault_domain str
    Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.
    fqdn_lan_cidr str
    If fqdn_lan_cidr is set, the FQDN gateway will be created with an additional LAN interface using the provided CIDR. This attribute is required when enabling FQDN gateway FireNet in Azure or GCP. Available in provider version R2.17.1+.
    fqdn_lan_vpc_id str
    FQDN LAN VPC ID. This attribute is required when enabling FQDN gateway FireNet in GCP. Available as of provider version R2.18.1+.
    idle_timeout int
    It sets the value (seconds) of the idle timeout. This idle timeout feature is enable only if this attribute is set, otherwise it is disabled. The entered value must be an integer number greater than 300. Available in provider version R2.17.1+.
    image_version str
    The image version of the gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired software_version. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.
    insane_mode bool
    Enable Insane Mode for Gateway. Insane Mode gateway size must be at least c5 series (AWS) or Standard_D3_v2 (Azure/AzureGov). If enabled, a valid /26 CIDR segment of the VPC must be specified to create a new subnet. Only supported for AWS, AWSGov, Azure, AzureGov, AWS China, Azure China, AWS Top Secret or AWS Secret. Valid values: true, false.
    insane_mode_az str
    Region + Availability Zone of subnet being created for Insane Mode gateway. Required for AWS, AWSGov, AWS China, AWS Top Secret or AWS Secret if insane_mode is set. Example: AWS: "us-west-1a".
    ldap_base_dn str
    LDAP base DN. Required if enable_ldap is true.
    ldap_bind_dn str
    LDAP bind DN. Required if enable_ldap is true.
    ldap_password str
    LDAP password. Required if enable_ldap is true.
    ldap_server str
    LDAP server address. Required if enable_ldap is true.
    ldap_username_attribute str
    LDAP user attribute. Required if enable_ldap is true.
    max_vpn_conn str
    Maximum number of active VPN users allowed to be connected to this gateway. Required if vpn_access is true. Make sure the number is smaller than the VPN CIDR block. Example: 100. NOTE: Please see notes here in regards to any deltas found in your state with the addition of this argument in R1.14.
    monitor_exclude_lists Sequence[str]
    Set of monitored instance ids. Only valid when 'enable_monitor_gateway_subnets' = true. Available in provider version R2.17.1+.
    name_servers str
    A list of DNS servers used to resolve domain names by a connected VPN user when Split Tunnel Mode is enabled.
    okta_token str
    Token for Okta auth mode. Required if otp_mode is "3".
    okta_url str
    URL for Okta auth mode. Required if otp_mode is "3".
    okta_username_suffix str
    Username suffix for Okta auth mode. Example: "aviatrix.com".
    otp_mode str
    Two step authentication mode. Valid values: "2" for DUO, "3" for Okta.
    peering_ha_availability_domain str
    Peering HA gateway availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.
    peering_ha_azure_eip_name_resource_group str
    Name of public IP address resource and its resource group in Azure to be assigned to the HA peering instance. Example: "IP_Name:Resource_Group_Name". Required if peering_ha_eip is set and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.
    peering_ha_eip str
    Public IP address to be assigned to the HA peering instance. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.
    peering_ha_fault_domain str
    Peering HA gateway fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.
    peering_ha_gw_size str
    Size of the Peering HA Gateway to be created. Required if enabling Peering HA. NOTE: Please see notes here in regards to any deltas found in your state with the addition of this argument in R1.8.
    peering_ha_image_version str
    The image version of the HA gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired ha_software_version. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.
    peering_ha_insane_mode_az str
    Region + Availability Zone of subnet being created for Insane Mode-enabled Peering HA Gateway. Required for AWS only if insane_mode is set and peering_ha_subnet is set. Example: AWS: "us-west-1a".
    peering_ha_software_version str
    The software version of the HA gateway. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the HA gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.
    peering_ha_subnet str
    Public subnet CIDR to create Peering HA Gateway in. Required if enabling Peering HA for AWS/AWSGov/AWS Top Secret/AWS Secret/Azure/AzureGov/Alibaba Cloud. Optional if enabling Peering HA for GCP. Example: AWS: "10.0.0.0/16".
    peering_ha_zone str
    Zone to create Peering HA Gateway in. Required if enabling Peering HA for GCP. Example: GCP: "us-west1-c". Optional for Azure. Valid values for Azure gateways are in the form "az-n". Example: "az-2". Available for Azure as of provider version R2.17+.
    public_subnet_filtering_guard_duty_enforced bool
    Whether to enforce Guard Duty IP blocking. Only valid when enable_public_subnet_filtering attribute is true. Valid values: true or false. Default value: true. Available as of provider version R2.18+.
    public_subnet_filtering_ha_route_tables Sequence[str]
    Route tables whose associated public subnets are protected for the HA PSF gateway. Required when enable_public_subnet_filtering and peering_ha_subnet are set. Available as of provider version R2.18+.
    public_subnet_filtering_route_tables Sequence[str]
    Route tables whose associated public subnets are protected. Only valid when enable_public_subnet_filtering attribute is true. Available as of provider version R2.18+.
    renegotiation_interval int
    It sets the value (seconds) of the renegotiation interval. This renegotiation interval feature is enable only if this attribute is set, otherwise it is disabled. The entered value must be an integer number greater than 300. Available in provider version R2.17.1+.
    rx_queue_size str
    Gateway ethernet interface RX queue size. Once set, can't be deleted or disabled. Available for AWS as of provider version R2.22+.
    saml_enabled bool
    Enable/disable SAML. This field is available in Controller version 3.3 or later release. Valid values: true, false. Default value: false.
    search_domains str
    A list of domain names that will use the NameServer when a specific name is not in the destination when Split Tunnel Mode is enabled.
    single_az_ha bool
    If enabled, Controller monitors the health of the gateway and restarts the gateway if it becomes unreachable. Valid values: true, false. Default value: false.
    single_ip_snat bool
    Enable Source NAT in "single ip" mode for this gateway. Valid values: true, false. Default value: false. NOTE: If using SNAT for FQDN use-case, please see notes here.
    software_version str
    The software version of the gateway. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.
    split_tunnel bool
    Enable/disable Split Tunnel Mode. Valid values: true, false. Default value: true. Please see here for more information on split tunnel.
    spot_price str
    Price for spot instance. NOT supported for production deployment.
    tag_lists Sequence[str]
    (Optional) Tag list of the gateway instance. Only available for AWS, AWSGov, AWSChina, Azure, AzureGov and AzureChina gateways. Example: ["key1:value1", "key2:value2"].

    • storage_name (Optional) Specify a storage account. Required if cloud_type is 2048 (AzureChina). Removed in Provider version 2.21.0+.

    Deprecated:Use tags instead.

    tags Mapping[str, str]
    Map of tags to assign to the gateway. Only available for AWS, AWSGov, AWSChina, Azure, AzureGov, AzureChina, AWS Top Secret and AWS Secret gateways. Allowed characters vary by cloud type but always include: letters, spaces, and numbers. AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret allow the use of any character. Azure, AzureGov and AzureChina allows the following special characters: + - = . _ : @. Example: {"key1" = "value1", "key2" = "value2"}.
    tunnel_detection_time int
    The IPSec tunnel down detection time for the Gateway.
    vpn_access bool
    Enable user access through VPN to this gateway. Valid values: true, false.
    vpn_cidr str
    VPN CIDR block for the gateway. Required if vpn_access is true. Example: "192.168.43.0/24".
    vpn_protocol str
    Transport mode for VPN connection. All cloud_types support TCP with ELB, and UDP without ELB. AWS(1) additionally supports UDP with ELB. Valid values: "TCP", "UDP". If not specified, "TCP" will be used.
    zone str
    Availability Zone. Only available for Azure and Public Subnet Filtering gateway. Available for Azure as of provider version R2.17+.
    accountName String
    Account name. This account will be used to launch Aviatrix gateway.
    cloudType Number
    Cloud service provider to use to launch the gateway. Requires an integer value. Currently supports AWS(1), GCP(4), Azure(8), OCI(16), AzureGov(32), AWSGov(256), AWSChina(1024), AzureChina(2048), Alibaba Cloud (8192), AWS Top Secret (16384) and AWS Secret (32768).
    gwName String
    Name of the Aviatrix gateway to be created.
    gwSize String
    Size of the gateway instance. Example: AWS/AWSGov/AWSChina: "t2.large", GCP: "n1-standard-1", Azure/AzureGov/AzureChina: "Standard_B1s", OCI: "VM.Standard2.2".
    subnet String
    A VPC network address range selected from one of the available network ranges. Example: "172.31.0.0/20". NOTE: If using insane_mode, please see notes here.
    vpcId String
    VPC ID/VNet name of cloud provider. Example: AWS/AWSGov/AWSChina: "vpc-abcd1234", GCP: "vpc-gcp-test~-~project-id", Azure/AzureGov/AzureChina: "vnet_name:rg_name:resource_guid", OCI: "ocid1.vcn.oc1.iad.aaaaaaaaba3pv6wkcr4jqae5f44n2b2m2yt2j6rx32uzr4h25vqstifsfdsq".
    vpcReg String
    VPC region the gateway will be created in. Example: AWS: "us-east-1", GCP: "us-west2-a", Azure: "East US 2", OCI: "us-ashburn-1", AzureGov: "USGov Arizona", AWSGov: "us-gov-west-1", AWSChina: "cn-north-1", AzureChina: "China North", AWS Top Secret: "us-iso-east-1", AWS Secret: "us-isob-east-1".
    additionalCidrs String
    A list of destination CIDR ranges that will also go through the VPN tunnel when Split Tunnel Mode is enabled.
    additionalCidrsDesignatedGateway String
    A list of CIDR ranges separated by comma to configure when "Designated Gateway" feature is enabled. Example: "10.8.0.0/16,10.9.0.0/16,10.10.0.0/16".
    allocateNewEip Boolean
    If set to false, use an available address in Elastic IP pool for this gateway. Otherwise, allocate a new Elastic IP and use it for this gateway. Available in Controller 2.7+. Valid values: true, false. Default: true.
    availabilityDomain String
    Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.
    azureEipNameResourceGroup String
    Name of public IP Address resource and its resource group in Azure to be assigned to the gateway instance. Example: "IP_Name:Resource_Group_Name". Required when allocate_new_eip is false and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.
    customerManagedKeys String
    Customer-managed key ID.
    duoApiHostname String
    API hostname for DUO auth mode. Required: Yes if otp_mode is "2".
    duoIntegrationKey String
    Integration key for DUO auth mode. Required if otp_mode is "2".
    duoPushMode String
    Push mode for DUO auth. Required if otp_mode is "2". Valid values: "auto", "selective" and "token".
    duoSecretKey String
    Secret key for DUO auth mode. Required if otp_mode is "2".
    eip String
    Specified EIP to use for gateway creation. Required when allocate_new_eip is false. Available in Controller version 3.5+. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.
    elbName String
    A name for the ELB that is created. If it is not specified, a name is generated automatically.
    enableDesignatedGateway Boolean
    Enable Designated Gateway feature for Gateway. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false. Please view documentation here for more information on this feature.
    enableElb Boolean
    Specify whether to enable ELB or not. Not supported for OCI gateways. Valid values: true, false.
    enableEncryptVolume Boolean
    Enable EBS volume encryption for the gateway. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.
    enableJumboFrame Boolean
    Enable jumbo frames for this gateway. Default value is true.
    enableLdap Boolean
    Enable/disable LDAP. Valid values: true, false. Default value: false.
    enableMonitorGatewaySubnets Boolean
    If set to true, the Monitor Gateway Subnets feature is enabled. Default value is false. Available in provider version R2.17.1+.
    enablePublicSubnetFiltering Boolean
    Create a Public Subnet Filtering gateway.
    enableSpotInstance Boolean
    Enable spot instance. NOT supported for production deployment.
    enableVpcDnsServer Boolean
    Enable VPC DNS Server for gateway. Currently only supported for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, Alibaba Cloud, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.
    enableVpnNat Boolean
    Enable/disable VPN NAT. Only supported for VPN gateway. Valid values: true, false. Default value: true.
    faultDomain String
    Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.
    fqdnLanCidr String
    If fqdn_lan_cidr is set, the FQDN gateway will be created with an additional LAN interface using the provided CIDR. This attribute is required when enabling FQDN gateway FireNet in Azure or GCP. Available in provider version R2.17.1+.
    fqdnLanVpcId String
    FQDN LAN VPC ID. This attribute is required when enabling FQDN gateway FireNet in GCP. Available as of provider version R2.18.1+.
    idleTimeout Number
    It sets the value (seconds) of the idle timeout. This idle timeout feature is enable only if this attribute is set, otherwise it is disabled. The entered value must be an integer number greater than 300. Available in provider version R2.17.1+.
    imageVersion String
    The image version of the gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired software_version. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.
    insaneMode Boolean
    Enable Insane Mode for Gateway. Insane Mode gateway size must be at least c5 series (AWS) or Standard_D3_v2 (Azure/AzureGov). If enabled, a valid /26 CIDR segment of the VPC must be specified to create a new subnet. Only supported for AWS, AWSGov, Azure, AzureGov, AWS China, Azure China, AWS Top Secret or AWS Secret. Valid values: true, false.
    insaneModeAz String
    Region + Availability Zone of subnet being created for Insane Mode gateway. Required for AWS, AWSGov, AWS China, AWS Top Secret or AWS Secret if insane_mode is set. Example: AWS: "us-west-1a".
    ldapBaseDn String
    LDAP base DN. Required if enable_ldap is true.
    ldapBindDn String
    LDAP bind DN. Required if enable_ldap is true.
    ldapPassword String
    LDAP password. Required if enable_ldap is true.
    ldapServer String
    LDAP server address. Required if enable_ldap is true.
    ldapUsernameAttribute String
    LDAP user attribute. Required if enable_ldap is true.
    maxVpnConn String
    Maximum number of active VPN users allowed to be connected to this gateway. Required if vpn_access is true. Make sure the number is smaller than the VPN CIDR block. Example: 100. NOTE: Please see notes here in regards to any deltas found in your state with the addition of this argument in R1.14.
    monitorExcludeLists List<String>
    Set of monitored instance ids. Only valid when 'enable_monitor_gateway_subnets' = true. Available in provider version R2.17.1+.
    nameServers String
    A list of DNS servers used to resolve domain names by a connected VPN user when Split Tunnel Mode is enabled.
    oktaToken String
    Token for Okta auth mode. Required if otp_mode is "3".
    oktaUrl String
    URL for Okta auth mode. Required if otp_mode is "3".
    oktaUsernameSuffix String
    Username suffix for Okta auth mode. Example: "aviatrix.com".
    otpMode String
    Two step authentication mode. Valid values: "2" for DUO, "3" for Okta.
    peeringHaAvailabilityDomain String
    Peering HA gateway availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.
    peeringHaAzureEipNameResourceGroup String
    Name of public IP address resource and its resource group in Azure to be assigned to the HA peering instance. Example: "IP_Name:Resource_Group_Name". Required if peering_ha_eip is set and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.
    peeringHaEip String
    Public IP address to be assigned to the HA peering instance. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.
    peeringHaFaultDomain String
    Peering HA gateway fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.
    peeringHaGwSize String
    Size of the Peering HA Gateway to be created. Required if enabling Peering HA. NOTE: Please see notes here in regards to any deltas found in your state with the addition of this argument in R1.8.
    peeringHaImageVersion String
    The image version of the HA gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired ha_software_version. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.
    peeringHaInsaneModeAz String
    Region + Availability Zone of subnet being created for Insane Mode-enabled Peering HA Gateway. Required for AWS only if insane_mode is set and peering_ha_subnet is set. Example: AWS: "us-west-1a".
    peeringHaSoftwareVersion String
    The software version of the HA gateway. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the HA gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.
    peeringHaSubnet String
    Public subnet CIDR to create Peering HA Gateway in. Required if enabling Peering HA for AWS/AWSGov/AWS Top Secret/AWS Secret/Azure/AzureGov/Alibaba Cloud. Optional if enabling Peering HA for GCP. Example: AWS: "10.0.0.0/16".
    peeringHaZone String
    Zone to create Peering HA Gateway in. Required if enabling Peering HA for GCP. Example: GCP: "us-west1-c". Optional for Azure. Valid values for Azure gateways are in the form "az-n". Example: "az-2". Available for Azure as of provider version R2.17+.
    publicSubnetFilteringGuardDutyEnforced Boolean
    Whether to enforce Guard Duty IP blocking. Only valid when enable_public_subnet_filtering attribute is true. Valid values: true or false. Default value: true. Available as of provider version R2.18+.
    publicSubnetFilteringHaRouteTables List<String>
    Route tables whose associated public subnets are protected for the HA PSF gateway. Required when enable_public_subnet_filtering and peering_ha_subnet are set. Available as of provider version R2.18+.
    publicSubnetFilteringRouteTables List<String>
    Route tables whose associated public subnets are protected. Only valid when enable_public_subnet_filtering attribute is true. Available as of provider version R2.18+.
    renegotiationInterval Number
    It sets the value (seconds) of the renegotiation interval. This renegotiation interval feature is enable only if this attribute is set, otherwise it is disabled. The entered value must be an integer number greater than 300. Available in provider version R2.17.1+.
    rxQueueSize String
    Gateway ethernet interface RX queue size. Once set, can't be deleted or disabled. Available for AWS as of provider version R2.22+.
    samlEnabled Boolean
    Enable/disable SAML. This field is available in Controller version 3.3 or later release. Valid values: true, false. Default value: false.
    searchDomains String
    A list of domain names that will use the NameServer when a specific name is not in the destination when Split Tunnel Mode is enabled.
    singleAzHa Boolean
    If enabled, Controller monitors the health of the gateway and restarts the gateway if it becomes unreachable. Valid values: true, false. Default value: false.
    singleIpSnat Boolean
    Enable Source NAT in "single ip" mode for this gateway. Valid values: true, false. Default value: false. NOTE: If using SNAT for FQDN use-case, please see notes here.
    softwareVersion String
    The software version of the gateway. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.
    splitTunnel Boolean
    Enable/disable Split Tunnel Mode. Valid values: true, false. Default value: true. Please see here for more information on split tunnel.
    spotPrice String
    Price for spot instance. NOT supported for production deployment.
    tagLists List<String>
    (Optional) Tag list of the gateway instance. Only available for AWS, AWSGov, AWSChina, Azure, AzureGov and AzureChina gateways. Example: ["key1:value1", "key2:value2"].

    • storage_name (Optional) Specify a storage account. Required if cloud_type is 2048 (AzureChina). Removed in Provider version 2.21.0+.

    Deprecated:Use tags instead.

    tags Map<String>
    Map of tags to assign to the gateway. Only available for AWS, AWSGov, AWSChina, Azure, AzureGov, AzureChina, AWS Top Secret and AWS Secret gateways. Allowed characters vary by cloud type but always include: letters, spaces, and numbers. AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret allow the use of any character. Azure, AzureGov and AzureChina allows the following special characters: + - = . _ : @. Example: {"key1" = "value1", "key2" = "value2"}.
    tunnelDetectionTime Number
    The IPSec tunnel down detection time for the Gateway.
    vpnAccess Boolean
    Enable user access through VPN to this gateway. Valid values: true, false.
    vpnCidr String
    VPN CIDR block for the gateway. Required if vpn_access is true. Example: "192.168.43.0/24".
    vpnProtocol String
    Transport mode for VPN connection. All cloud_types support TCP with ELB, and UDP without ELB. AWS(1) additionally supports UDP with ELB. Valid values: "TCP", "UDP". If not specified, "TCP" will be used.
    zone String
    Availability Zone. Only available for Azure and Public Subnet Filtering gateway. Available for Azure as of provider version R2.17+.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the AviatrixGateway resource produces the following output properties:

    CloudInstanceId string
    Cloud instance ID of the gateway.
    ElbDnsName string
    ELB DNS name.
    FqdnLanInterface string
    The lan interface id of the of FQDN gateway with additional LAN interface. This attribute will be exported when enabling FQDN gateway firenet in Azure. Available in provider version R2.17.1+.
    Id string
    The provider-assigned unique ID for this managed resource.
    PeeringHaCloudInstanceId string
    Cloud instance ID of the HA gateway.
    PeeringHaGwName string
    Aviatrix gateway unique name of HA gateway.
    PeeringHaPrivateIp string
    Private IP address of HA gateway.
    PeeringHaSecurityGroupId string
    HA security group used for the gateway.
    PrivateIp string
    Private IP address of the gateway created.
    PublicDnsServer string
    DNS server used by the gateway. Default is "8.8.8.8", can be overridden with the VPC's setting.
    SecurityGroupId string
    Security group used for the gateway.
    CloudInstanceId string
    Cloud instance ID of the gateway.
    ElbDnsName string
    ELB DNS name.
    FqdnLanInterface string
    The lan interface id of the of FQDN gateway with additional LAN interface. This attribute will be exported when enabling FQDN gateway firenet in Azure. Available in provider version R2.17.1+.
    Id string
    The provider-assigned unique ID for this managed resource.
    PeeringHaCloudInstanceId string
    Cloud instance ID of the HA gateway.
    PeeringHaGwName string
    Aviatrix gateway unique name of HA gateway.
    PeeringHaPrivateIp string
    Private IP address of HA gateway.
    PeeringHaSecurityGroupId string
    HA security group used for the gateway.
    PrivateIp string
    Private IP address of the gateway created.
    PublicDnsServer string
    DNS server used by the gateway. Default is "8.8.8.8", can be overridden with the VPC's setting.
    SecurityGroupId string
    Security group used for the gateway.
    cloudInstanceId String
    Cloud instance ID of the gateway.
    elbDnsName String
    ELB DNS name.
    fqdnLanInterface String
    The lan interface id of the of FQDN gateway with additional LAN interface. This attribute will be exported when enabling FQDN gateway firenet in Azure. Available in provider version R2.17.1+.
    id String
    The provider-assigned unique ID for this managed resource.
    peeringHaCloudInstanceId String
    Cloud instance ID of the HA gateway.
    peeringHaGwName String
    Aviatrix gateway unique name of HA gateway.
    peeringHaPrivateIp String
    Private IP address of HA gateway.
    peeringHaSecurityGroupId String
    HA security group used for the gateway.
    privateIp String
    Private IP address of the gateway created.
    publicDnsServer String
    DNS server used by the gateway. Default is "8.8.8.8", can be overridden with the VPC's setting.
    securityGroupId String
    Security group used for the gateway.
    cloudInstanceId string
    Cloud instance ID of the gateway.
    elbDnsName string
    ELB DNS name.
    fqdnLanInterface string
    The lan interface id of the of FQDN gateway with additional LAN interface. This attribute will be exported when enabling FQDN gateway firenet in Azure. Available in provider version R2.17.1+.
    id string
    The provider-assigned unique ID for this managed resource.
    peeringHaCloudInstanceId string
    Cloud instance ID of the HA gateway.
    peeringHaGwName string
    Aviatrix gateway unique name of HA gateway.
    peeringHaPrivateIp string
    Private IP address of HA gateway.
    peeringHaSecurityGroupId string
    HA security group used for the gateway.
    privateIp string
    Private IP address of the gateway created.
    publicDnsServer string
    DNS server used by the gateway. Default is "8.8.8.8", can be overridden with the VPC's setting.
    securityGroupId string
    Security group used for the gateway.
    cloud_instance_id str
    Cloud instance ID of the gateway.
    elb_dns_name str
    ELB DNS name.
    fqdn_lan_interface str
    The lan interface id of the of FQDN gateway with additional LAN interface. This attribute will be exported when enabling FQDN gateway firenet in Azure. Available in provider version R2.17.1+.
    id str
    The provider-assigned unique ID for this managed resource.
    peering_ha_cloud_instance_id str
    Cloud instance ID of the HA gateway.
    peering_ha_gw_name str
    Aviatrix gateway unique name of HA gateway.
    peering_ha_private_ip str
    Private IP address of HA gateway.
    peering_ha_security_group_id str
    HA security group used for the gateway.
    private_ip str
    Private IP address of the gateway created.
    public_dns_server str
    DNS server used by the gateway. Default is "8.8.8.8", can be overridden with the VPC's setting.
    security_group_id str
    Security group used for the gateway.
    cloudInstanceId String
    Cloud instance ID of the gateway.
    elbDnsName String
    ELB DNS name.
    fqdnLanInterface String
    The lan interface id of the of FQDN gateway with additional LAN interface. This attribute will be exported when enabling FQDN gateway firenet in Azure. Available in provider version R2.17.1+.
    id String
    The provider-assigned unique ID for this managed resource.
    peeringHaCloudInstanceId String
    Cloud instance ID of the HA gateway.
    peeringHaGwName String
    Aviatrix gateway unique name of HA gateway.
    peeringHaPrivateIp String
    Private IP address of HA gateway.
    peeringHaSecurityGroupId String
    HA security group used for the gateway.
    privateIp String
    Private IP address of the gateway created.
    publicDnsServer String
    DNS server used by the gateway. Default is "8.8.8.8", can be overridden with the VPC's setting.
    securityGroupId String
    Security group used for the gateway.

    Look up Existing AviatrixGateway Resource

    Get an existing AviatrixGateway resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: AviatrixGatewayState, opts?: CustomResourceOptions): AviatrixGateway
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            account_name: Optional[str] = None,
            additional_cidrs: Optional[str] = None,
            additional_cidrs_designated_gateway: Optional[str] = None,
            allocate_new_eip: Optional[bool] = None,
            availability_domain: Optional[str] = None,
            azure_eip_name_resource_group: Optional[str] = None,
            cloud_instance_id: Optional[str] = None,
            cloud_type: Optional[int] = None,
            customer_managed_keys: Optional[str] = None,
            duo_api_hostname: Optional[str] = None,
            duo_integration_key: Optional[str] = None,
            duo_push_mode: Optional[str] = None,
            duo_secret_key: Optional[str] = None,
            eip: Optional[str] = None,
            elb_dns_name: Optional[str] = None,
            elb_name: Optional[str] = None,
            enable_designated_gateway: Optional[bool] = None,
            enable_elb: Optional[bool] = None,
            enable_encrypt_volume: Optional[bool] = None,
            enable_jumbo_frame: Optional[bool] = None,
            enable_ldap: Optional[bool] = None,
            enable_monitor_gateway_subnets: Optional[bool] = None,
            enable_public_subnet_filtering: Optional[bool] = None,
            enable_spot_instance: Optional[bool] = None,
            enable_vpc_dns_server: Optional[bool] = None,
            enable_vpn_nat: Optional[bool] = None,
            fault_domain: Optional[str] = None,
            fqdn_lan_cidr: Optional[str] = None,
            fqdn_lan_interface: Optional[str] = None,
            fqdn_lan_vpc_id: Optional[str] = None,
            gw_name: Optional[str] = None,
            gw_size: Optional[str] = None,
            idle_timeout: Optional[int] = None,
            image_version: Optional[str] = None,
            insane_mode: Optional[bool] = None,
            insane_mode_az: Optional[str] = None,
            ldap_base_dn: Optional[str] = None,
            ldap_bind_dn: Optional[str] = None,
            ldap_password: Optional[str] = None,
            ldap_server: Optional[str] = None,
            ldap_username_attribute: Optional[str] = None,
            max_vpn_conn: Optional[str] = None,
            monitor_exclude_lists: Optional[Sequence[str]] = None,
            name_servers: Optional[str] = None,
            okta_token: Optional[str] = None,
            okta_url: Optional[str] = None,
            okta_username_suffix: Optional[str] = None,
            otp_mode: Optional[str] = None,
            peering_ha_availability_domain: Optional[str] = None,
            peering_ha_azure_eip_name_resource_group: Optional[str] = None,
            peering_ha_cloud_instance_id: Optional[str] = None,
            peering_ha_eip: Optional[str] = None,
            peering_ha_fault_domain: Optional[str] = None,
            peering_ha_gw_name: Optional[str] = None,
            peering_ha_gw_size: Optional[str] = None,
            peering_ha_image_version: Optional[str] = None,
            peering_ha_insane_mode_az: Optional[str] = None,
            peering_ha_private_ip: Optional[str] = None,
            peering_ha_security_group_id: Optional[str] = None,
            peering_ha_software_version: Optional[str] = None,
            peering_ha_subnet: Optional[str] = None,
            peering_ha_zone: Optional[str] = None,
            private_ip: Optional[str] = None,
            public_dns_server: Optional[str] = None,
            public_subnet_filtering_guard_duty_enforced: Optional[bool] = None,
            public_subnet_filtering_ha_route_tables: Optional[Sequence[str]] = None,
            public_subnet_filtering_route_tables: Optional[Sequence[str]] = None,
            renegotiation_interval: Optional[int] = None,
            rx_queue_size: Optional[str] = None,
            saml_enabled: Optional[bool] = None,
            search_domains: Optional[str] = None,
            security_group_id: Optional[str] = None,
            single_az_ha: Optional[bool] = None,
            single_ip_snat: Optional[bool] = None,
            software_version: Optional[str] = None,
            split_tunnel: Optional[bool] = None,
            spot_price: Optional[str] = None,
            subnet: Optional[str] = None,
            tag_lists: Optional[Sequence[str]] = None,
            tags: Optional[Mapping[str, str]] = None,
            tunnel_detection_time: Optional[int] = None,
            vpc_id: Optional[str] = None,
            vpc_reg: Optional[str] = None,
            vpn_access: Optional[bool] = None,
            vpn_cidr: Optional[str] = None,
            vpn_protocol: Optional[str] = None,
            zone: Optional[str] = None) -> AviatrixGateway
    func GetAviatrixGateway(ctx *Context, name string, id IDInput, state *AviatrixGatewayState, opts ...ResourceOption) (*AviatrixGateway, error)
    public static AviatrixGateway Get(string name, Input<string> id, AviatrixGatewayState? state, CustomResourceOptions? opts = null)
    public static AviatrixGateway get(String name, Output<String> id, AviatrixGatewayState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AccountName string
    Account name. This account will be used to launch Aviatrix gateway.
    AdditionalCidrs string
    A list of destination CIDR ranges that will also go through the VPN tunnel when Split Tunnel Mode is enabled.
    AdditionalCidrsDesignatedGateway string
    A list of CIDR ranges separated by comma to configure when "Designated Gateway" feature is enabled. Example: "10.8.0.0/16,10.9.0.0/16,10.10.0.0/16".
    AllocateNewEip bool
    If set to false, use an available address in Elastic IP pool for this gateway. Otherwise, allocate a new Elastic IP and use it for this gateway. Available in Controller 2.7+. Valid values: true, false. Default: true.
    AvailabilityDomain string
    Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.
    AzureEipNameResourceGroup string
    Name of public IP Address resource and its resource group in Azure to be assigned to the gateway instance. Example: "IP_Name:Resource_Group_Name". Required when allocate_new_eip is false and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.
    CloudInstanceId string
    Cloud instance ID of the gateway.
    CloudType int
    Cloud service provider to use to launch the gateway. Requires an integer value. Currently supports AWS(1), GCP(4), Azure(8), OCI(16), AzureGov(32), AWSGov(256), AWSChina(1024), AzureChina(2048), Alibaba Cloud (8192), AWS Top Secret (16384) and AWS Secret (32768).
    CustomerManagedKeys string
    Customer-managed key ID.
    DuoApiHostname string
    API hostname for DUO auth mode. Required: Yes if otp_mode is "2".
    DuoIntegrationKey string
    Integration key for DUO auth mode. Required if otp_mode is "2".
    DuoPushMode string
    Push mode for DUO auth. Required if otp_mode is "2". Valid values: "auto", "selective" and "token".
    DuoSecretKey string
    Secret key for DUO auth mode. Required if otp_mode is "2".
    Eip string
    Specified EIP to use for gateway creation. Required when allocate_new_eip is false. Available in Controller version 3.5+. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.
    ElbDnsName string
    ELB DNS name.
    ElbName string
    A name for the ELB that is created. If it is not specified, a name is generated automatically.
    EnableDesignatedGateway bool
    Enable Designated Gateway feature for Gateway. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false. Please view documentation here for more information on this feature.
    EnableElb bool
    Specify whether to enable ELB or not. Not supported for OCI gateways. Valid values: true, false.
    EnableEncryptVolume bool
    Enable EBS volume encryption for the gateway. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.
    EnableJumboFrame bool
    Enable jumbo frames for this gateway. Default value is true.
    EnableLdap bool
    Enable/disable LDAP. Valid values: true, false. Default value: false.
    EnableMonitorGatewaySubnets bool
    If set to true, the Monitor Gateway Subnets feature is enabled. Default value is false. Available in provider version R2.17.1+.
    EnablePublicSubnetFiltering bool
    Create a Public Subnet Filtering gateway.
    EnableSpotInstance bool
    Enable spot instance. NOT supported for production deployment.
    EnableVpcDnsServer bool
    Enable VPC DNS Server for gateway. Currently only supported for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, Alibaba Cloud, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.
    EnableVpnNat bool
    Enable/disable VPN NAT. Only supported for VPN gateway. Valid values: true, false. Default value: true.
    FaultDomain string
    Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.
    FqdnLanCidr string
    If fqdn_lan_cidr is set, the FQDN gateway will be created with an additional LAN interface using the provided CIDR. This attribute is required when enabling FQDN gateway FireNet in Azure or GCP. Available in provider version R2.17.1+.
    FqdnLanInterface string
    The lan interface id of the of FQDN gateway with additional LAN interface. This attribute will be exported when enabling FQDN gateway firenet in Azure. Available in provider version R2.17.1+.
    FqdnLanVpcId string
    FQDN LAN VPC ID. This attribute is required when enabling FQDN gateway FireNet in GCP. Available as of provider version R2.18.1+.
    GwName string
    Name of the Aviatrix gateway to be created.
    GwSize string
    Size of the gateway instance. Example: AWS/AWSGov/AWSChina: "t2.large", GCP: "n1-standard-1", Azure/AzureGov/AzureChina: "Standard_B1s", OCI: "VM.Standard2.2".
    IdleTimeout int
    It sets the value (seconds) of the idle timeout. This idle timeout feature is enable only if this attribute is set, otherwise it is disabled. The entered value must be an integer number greater than 300. Available in provider version R2.17.1+.
    ImageVersion string
    The image version of the gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired software_version. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.
    InsaneMode bool
    Enable Insane Mode for Gateway. Insane Mode gateway size must be at least c5 series (AWS) or Standard_D3_v2 (Azure/AzureGov). If enabled, a valid /26 CIDR segment of the VPC must be specified to create a new subnet. Only supported for AWS, AWSGov, Azure, AzureGov, AWS China, Azure China, AWS Top Secret or AWS Secret. Valid values: true, false.
    InsaneModeAz string
    Region + Availability Zone of subnet being created for Insane Mode gateway. Required for AWS, AWSGov, AWS China, AWS Top Secret or AWS Secret if insane_mode is set. Example: AWS: "us-west-1a".
    LdapBaseDn string
    LDAP base DN. Required if enable_ldap is true.
    LdapBindDn string
    LDAP bind DN. Required if enable_ldap is true.
    LdapPassword string
    LDAP password. Required if enable_ldap is true.
    LdapServer string
    LDAP server address. Required if enable_ldap is true.
    LdapUsernameAttribute string
    LDAP user attribute. Required if enable_ldap is true.
    MaxVpnConn string
    Maximum number of active VPN users allowed to be connected to this gateway. Required if vpn_access is true. Make sure the number is smaller than the VPN CIDR block. Example: 100. NOTE: Please see notes here in regards to any deltas found in your state with the addition of this argument in R1.14.
    MonitorExcludeLists List<string>
    Set of monitored instance ids. Only valid when 'enable_monitor_gateway_subnets' = true. Available in provider version R2.17.1+.
    NameServers string
    A list of DNS servers used to resolve domain names by a connected VPN user when Split Tunnel Mode is enabled.
    OktaToken string
    Token for Okta auth mode. Required if otp_mode is "3".
    OktaUrl string
    URL for Okta auth mode. Required if otp_mode is "3".
    OktaUsernameSuffix string
    Username suffix for Okta auth mode. Example: "aviatrix.com".
    OtpMode string
    Two step authentication mode. Valid values: "2" for DUO, "3" for Okta.
    PeeringHaAvailabilityDomain string
    Peering HA gateway availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.
    PeeringHaAzureEipNameResourceGroup string
    Name of public IP address resource and its resource group in Azure to be assigned to the HA peering instance. Example: "IP_Name:Resource_Group_Name". Required if peering_ha_eip is set and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.
    PeeringHaCloudInstanceId string
    Cloud instance ID of the HA gateway.
    PeeringHaEip string
    Public IP address to be assigned to the HA peering instance. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.
    PeeringHaFaultDomain string
    Peering HA gateway fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.
    PeeringHaGwName string
    Aviatrix gateway unique name of HA gateway.
    PeeringHaGwSize string
    Size of the Peering HA Gateway to be created. Required if enabling Peering HA. NOTE: Please see notes here in regards to any deltas found in your state with the addition of this argument in R1.8.
    PeeringHaImageVersion string
    The image version of the HA gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired ha_software_version. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.
    PeeringHaInsaneModeAz string
    Region + Availability Zone of subnet being created for Insane Mode-enabled Peering HA Gateway. Required for AWS only if insane_mode is set and peering_ha_subnet is set. Example: AWS: "us-west-1a".
    PeeringHaPrivateIp string
    Private IP address of HA gateway.
    PeeringHaSecurityGroupId string
    HA security group used for the gateway.
    PeeringHaSoftwareVersion string
    The software version of the HA gateway. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the HA gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.
    PeeringHaSubnet string
    Public subnet CIDR to create Peering HA Gateway in. Required if enabling Peering HA for AWS/AWSGov/AWS Top Secret/AWS Secret/Azure/AzureGov/Alibaba Cloud. Optional if enabling Peering HA for GCP. Example: AWS: "10.0.0.0/16".
    PeeringHaZone string
    Zone to create Peering HA Gateway in. Required if enabling Peering HA for GCP. Example: GCP: "us-west1-c". Optional for Azure. Valid values for Azure gateways are in the form "az-n". Example: "az-2". Available for Azure as of provider version R2.17+.
    PrivateIp string
    Private IP address of the gateway created.
    PublicDnsServer string
    DNS server used by the gateway. Default is "8.8.8.8", can be overridden with the VPC's setting.
    PublicSubnetFilteringGuardDutyEnforced bool
    Whether to enforce Guard Duty IP blocking. Only valid when enable_public_subnet_filtering attribute is true. Valid values: true or false. Default value: true. Available as of provider version R2.18+.
    PublicSubnetFilteringHaRouteTables List<string>
    Route tables whose associated public subnets are protected for the HA PSF gateway. Required when enable_public_subnet_filtering and peering_ha_subnet are set. Available as of provider version R2.18+.
    PublicSubnetFilteringRouteTables List<string>
    Route tables whose associated public subnets are protected. Only valid when enable_public_subnet_filtering attribute is true. Available as of provider version R2.18+.
    RenegotiationInterval int
    It sets the value (seconds) of the renegotiation interval. This renegotiation interval feature is enable only if this attribute is set, otherwise it is disabled. The entered value must be an integer number greater than 300. Available in provider version R2.17.1+.
    RxQueueSize string
    Gateway ethernet interface RX queue size. Once set, can't be deleted or disabled. Available for AWS as of provider version R2.22+.
    SamlEnabled bool
    Enable/disable SAML. This field is available in Controller version 3.3 or later release. Valid values: true, false. Default value: false.
    SearchDomains string
    A list of domain names that will use the NameServer when a specific name is not in the destination when Split Tunnel Mode is enabled.
    SecurityGroupId string
    Security group used for the gateway.
    SingleAzHa bool
    If enabled, Controller monitors the health of the gateway and restarts the gateway if it becomes unreachable. Valid values: true, false. Default value: false.
    SingleIpSnat bool
    Enable Source NAT in "single ip" mode for this gateway. Valid values: true, false. Default value: false. NOTE: If using SNAT for FQDN use-case, please see notes here.
    SoftwareVersion string
    The software version of the gateway. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.
    SplitTunnel bool
    Enable/disable Split Tunnel Mode. Valid values: true, false. Default value: true. Please see here for more information on split tunnel.
    SpotPrice string
    Price for spot instance. NOT supported for production deployment.
    Subnet string
    A VPC network address range selected from one of the available network ranges. Example: "172.31.0.0/20". NOTE: If using insane_mode, please see notes here.
    TagLists List<string>
    (Optional) Tag list of the gateway instance. Only available for AWS, AWSGov, AWSChina, Azure, AzureGov and AzureChina gateways. Example: ["key1:value1", "key2:value2"].

    • storage_name (Optional) Specify a storage account. Required if cloud_type is 2048 (AzureChina). Removed in Provider version 2.21.0+.

    Deprecated:Use tags instead.

    Tags Dictionary<string, string>
    Map of tags to assign to the gateway. Only available for AWS, AWSGov, AWSChina, Azure, AzureGov, AzureChina, AWS Top Secret and AWS Secret gateways. Allowed characters vary by cloud type but always include: letters, spaces, and numbers. AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret allow the use of any character. Azure, AzureGov and AzureChina allows the following special characters: + - = . _ : @. Example: {"key1" = "value1", "key2" = "value2"}.
    TunnelDetectionTime int
    The IPSec tunnel down detection time for the Gateway.
    VpcId string
    VPC ID/VNet name of cloud provider. Example: AWS/AWSGov/AWSChina: "vpc-abcd1234", GCP: "vpc-gcp-test~-~project-id", Azure/AzureGov/AzureChina: "vnet_name:rg_name:resource_guid", OCI: "ocid1.vcn.oc1.iad.aaaaaaaaba3pv6wkcr4jqae5f44n2b2m2yt2j6rx32uzr4h25vqstifsfdsq".
    VpcReg string
    VPC region the gateway will be created in. Example: AWS: "us-east-1", GCP: "us-west2-a", Azure: "East US 2", OCI: "us-ashburn-1", AzureGov: "USGov Arizona", AWSGov: "us-gov-west-1", AWSChina: "cn-north-1", AzureChina: "China North", AWS Top Secret: "us-iso-east-1", AWS Secret: "us-isob-east-1".
    VpnAccess bool
    Enable user access through VPN to this gateway. Valid values: true, false.
    VpnCidr string
    VPN CIDR block for the gateway. Required if vpn_access is true. Example: "192.168.43.0/24".
    VpnProtocol string
    Transport mode for VPN connection. All cloud_types support TCP with ELB, and UDP without ELB. AWS(1) additionally supports UDP with ELB. Valid values: "TCP", "UDP". If not specified, "TCP" will be used.
    Zone string
    Availability Zone. Only available for Azure and Public Subnet Filtering gateway. Available for Azure as of provider version R2.17+.
    AccountName string
    Account name. This account will be used to launch Aviatrix gateway.
    AdditionalCidrs string
    A list of destination CIDR ranges that will also go through the VPN tunnel when Split Tunnel Mode is enabled.
    AdditionalCidrsDesignatedGateway string
    A list of CIDR ranges separated by comma to configure when "Designated Gateway" feature is enabled. Example: "10.8.0.0/16,10.9.0.0/16,10.10.0.0/16".
    AllocateNewEip bool
    If set to false, use an available address in Elastic IP pool for this gateway. Otherwise, allocate a new Elastic IP and use it for this gateway. Available in Controller 2.7+. Valid values: true, false. Default: true.
    AvailabilityDomain string
    Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.
    AzureEipNameResourceGroup string
    Name of public IP Address resource and its resource group in Azure to be assigned to the gateway instance. Example: "IP_Name:Resource_Group_Name". Required when allocate_new_eip is false and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.
    CloudInstanceId string
    Cloud instance ID of the gateway.
    CloudType int
    Cloud service provider to use to launch the gateway. Requires an integer value. Currently supports AWS(1), GCP(4), Azure(8), OCI(16), AzureGov(32), AWSGov(256), AWSChina(1024), AzureChina(2048), Alibaba Cloud (8192), AWS Top Secret (16384) and AWS Secret (32768).
    CustomerManagedKeys string
    Customer-managed key ID.
    DuoApiHostname string
    API hostname for DUO auth mode. Required: Yes if otp_mode is "2".
    DuoIntegrationKey string
    Integration key for DUO auth mode. Required if otp_mode is "2".
    DuoPushMode string
    Push mode for DUO auth. Required if otp_mode is "2". Valid values: "auto", "selective" and "token".
    DuoSecretKey string
    Secret key for DUO auth mode. Required if otp_mode is "2".
    Eip string
    Specified EIP to use for gateway creation. Required when allocate_new_eip is false. Available in Controller version 3.5+. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.
    ElbDnsName string
    ELB DNS name.
    ElbName string
    A name for the ELB that is created. If it is not specified, a name is generated automatically.
    EnableDesignatedGateway bool
    Enable Designated Gateway feature for Gateway. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false. Please view documentation here for more information on this feature.
    EnableElb bool
    Specify whether to enable ELB or not. Not supported for OCI gateways. Valid values: true, false.
    EnableEncryptVolume bool
    Enable EBS volume encryption for the gateway. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.
    EnableJumboFrame bool
    Enable jumbo frames for this gateway. Default value is true.
    EnableLdap bool
    Enable/disable LDAP. Valid values: true, false. Default value: false.
    EnableMonitorGatewaySubnets bool
    If set to true, the Monitor Gateway Subnets feature is enabled. Default value is false. Available in provider version R2.17.1+.
    EnablePublicSubnetFiltering bool
    Create a Public Subnet Filtering gateway.
    EnableSpotInstance bool
    Enable spot instance. NOT supported for production deployment.
    EnableVpcDnsServer bool
    Enable VPC DNS Server for gateway. Currently only supported for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, Alibaba Cloud, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.
    EnableVpnNat bool
    Enable/disable VPN NAT. Only supported for VPN gateway. Valid values: true, false. Default value: true.
    FaultDomain string
    Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.
    FqdnLanCidr string
    If fqdn_lan_cidr is set, the FQDN gateway will be created with an additional LAN interface using the provided CIDR. This attribute is required when enabling FQDN gateway FireNet in Azure or GCP. Available in provider version R2.17.1+.
    FqdnLanInterface string
    The lan interface id of the of FQDN gateway with additional LAN interface. This attribute will be exported when enabling FQDN gateway firenet in Azure. Available in provider version R2.17.1+.
    FqdnLanVpcId string
    FQDN LAN VPC ID. This attribute is required when enabling FQDN gateway FireNet in GCP. Available as of provider version R2.18.1+.
    GwName string
    Name of the Aviatrix gateway to be created.
    GwSize string
    Size of the gateway instance. Example: AWS/AWSGov/AWSChina: "t2.large", GCP: "n1-standard-1", Azure/AzureGov/AzureChina: "Standard_B1s", OCI: "VM.Standard2.2".
    IdleTimeout int
    It sets the value (seconds) of the idle timeout. This idle timeout feature is enable only if this attribute is set, otherwise it is disabled. The entered value must be an integer number greater than 300. Available in provider version R2.17.1+.
    ImageVersion string
    The image version of the gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired software_version. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.
    InsaneMode bool
    Enable Insane Mode for Gateway. Insane Mode gateway size must be at least c5 series (AWS) or Standard_D3_v2 (Azure/AzureGov). If enabled, a valid /26 CIDR segment of the VPC must be specified to create a new subnet. Only supported for AWS, AWSGov, Azure, AzureGov, AWS China, Azure China, AWS Top Secret or AWS Secret. Valid values: true, false.
    InsaneModeAz string
    Region + Availability Zone of subnet being created for Insane Mode gateway. Required for AWS, AWSGov, AWS China, AWS Top Secret or AWS Secret if insane_mode is set. Example: AWS: "us-west-1a".
    LdapBaseDn string
    LDAP base DN. Required if enable_ldap is true.
    LdapBindDn string
    LDAP bind DN. Required if enable_ldap is true.
    LdapPassword string
    LDAP password. Required if enable_ldap is true.
    LdapServer string
    LDAP server address. Required if enable_ldap is true.
    LdapUsernameAttribute string
    LDAP user attribute. Required if enable_ldap is true.
    MaxVpnConn string
    Maximum number of active VPN users allowed to be connected to this gateway. Required if vpn_access is true. Make sure the number is smaller than the VPN CIDR block. Example: 100. NOTE: Please see notes here in regards to any deltas found in your state with the addition of this argument in R1.14.
    MonitorExcludeLists []string
    Set of monitored instance ids. Only valid when 'enable_monitor_gateway_subnets' = true. Available in provider version R2.17.1+.
    NameServers string
    A list of DNS servers used to resolve domain names by a connected VPN user when Split Tunnel Mode is enabled.
    OktaToken string
    Token for Okta auth mode. Required if otp_mode is "3".
    OktaUrl string
    URL for Okta auth mode. Required if otp_mode is "3".
    OktaUsernameSuffix string
    Username suffix for Okta auth mode. Example: "aviatrix.com".
    OtpMode string
    Two step authentication mode. Valid values: "2" for DUO, "3" for Okta.
    PeeringHaAvailabilityDomain string
    Peering HA gateway availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.
    PeeringHaAzureEipNameResourceGroup string
    Name of public IP address resource and its resource group in Azure to be assigned to the HA peering instance. Example: "IP_Name:Resource_Group_Name". Required if peering_ha_eip is set and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.
    PeeringHaCloudInstanceId string
    Cloud instance ID of the HA gateway.
    PeeringHaEip string
    Public IP address to be assigned to the HA peering instance. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.
    PeeringHaFaultDomain string
    Peering HA gateway fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.
    PeeringHaGwName string
    Aviatrix gateway unique name of HA gateway.
    PeeringHaGwSize string
    Size of the Peering HA Gateway to be created. Required if enabling Peering HA. NOTE: Please see notes here in regards to any deltas found in your state with the addition of this argument in R1.8.
    PeeringHaImageVersion string
    The image version of the HA gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired ha_software_version. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.
    PeeringHaInsaneModeAz string
    Region + Availability Zone of subnet being created for Insane Mode-enabled Peering HA Gateway. Required for AWS only if insane_mode is set and peering_ha_subnet is set. Example: AWS: "us-west-1a".
    PeeringHaPrivateIp string
    Private IP address of HA gateway.
    PeeringHaSecurityGroupId string
    HA security group used for the gateway.
    PeeringHaSoftwareVersion string
    The software version of the HA gateway. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the HA gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.
    PeeringHaSubnet string
    Public subnet CIDR to create Peering HA Gateway in. Required if enabling Peering HA for AWS/AWSGov/AWS Top Secret/AWS Secret/Azure/AzureGov/Alibaba Cloud. Optional if enabling Peering HA for GCP. Example: AWS: "10.0.0.0/16".
    PeeringHaZone string
    Zone to create Peering HA Gateway in. Required if enabling Peering HA for GCP. Example: GCP: "us-west1-c". Optional for Azure. Valid values for Azure gateways are in the form "az-n". Example: "az-2". Available for Azure as of provider version R2.17+.
    PrivateIp string
    Private IP address of the gateway created.
    PublicDnsServer string
    DNS server used by the gateway. Default is "8.8.8.8", can be overridden with the VPC's setting.
    PublicSubnetFilteringGuardDutyEnforced bool
    Whether to enforce Guard Duty IP blocking. Only valid when enable_public_subnet_filtering attribute is true. Valid values: true or false. Default value: true. Available as of provider version R2.18+.
    PublicSubnetFilteringHaRouteTables []string
    Route tables whose associated public subnets are protected for the HA PSF gateway. Required when enable_public_subnet_filtering and peering_ha_subnet are set. Available as of provider version R2.18+.
    PublicSubnetFilteringRouteTables []string
    Route tables whose associated public subnets are protected. Only valid when enable_public_subnet_filtering attribute is true. Available as of provider version R2.18+.
    RenegotiationInterval int
    It sets the value (seconds) of the renegotiation interval. This renegotiation interval feature is enable only if this attribute is set, otherwise it is disabled. The entered value must be an integer number greater than 300. Available in provider version R2.17.1+.
    RxQueueSize string
    Gateway ethernet interface RX queue size. Once set, can't be deleted or disabled. Available for AWS as of provider version R2.22+.
    SamlEnabled bool
    Enable/disable SAML. This field is available in Controller version 3.3 or later release. Valid values: true, false. Default value: false.
    SearchDomains string
    A list of domain names that will use the NameServer when a specific name is not in the destination when Split Tunnel Mode is enabled.
    SecurityGroupId string
    Security group used for the gateway.
    SingleAzHa bool
    If enabled, Controller monitors the health of the gateway and restarts the gateway if it becomes unreachable. Valid values: true, false. Default value: false.
    SingleIpSnat bool
    Enable Source NAT in "single ip" mode for this gateway. Valid values: true, false. Default value: false. NOTE: If using SNAT for FQDN use-case, please see notes here.
    SoftwareVersion string
    The software version of the gateway. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.
    SplitTunnel bool
    Enable/disable Split Tunnel Mode. Valid values: true, false. Default value: true. Please see here for more information on split tunnel.
    SpotPrice string
    Price for spot instance. NOT supported for production deployment.
    Subnet string
    A VPC network address range selected from one of the available network ranges. Example: "172.31.0.0/20". NOTE: If using insane_mode, please see notes here.
    TagLists []string
    (Optional) Tag list of the gateway instance. Only available for AWS, AWSGov, AWSChina, Azure, AzureGov and AzureChina gateways. Example: ["key1:value1", "key2:value2"].

    • storage_name (Optional) Specify a storage account. Required if cloud_type is 2048 (AzureChina). Removed in Provider version 2.21.0+.

    Deprecated:Use tags instead.

    Tags map[string]string
    Map of tags to assign to the gateway. Only available for AWS, AWSGov, AWSChina, Azure, AzureGov, AzureChina, AWS Top Secret and AWS Secret gateways. Allowed characters vary by cloud type but always include: letters, spaces, and numbers. AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret allow the use of any character. Azure, AzureGov and AzureChina allows the following special characters: + - = . _ : @. Example: {"key1" = "value1", "key2" = "value2"}.
    TunnelDetectionTime int
    The IPSec tunnel down detection time for the Gateway.
    VpcId string
    VPC ID/VNet name of cloud provider. Example: AWS/AWSGov/AWSChina: "vpc-abcd1234", GCP: "vpc-gcp-test~-~project-id", Azure/AzureGov/AzureChina: "vnet_name:rg_name:resource_guid", OCI: "ocid1.vcn.oc1.iad.aaaaaaaaba3pv6wkcr4jqae5f44n2b2m2yt2j6rx32uzr4h25vqstifsfdsq".
    VpcReg string
    VPC region the gateway will be created in. Example: AWS: "us-east-1", GCP: "us-west2-a", Azure: "East US 2", OCI: "us-ashburn-1", AzureGov: "USGov Arizona", AWSGov: "us-gov-west-1", AWSChina: "cn-north-1", AzureChina: "China North", AWS Top Secret: "us-iso-east-1", AWS Secret: "us-isob-east-1".
    VpnAccess bool
    Enable user access through VPN to this gateway. Valid values: true, false.
    VpnCidr string
    VPN CIDR block for the gateway. Required if vpn_access is true. Example: "192.168.43.0/24".
    VpnProtocol string
    Transport mode for VPN connection. All cloud_types support TCP with ELB, and UDP without ELB. AWS(1) additionally supports UDP with ELB. Valid values: "TCP", "UDP". If not specified, "TCP" will be used.
    Zone string
    Availability Zone. Only available for Azure and Public Subnet Filtering gateway. Available for Azure as of provider version R2.17+.
    accountName String
    Account name. This account will be used to launch Aviatrix gateway.
    additionalCidrs String
    A list of destination CIDR ranges that will also go through the VPN tunnel when Split Tunnel Mode is enabled.
    additionalCidrsDesignatedGateway String
    A list of CIDR ranges separated by comma to configure when "Designated Gateway" feature is enabled. Example: "10.8.0.0/16,10.9.0.0/16,10.10.0.0/16".
    allocateNewEip Boolean
    If set to false, use an available address in Elastic IP pool for this gateway. Otherwise, allocate a new Elastic IP and use it for this gateway. Available in Controller 2.7+. Valid values: true, false. Default: true.
    availabilityDomain String
    Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.
    azureEipNameResourceGroup String
    Name of public IP Address resource and its resource group in Azure to be assigned to the gateway instance. Example: "IP_Name:Resource_Group_Name". Required when allocate_new_eip is false and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.
    cloudInstanceId String
    Cloud instance ID of the gateway.
    cloudType Integer
    Cloud service provider to use to launch the gateway. Requires an integer value. Currently supports AWS(1), GCP(4), Azure(8), OCI(16), AzureGov(32), AWSGov(256), AWSChina(1024), AzureChina(2048), Alibaba Cloud (8192), AWS Top Secret (16384) and AWS Secret (32768).
    customerManagedKeys String
    Customer-managed key ID.
    duoApiHostname String
    API hostname for DUO auth mode. Required: Yes if otp_mode is "2".
    duoIntegrationKey String
    Integration key for DUO auth mode. Required if otp_mode is "2".
    duoPushMode String
    Push mode for DUO auth. Required if otp_mode is "2". Valid values: "auto", "selective" and "token".
    duoSecretKey String
    Secret key for DUO auth mode. Required if otp_mode is "2".
    eip String
    Specified EIP to use for gateway creation. Required when allocate_new_eip is false. Available in Controller version 3.5+. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.
    elbDnsName String
    ELB DNS name.
    elbName String
    A name for the ELB that is created. If it is not specified, a name is generated automatically.
    enableDesignatedGateway Boolean
    Enable Designated Gateway feature for Gateway. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false. Please view documentation here for more information on this feature.
    enableElb Boolean
    Specify whether to enable ELB or not. Not supported for OCI gateways. Valid values: true, false.
    enableEncryptVolume Boolean
    Enable EBS volume encryption for the gateway. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.
    enableJumboFrame Boolean
    Enable jumbo frames for this gateway. Default value is true.
    enableLdap Boolean
    Enable/disable LDAP. Valid values: true, false. Default value: false.
    enableMonitorGatewaySubnets Boolean
    If set to true, the Monitor Gateway Subnets feature is enabled. Default value is false. Available in provider version R2.17.1+.
    enablePublicSubnetFiltering Boolean
    Create a Public Subnet Filtering gateway.
    enableSpotInstance Boolean
    Enable spot instance. NOT supported for production deployment.
    enableVpcDnsServer Boolean
    Enable VPC DNS Server for gateway. Currently only supported for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, Alibaba Cloud, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.
    enableVpnNat Boolean
    Enable/disable VPN NAT. Only supported for VPN gateway. Valid values: true, false. Default value: true.
    faultDomain String
    Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.
    fqdnLanCidr String
    If fqdn_lan_cidr is set, the FQDN gateway will be created with an additional LAN interface using the provided CIDR. This attribute is required when enabling FQDN gateway FireNet in Azure or GCP. Available in provider version R2.17.1+.
    fqdnLanInterface String
    The lan interface id of the of FQDN gateway with additional LAN interface. This attribute will be exported when enabling FQDN gateway firenet in Azure. Available in provider version R2.17.1+.
    fqdnLanVpcId String
    FQDN LAN VPC ID. This attribute is required when enabling FQDN gateway FireNet in GCP. Available as of provider version R2.18.1+.
    gwName String
    Name of the Aviatrix gateway to be created.
    gwSize String
    Size of the gateway instance. Example: AWS/AWSGov/AWSChina: "t2.large", GCP: "n1-standard-1", Azure/AzureGov/AzureChina: "Standard_B1s", OCI: "VM.Standard2.2".
    idleTimeout Integer
    It sets the value (seconds) of the idle timeout. This idle timeout feature is enable only if this attribute is set, otherwise it is disabled. The entered value must be an integer number greater than 300. Available in provider version R2.17.1+.
    imageVersion String
    The image version of the gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired software_version. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.
    insaneMode Boolean
    Enable Insane Mode for Gateway. Insane Mode gateway size must be at least c5 series (AWS) or Standard_D3_v2 (Azure/AzureGov). If enabled, a valid /26 CIDR segment of the VPC must be specified to create a new subnet. Only supported for AWS, AWSGov, Azure, AzureGov, AWS China, Azure China, AWS Top Secret or AWS Secret. Valid values: true, false.
    insaneModeAz String
    Region + Availability Zone of subnet being created for Insane Mode gateway. Required for AWS, AWSGov, AWS China, AWS Top Secret or AWS Secret if insane_mode is set. Example: AWS: "us-west-1a".
    ldapBaseDn String
    LDAP base DN. Required if enable_ldap is true.
    ldapBindDn String
    LDAP bind DN. Required if enable_ldap is true.
    ldapPassword String
    LDAP password. Required if enable_ldap is true.
    ldapServer String
    LDAP server address. Required if enable_ldap is true.
    ldapUsernameAttribute String
    LDAP user attribute. Required if enable_ldap is true.
    maxVpnConn String
    Maximum number of active VPN users allowed to be connected to this gateway. Required if vpn_access is true. Make sure the number is smaller than the VPN CIDR block. Example: 100. NOTE: Please see notes here in regards to any deltas found in your state with the addition of this argument in R1.14.
    monitorExcludeLists List<String>
    Set of monitored instance ids. Only valid when 'enable_monitor_gateway_subnets' = true. Available in provider version R2.17.1+.
    nameServers String
    A list of DNS servers used to resolve domain names by a connected VPN user when Split Tunnel Mode is enabled.
    oktaToken String
    Token for Okta auth mode. Required if otp_mode is "3".
    oktaUrl String
    URL for Okta auth mode. Required if otp_mode is "3".
    oktaUsernameSuffix String
    Username suffix for Okta auth mode. Example: "aviatrix.com".
    otpMode String
    Two step authentication mode. Valid values: "2" for DUO, "3" for Okta.
    peeringHaAvailabilityDomain String
    Peering HA gateway availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.
    peeringHaAzureEipNameResourceGroup String
    Name of public IP address resource and its resource group in Azure to be assigned to the HA peering instance. Example: "IP_Name:Resource_Group_Name". Required if peering_ha_eip is set and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.
    peeringHaCloudInstanceId String
    Cloud instance ID of the HA gateway.
    peeringHaEip String
    Public IP address to be assigned to the HA peering instance. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.
    peeringHaFaultDomain String
    Peering HA gateway fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.
    peeringHaGwName String
    Aviatrix gateway unique name of HA gateway.
    peeringHaGwSize String
    Size of the Peering HA Gateway to be created. Required if enabling Peering HA. NOTE: Please see notes here in regards to any deltas found in your state with the addition of this argument in R1.8.
    peeringHaImageVersion String
    The image version of the HA gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired ha_software_version. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.
    peeringHaInsaneModeAz String
    Region + Availability Zone of subnet being created for Insane Mode-enabled Peering HA Gateway. Required for AWS only if insane_mode is set and peering_ha_subnet is set. Example: AWS: "us-west-1a".
    peeringHaPrivateIp String
    Private IP address of HA gateway.
    peeringHaSecurityGroupId String
    HA security group used for the gateway.
    peeringHaSoftwareVersion String
    The software version of the HA gateway. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the HA gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.
    peeringHaSubnet String
    Public subnet CIDR to create Peering HA Gateway in. Required if enabling Peering HA for AWS/AWSGov/AWS Top Secret/AWS Secret/Azure/AzureGov/Alibaba Cloud. Optional if enabling Peering HA for GCP. Example: AWS: "10.0.0.0/16".
    peeringHaZone String
    Zone to create Peering HA Gateway in. Required if enabling Peering HA for GCP. Example: GCP: "us-west1-c". Optional for Azure. Valid values for Azure gateways are in the form "az-n". Example: "az-2". Available for Azure as of provider version R2.17+.
    privateIp String
    Private IP address of the gateway created.
    publicDnsServer String
    DNS server used by the gateway. Default is "8.8.8.8", can be overridden with the VPC's setting.
    publicSubnetFilteringGuardDutyEnforced Boolean
    Whether to enforce Guard Duty IP blocking. Only valid when enable_public_subnet_filtering attribute is true. Valid values: true or false. Default value: true. Available as of provider version R2.18+.
    publicSubnetFilteringHaRouteTables List<String>
    Route tables whose associated public subnets are protected for the HA PSF gateway. Required when enable_public_subnet_filtering and peering_ha_subnet are set. Available as of provider version R2.18+.
    publicSubnetFilteringRouteTables List<String>
    Route tables whose associated public subnets are protected. Only valid when enable_public_subnet_filtering attribute is true. Available as of provider version R2.18+.
    renegotiationInterval Integer
    It sets the value (seconds) of the renegotiation interval. This renegotiation interval feature is enable only if this attribute is set, otherwise it is disabled. The entered value must be an integer number greater than 300. Available in provider version R2.17.1+.
    rxQueueSize String
    Gateway ethernet interface RX queue size. Once set, can't be deleted or disabled. Available for AWS as of provider version R2.22+.
    samlEnabled Boolean
    Enable/disable SAML. This field is available in Controller version 3.3 or later release. Valid values: true, false. Default value: false.
    searchDomains String
    A list of domain names that will use the NameServer when a specific name is not in the destination when Split Tunnel Mode is enabled.
    securityGroupId String
    Security group used for the gateway.
    singleAzHa Boolean
    If enabled, Controller monitors the health of the gateway and restarts the gateway if it becomes unreachable. Valid values: true, false. Default value: false.
    singleIpSnat Boolean
    Enable Source NAT in "single ip" mode for this gateway. Valid values: true, false. Default value: false. NOTE: If using SNAT for FQDN use-case, please see notes here.
    softwareVersion String
    The software version of the gateway. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.
    splitTunnel Boolean
    Enable/disable Split Tunnel Mode. Valid values: true, false. Default value: true. Please see here for more information on split tunnel.
    spotPrice String
    Price for spot instance. NOT supported for production deployment.
    subnet String
    A VPC network address range selected from one of the available network ranges. Example: "172.31.0.0/20". NOTE: If using insane_mode, please see notes here.
    tagLists List<String>
    (Optional) Tag list of the gateway instance. Only available for AWS, AWSGov, AWSChina, Azure, AzureGov and AzureChina gateways. Example: ["key1:value1", "key2:value2"].

    • storage_name (Optional) Specify a storage account. Required if cloud_type is 2048 (AzureChina). Removed in Provider version 2.21.0+.

    Deprecated:Use tags instead.

    tags Map<String,String>
    Map of tags to assign to the gateway. Only available for AWS, AWSGov, AWSChina, Azure, AzureGov, AzureChina, AWS Top Secret and AWS Secret gateways. Allowed characters vary by cloud type but always include: letters, spaces, and numbers. AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret allow the use of any character. Azure, AzureGov and AzureChina allows the following special characters: + - = . _ : @. Example: {"key1" = "value1", "key2" = "value2"}.
    tunnelDetectionTime Integer
    The IPSec tunnel down detection time for the Gateway.
    vpcId String
    VPC ID/VNet name of cloud provider. Example: AWS/AWSGov/AWSChina: "vpc-abcd1234", GCP: "vpc-gcp-test~-~project-id", Azure/AzureGov/AzureChina: "vnet_name:rg_name:resource_guid", OCI: "ocid1.vcn.oc1.iad.aaaaaaaaba3pv6wkcr4jqae5f44n2b2m2yt2j6rx32uzr4h25vqstifsfdsq".
    vpcReg String
    VPC region the gateway will be created in. Example: AWS: "us-east-1", GCP: "us-west2-a", Azure: "East US 2", OCI: "us-ashburn-1", AzureGov: "USGov Arizona", AWSGov: "us-gov-west-1", AWSChina: "cn-north-1", AzureChina: "China North", AWS Top Secret: "us-iso-east-1", AWS Secret: "us-isob-east-1".
    vpnAccess Boolean
    Enable user access through VPN to this gateway. Valid values: true, false.
    vpnCidr String
    VPN CIDR block for the gateway. Required if vpn_access is true. Example: "192.168.43.0/24".
    vpnProtocol String
    Transport mode for VPN connection. All cloud_types support TCP with ELB, and UDP without ELB. AWS(1) additionally supports UDP with ELB. Valid values: "TCP", "UDP". If not specified, "TCP" will be used.
    zone String
    Availability Zone. Only available for Azure and Public Subnet Filtering gateway. Available for Azure as of provider version R2.17+.
    accountName string
    Account name. This account will be used to launch Aviatrix gateway.
    additionalCidrs string
    A list of destination CIDR ranges that will also go through the VPN tunnel when Split Tunnel Mode is enabled.
    additionalCidrsDesignatedGateway string
    A list of CIDR ranges separated by comma to configure when "Designated Gateway" feature is enabled. Example: "10.8.0.0/16,10.9.0.0/16,10.10.0.0/16".
    allocateNewEip boolean
    If set to false, use an available address in Elastic IP pool for this gateway. Otherwise, allocate a new Elastic IP and use it for this gateway. Available in Controller 2.7+. Valid values: true, false. Default: true.
    availabilityDomain string
    Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.
    azureEipNameResourceGroup string
    Name of public IP Address resource and its resource group in Azure to be assigned to the gateway instance. Example: "IP_Name:Resource_Group_Name". Required when allocate_new_eip is false and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.
    cloudInstanceId string
    Cloud instance ID of the gateway.
    cloudType number
    Cloud service provider to use to launch the gateway. Requires an integer value. Currently supports AWS(1), GCP(4), Azure(8), OCI(16), AzureGov(32), AWSGov(256), AWSChina(1024), AzureChina(2048), Alibaba Cloud (8192), AWS Top Secret (16384) and AWS Secret (32768).
    customerManagedKeys string
    Customer-managed key ID.
    duoApiHostname string
    API hostname for DUO auth mode. Required: Yes if otp_mode is "2".
    duoIntegrationKey string
    Integration key for DUO auth mode. Required if otp_mode is "2".
    duoPushMode string
    Push mode for DUO auth. Required if otp_mode is "2". Valid values: "auto", "selective" and "token".
    duoSecretKey string
    Secret key for DUO auth mode. Required if otp_mode is "2".
    eip string
    Specified EIP to use for gateway creation. Required when allocate_new_eip is false. Available in Controller version 3.5+. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.
    elbDnsName string
    ELB DNS name.
    elbName string
    A name for the ELB that is created. If it is not specified, a name is generated automatically.
    enableDesignatedGateway boolean
    Enable Designated Gateway feature for Gateway. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false. Please view documentation here for more information on this feature.
    enableElb boolean
    Specify whether to enable ELB or not. Not supported for OCI gateways. Valid values: true, false.
    enableEncryptVolume boolean
    Enable EBS volume encryption for the gateway. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.
    enableJumboFrame boolean
    Enable jumbo frames for this gateway. Default value is true.
    enableLdap boolean
    Enable/disable LDAP. Valid values: true, false. Default value: false.
    enableMonitorGatewaySubnets boolean
    If set to true, the Monitor Gateway Subnets feature is enabled. Default value is false. Available in provider version R2.17.1+.
    enablePublicSubnetFiltering boolean
    Create a Public Subnet Filtering gateway.
    enableSpotInstance boolean
    Enable spot instance. NOT supported for production deployment.
    enableVpcDnsServer boolean
    Enable VPC DNS Server for gateway. Currently only supported for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, Alibaba Cloud, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.
    enableVpnNat boolean
    Enable/disable VPN NAT. Only supported for VPN gateway. Valid values: true, false. Default value: true.
    faultDomain string
    Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.
    fqdnLanCidr string
    If fqdn_lan_cidr is set, the FQDN gateway will be created with an additional LAN interface using the provided CIDR. This attribute is required when enabling FQDN gateway FireNet in Azure or GCP. Available in provider version R2.17.1+.
    fqdnLanInterface string
    The lan interface id of the of FQDN gateway with additional LAN interface. This attribute will be exported when enabling FQDN gateway firenet in Azure. Available in provider version R2.17.1+.
    fqdnLanVpcId string
    FQDN LAN VPC ID. This attribute is required when enabling FQDN gateway FireNet in GCP. Available as of provider version R2.18.1+.
    gwName string
    Name of the Aviatrix gateway to be created.
    gwSize string
    Size of the gateway instance. Example: AWS/AWSGov/AWSChina: "t2.large", GCP: "n1-standard-1", Azure/AzureGov/AzureChina: "Standard_B1s", OCI: "VM.Standard2.2".
    idleTimeout number
    It sets the value (seconds) of the idle timeout. This idle timeout feature is enable only if this attribute is set, otherwise it is disabled. The entered value must be an integer number greater than 300. Available in provider version R2.17.1+.
    imageVersion string
    The image version of the gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired software_version. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.
    insaneMode boolean
    Enable Insane Mode for Gateway. Insane Mode gateway size must be at least c5 series (AWS) or Standard_D3_v2 (Azure/AzureGov). If enabled, a valid /26 CIDR segment of the VPC must be specified to create a new subnet. Only supported for AWS, AWSGov, Azure, AzureGov, AWS China, Azure China, AWS Top Secret or AWS Secret. Valid values: true, false.
    insaneModeAz string
    Region + Availability Zone of subnet being created for Insane Mode gateway. Required for AWS, AWSGov, AWS China, AWS Top Secret or AWS Secret if insane_mode is set. Example: AWS: "us-west-1a".
    ldapBaseDn string
    LDAP base DN. Required if enable_ldap is true.
    ldapBindDn string
    LDAP bind DN. Required if enable_ldap is true.
    ldapPassword string
    LDAP password. Required if enable_ldap is true.
    ldapServer string
    LDAP server address. Required if enable_ldap is true.
    ldapUsernameAttribute string
    LDAP user attribute. Required if enable_ldap is true.
    maxVpnConn string
    Maximum number of active VPN users allowed to be connected to this gateway. Required if vpn_access is true. Make sure the number is smaller than the VPN CIDR block. Example: 100. NOTE: Please see notes here in regards to any deltas found in your state with the addition of this argument in R1.14.
    monitorExcludeLists string[]
    Set of monitored instance ids. Only valid when 'enable_monitor_gateway_subnets' = true. Available in provider version R2.17.1+.
    nameServers string
    A list of DNS servers used to resolve domain names by a connected VPN user when Split Tunnel Mode is enabled.
    oktaToken string
    Token for Okta auth mode. Required if otp_mode is "3".
    oktaUrl string
    URL for Okta auth mode. Required if otp_mode is "3".
    oktaUsernameSuffix string
    Username suffix for Okta auth mode. Example: "aviatrix.com".
    otpMode string
    Two step authentication mode. Valid values: "2" for DUO, "3" for Okta.
    peeringHaAvailabilityDomain string
    Peering HA gateway availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.
    peeringHaAzureEipNameResourceGroup string
    Name of public IP address resource and its resource group in Azure to be assigned to the HA peering instance. Example: "IP_Name:Resource_Group_Name". Required if peering_ha_eip is set and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.
    peeringHaCloudInstanceId string
    Cloud instance ID of the HA gateway.
    peeringHaEip string
    Public IP address to be assigned to the HA peering instance. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.
    peeringHaFaultDomain string
    Peering HA gateway fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.
    peeringHaGwName string
    Aviatrix gateway unique name of HA gateway.
    peeringHaGwSize string
    Size of the Peering HA Gateway to be created. Required if enabling Peering HA. NOTE: Please see notes here in regards to any deltas found in your state with the addition of this argument in R1.8.
    peeringHaImageVersion string
    The image version of the HA gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired ha_software_version. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.
    peeringHaInsaneModeAz string
    Region + Availability Zone of subnet being created for Insane Mode-enabled Peering HA Gateway. Required for AWS only if insane_mode is set and peering_ha_subnet is set. Example: AWS: "us-west-1a".
    peeringHaPrivateIp string
    Private IP address of HA gateway.
    peeringHaSecurityGroupId string
    HA security group used for the gateway.
    peeringHaSoftwareVersion string
    The software version of the HA gateway. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the HA gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.
    peeringHaSubnet string
    Public subnet CIDR to create Peering HA Gateway in. Required if enabling Peering HA for AWS/AWSGov/AWS Top Secret/AWS Secret/Azure/AzureGov/Alibaba Cloud. Optional if enabling Peering HA for GCP. Example: AWS: "10.0.0.0/16".
    peeringHaZone string
    Zone to create Peering HA Gateway in. Required if enabling Peering HA for GCP. Example: GCP: "us-west1-c". Optional for Azure. Valid values for Azure gateways are in the form "az-n". Example: "az-2". Available for Azure as of provider version R2.17+.
    privateIp string
    Private IP address of the gateway created.
    publicDnsServer string
    DNS server used by the gateway. Default is "8.8.8.8", can be overridden with the VPC's setting.
    publicSubnetFilteringGuardDutyEnforced boolean
    Whether to enforce Guard Duty IP blocking. Only valid when enable_public_subnet_filtering attribute is true. Valid values: true or false. Default value: true. Available as of provider version R2.18+.
    publicSubnetFilteringHaRouteTables string[]
    Route tables whose associated public subnets are protected for the HA PSF gateway. Required when enable_public_subnet_filtering and peering_ha_subnet are set. Available as of provider version R2.18+.
    publicSubnetFilteringRouteTables string[]
    Route tables whose associated public subnets are protected. Only valid when enable_public_subnet_filtering attribute is true. Available as of provider version R2.18+.
    renegotiationInterval number
    It sets the value (seconds) of the renegotiation interval. This renegotiation interval feature is enable only if this attribute is set, otherwise it is disabled. The entered value must be an integer number greater than 300. Available in provider version R2.17.1+.
    rxQueueSize string
    Gateway ethernet interface RX queue size. Once set, can't be deleted or disabled. Available for AWS as of provider version R2.22+.
    samlEnabled boolean
    Enable/disable SAML. This field is available in Controller version 3.3 or later release. Valid values: true, false. Default value: false.
    searchDomains string
    A list of domain names that will use the NameServer when a specific name is not in the destination when Split Tunnel Mode is enabled.
    securityGroupId string
    Security group used for the gateway.
    singleAzHa boolean
    If enabled, Controller monitors the health of the gateway and restarts the gateway if it becomes unreachable. Valid values: true, false. Default value: false.
    singleIpSnat boolean
    Enable Source NAT in "single ip" mode for this gateway. Valid values: true, false. Default value: false. NOTE: If using SNAT for FQDN use-case, please see notes here.
    softwareVersion string
    The software version of the gateway. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.
    splitTunnel boolean
    Enable/disable Split Tunnel Mode. Valid values: true, false. Default value: true. Please see here for more information on split tunnel.
    spotPrice string
    Price for spot instance. NOT supported for production deployment.
    subnet string
    A VPC network address range selected from one of the available network ranges. Example: "172.31.0.0/20". NOTE: If using insane_mode, please see notes here.
    tagLists string[]
    (Optional) Tag list of the gateway instance. Only available for AWS, AWSGov, AWSChina, Azure, AzureGov and AzureChina gateways. Example: ["key1:value1", "key2:value2"].

    • storage_name (Optional) Specify a storage account. Required if cloud_type is 2048 (AzureChina). Removed in Provider version 2.21.0+.

    Deprecated:Use tags instead.

    tags {[key: string]: string}
    Map of tags to assign to the gateway. Only available for AWS, AWSGov, AWSChina, Azure, AzureGov, AzureChina, AWS Top Secret and AWS Secret gateways. Allowed characters vary by cloud type but always include: letters, spaces, and numbers. AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret allow the use of any character. Azure, AzureGov and AzureChina allows the following special characters: + - = . _ : @. Example: {"key1" = "value1", "key2" = "value2"}.
    tunnelDetectionTime number
    The IPSec tunnel down detection time for the Gateway.
    vpcId string
    VPC ID/VNet name of cloud provider. Example: AWS/AWSGov/AWSChina: "vpc-abcd1234", GCP: "vpc-gcp-test~-~project-id", Azure/AzureGov/AzureChina: "vnet_name:rg_name:resource_guid", OCI: "ocid1.vcn.oc1.iad.aaaaaaaaba3pv6wkcr4jqae5f44n2b2m2yt2j6rx32uzr4h25vqstifsfdsq".
    vpcReg string
    VPC region the gateway will be created in. Example: AWS: "us-east-1", GCP: "us-west2-a", Azure: "East US 2", OCI: "us-ashburn-1", AzureGov: "USGov Arizona", AWSGov: "us-gov-west-1", AWSChina: "cn-north-1", AzureChina: "China North", AWS Top Secret: "us-iso-east-1", AWS Secret: "us-isob-east-1".
    vpnAccess boolean
    Enable user access through VPN to this gateway. Valid values: true, false.
    vpnCidr string
    VPN CIDR block for the gateway. Required if vpn_access is true. Example: "192.168.43.0/24".
    vpnProtocol string
    Transport mode for VPN connection. All cloud_types support TCP with ELB, and UDP without ELB. AWS(1) additionally supports UDP with ELB. Valid values: "TCP", "UDP". If not specified, "TCP" will be used.
    zone string
    Availability Zone. Only available for Azure and Public Subnet Filtering gateway. Available for Azure as of provider version R2.17+.
    account_name str
    Account name. This account will be used to launch Aviatrix gateway.
    additional_cidrs str
    A list of destination CIDR ranges that will also go through the VPN tunnel when Split Tunnel Mode is enabled.
    additional_cidrs_designated_gateway str
    A list of CIDR ranges separated by comma to configure when "Designated Gateway" feature is enabled. Example: "10.8.0.0/16,10.9.0.0/16,10.10.0.0/16".
    allocate_new_eip bool
    If set to false, use an available address in Elastic IP pool for this gateway. Otherwise, allocate a new Elastic IP and use it for this gateway. Available in Controller 2.7+. Valid values: true, false. Default: true.
    availability_domain str
    Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.
    azure_eip_name_resource_group str
    Name of public IP Address resource and its resource group in Azure to be assigned to the gateway instance. Example: "IP_Name:Resource_Group_Name". Required when allocate_new_eip is false and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.
    cloud_instance_id str
    Cloud instance ID of the gateway.
    cloud_type int
    Cloud service provider to use to launch the gateway. Requires an integer value. Currently supports AWS(1), GCP(4), Azure(8), OCI(16), AzureGov(32), AWSGov(256), AWSChina(1024), AzureChina(2048), Alibaba Cloud (8192), AWS Top Secret (16384) and AWS Secret (32768).
    customer_managed_keys str
    Customer-managed key ID.
    duo_api_hostname str
    API hostname for DUO auth mode. Required: Yes if otp_mode is "2".
    duo_integration_key str
    Integration key for DUO auth mode. Required if otp_mode is "2".
    duo_push_mode str
    Push mode for DUO auth. Required if otp_mode is "2". Valid values: "auto", "selective" and "token".
    duo_secret_key str
    Secret key for DUO auth mode. Required if otp_mode is "2".
    eip str
    Specified EIP to use for gateway creation. Required when allocate_new_eip is false. Available in Controller version 3.5+. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.
    elb_dns_name str
    ELB DNS name.
    elb_name str
    A name for the ELB that is created. If it is not specified, a name is generated automatically.
    enable_designated_gateway bool
    Enable Designated Gateway feature for Gateway. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false. Please view documentation here for more information on this feature.
    enable_elb bool
    Specify whether to enable ELB or not. Not supported for OCI gateways. Valid values: true, false.
    enable_encrypt_volume bool
    Enable EBS volume encryption for the gateway. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.
    enable_jumbo_frame bool
    Enable jumbo frames for this gateway. Default value is true.
    enable_ldap bool
    Enable/disable LDAP. Valid values: true, false. Default value: false.
    enable_monitor_gateway_subnets bool
    If set to true, the Monitor Gateway Subnets feature is enabled. Default value is false. Available in provider version R2.17.1+.
    enable_public_subnet_filtering bool
    Create a Public Subnet Filtering gateway.
    enable_spot_instance bool
    Enable spot instance. NOT supported for production deployment.
    enable_vpc_dns_server bool
    Enable VPC DNS Server for gateway. Currently only supported for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, Alibaba Cloud, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.
    enable_vpn_nat bool
    Enable/disable VPN NAT. Only supported for VPN gateway. Valid values: true, false. Default value: true.
    fault_domain str
    Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.
    fqdn_lan_cidr str
    If fqdn_lan_cidr is set, the FQDN gateway will be created with an additional LAN interface using the provided CIDR. This attribute is required when enabling FQDN gateway FireNet in Azure or GCP. Available in provider version R2.17.1+.
    fqdn_lan_interface str
    The lan interface id of the of FQDN gateway with additional LAN interface. This attribute will be exported when enabling FQDN gateway firenet in Azure. Available in provider version R2.17.1+.
    fqdn_lan_vpc_id str
    FQDN LAN VPC ID. This attribute is required when enabling FQDN gateway FireNet in GCP. Available as of provider version R2.18.1+.
    gw_name str
    Name of the Aviatrix gateway to be created.
    gw_size str
    Size of the gateway instance. Example: AWS/AWSGov/AWSChina: "t2.large", GCP: "n1-standard-1", Azure/AzureGov/AzureChina: "Standard_B1s", OCI: "VM.Standard2.2".
    idle_timeout int
    It sets the value (seconds) of the idle timeout. This idle timeout feature is enable only if this attribute is set, otherwise it is disabled. The entered value must be an integer number greater than 300. Available in provider version R2.17.1+.
    image_version str
    The image version of the gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired software_version. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.
    insane_mode bool
    Enable Insane Mode for Gateway. Insane Mode gateway size must be at least c5 series (AWS) or Standard_D3_v2 (Azure/AzureGov). If enabled, a valid /26 CIDR segment of the VPC must be specified to create a new subnet. Only supported for AWS, AWSGov, Azure, AzureGov, AWS China, Azure China, AWS Top Secret or AWS Secret. Valid values: true, false.
    insane_mode_az str
    Region + Availability Zone of subnet being created for Insane Mode gateway. Required for AWS, AWSGov, AWS China, AWS Top Secret or AWS Secret if insane_mode is set. Example: AWS: "us-west-1a".
    ldap_base_dn str
    LDAP base DN. Required if enable_ldap is true.
    ldap_bind_dn str
    LDAP bind DN. Required if enable_ldap is true.
    ldap_password str
    LDAP password. Required if enable_ldap is true.
    ldap_server str
    LDAP server address. Required if enable_ldap is true.
    ldap_username_attribute str
    LDAP user attribute. Required if enable_ldap is true.
    max_vpn_conn str
    Maximum number of active VPN users allowed to be connected to this gateway. Required if vpn_access is true. Make sure the number is smaller than the VPN CIDR block. Example: 100. NOTE: Please see notes here in regards to any deltas found in your state with the addition of this argument in R1.14.
    monitor_exclude_lists Sequence[str]
    Set of monitored instance ids. Only valid when 'enable_monitor_gateway_subnets' = true. Available in provider version R2.17.1+.
    name_servers str
    A list of DNS servers used to resolve domain names by a connected VPN user when Split Tunnel Mode is enabled.
    okta_token str
    Token for Okta auth mode. Required if otp_mode is "3".
    okta_url str
    URL for Okta auth mode. Required if otp_mode is "3".
    okta_username_suffix str
    Username suffix for Okta auth mode. Example: "aviatrix.com".
    otp_mode str
    Two step authentication mode. Valid values: "2" for DUO, "3" for Okta.
    peering_ha_availability_domain str
    Peering HA gateway availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.
    peering_ha_azure_eip_name_resource_group str
    Name of public IP address resource and its resource group in Azure to be assigned to the HA peering instance. Example: "IP_Name:Resource_Group_Name". Required if peering_ha_eip is set and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.
    peering_ha_cloud_instance_id str
    Cloud instance ID of the HA gateway.
    peering_ha_eip str
    Public IP address to be assigned to the HA peering instance. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.
    peering_ha_fault_domain str
    Peering HA gateway fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.
    peering_ha_gw_name str
    Aviatrix gateway unique name of HA gateway.
    peering_ha_gw_size str
    Size of the Peering HA Gateway to be created. Required if enabling Peering HA. NOTE: Please see notes here in regards to any deltas found in your state with the addition of this argument in R1.8.
    peering_ha_image_version str
    The image version of the HA gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired ha_software_version. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.
    peering_ha_insane_mode_az str
    Region + Availability Zone of subnet being created for Insane Mode-enabled Peering HA Gateway. Required for AWS only if insane_mode is set and peering_ha_subnet is set. Example: AWS: "us-west-1a".
    peering_ha_private_ip str
    Private IP address of HA gateway.
    peering_ha_security_group_id str
    HA security group used for the gateway.
    peering_ha_software_version str
    The software version of the HA gateway. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the HA gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.
    peering_ha_subnet str
    Public subnet CIDR to create Peering HA Gateway in. Required if enabling Peering HA for AWS/AWSGov/AWS Top Secret/AWS Secret/Azure/AzureGov/Alibaba Cloud. Optional if enabling Peering HA for GCP. Example: AWS: "10.0.0.0/16".
    peering_ha_zone str
    Zone to create Peering HA Gateway in. Required if enabling Peering HA for GCP. Example: GCP: "us-west1-c". Optional for Azure. Valid values for Azure gateways are in the form "az-n". Example: "az-2". Available for Azure as of provider version R2.17+.
    private_ip str
    Private IP address of the gateway created.
    public_dns_server str
    DNS server used by the gateway. Default is "8.8.8.8", can be overridden with the VPC's setting.
    public_subnet_filtering_guard_duty_enforced bool
    Whether to enforce Guard Duty IP blocking. Only valid when enable_public_subnet_filtering attribute is true. Valid values: true or false. Default value: true. Available as of provider version R2.18+.
    public_subnet_filtering_ha_route_tables Sequence[str]
    Route tables whose associated public subnets are protected for the HA PSF gateway. Required when enable_public_subnet_filtering and peering_ha_subnet are set. Available as of provider version R2.18+.
    public_subnet_filtering_route_tables Sequence[str]
    Route tables whose associated public subnets are protected. Only valid when enable_public_subnet_filtering attribute is true. Available as of provider version R2.18+.
    renegotiation_interval int
    It sets the value (seconds) of the renegotiation interval. This renegotiation interval feature is enable only if this attribute is set, otherwise it is disabled. The entered value must be an integer number greater than 300. Available in provider version R2.17.1+.
    rx_queue_size str
    Gateway ethernet interface RX queue size. Once set, can't be deleted or disabled. Available for AWS as of provider version R2.22+.
    saml_enabled bool
    Enable/disable SAML. This field is available in Controller version 3.3 or later release. Valid values: true, false. Default value: false.
    search_domains str
    A list of domain names that will use the NameServer when a specific name is not in the destination when Split Tunnel Mode is enabled.
    security_group_id str
    Security group used for the gateway.
    single_az_ha bool
    If enabled, Controller monitors the health of the gateway and restarts the gateway if it becomes unreachable. Valid values: true, false. Default value: false.
    single_ip_snat bool
    Enable Source NAT in "single ip" mode for this gateway. Valid values: true, false. Default value: false. NOTE: If using SNAT for FQDN use-case, please see notes here.
    software_version str
    The software version of the gateway. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.
    split_tunnel bool
    Enable/disable Split Tunnel Mode. Valid values: true, false. Default value: true. Please see here for more information on split tunnel.
    spot_price str
    Price for spot instance. NOT supported for production deployment.
    subnet str
    A VPC network address range selected from one of the available network ranges. Example: "172.31.0.0/20". NOTE: If using insane_mode, please see notes here.
    tag_lists Sequence[str]
    (Optional) Tag list of the gateway instance. Only available for AWS, AWSGov, AWSChina, Azure, AzureGov and AzureChina gateways. Example: ["key1:value1", "key2:value2"].

    • storage_name (Optional) Specify a storage account. Required if cloud_type is 2048 (AzureChina). Removed in Provider version 2.21.0+.

    Deprecated:Use tags instead.

    tags Mapping[str, str]
    Map of tags to assign to the gateway. Only available for AWS, AWSGov, AWSChina, Azure, AzureGov, AzureChina, AWS Top Secret and AWS Secret gateways. Allowed characters vary by cloud type but always include: letters, spaces, and numbers. AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret allow the use of any character. Azure, AzureGov and AzureChina allows the following special characters: + - = . _ : @. Example: {"key1" = "value1", "key2" = "value2"}.
    tunnel_detection_time int
    The IPSec tunnel down detection time for the Gateway.
    vpc_id str
    VPC ID/VNet name of cloud provider. Example: AWS/AWSGov/AWSChina: "vpc-abcd1234", GCP: "vpc-gcp-test~-~project-id", Azure/AzureGov/AzureChina: "vnet_name:rg_name:resource_guid", OCI: "ocid1.vcn.oc1.iad.aaaaaaaaba3pv6wkcr4jqae5f44n2b2m2yt2j6rx32uzr4h25vqstifsfdsq".
    vpc_reg str
    VPC region the gateway will be created in. Example: AWS: "us-east-1", GCP: "us-west2-a", Azure: "East US 2", OCI: "us-ashburn-1", AzureGov: "USGov Arizona", AWSGov: "us-gov-west-1", AWSChina: "cn-north-1", AzureChina: "China North", AWS Top Secret: "us-iso-east-1", AWS Secret: "us-isob-east-1".
    vpn_access bool
    Enable user access through VPN to this gateway. Valid values: true, false.
    vpn_cidr str
    VPN CIDR block for the gateway. Required if vpn_access is true. Example: "192.168.43.0/24".
    vpn_protocol str
    Transport mode for VPN connection. All cloud_types support TCP with ELB, and UDP without ELB. AWS(1) additionally supports UDP with ELB. Valid values: "TCP", "UDP". If not specified, "TCP" will be used.
    zone str
    Availability Zone. Only available for Azure and Public Subnet Filtering gateway. Available for Azure as of provider version R2.17+.
    accountName String
    Account name. This account will be used to launch Aviatrix gateway.
    additionalCidrs String
    A list of destination CIDR ranges that will also go through the VPN tunnel when Split Tunnel Mode is enabled.
    additionalCidrsDesignatedGateway String
    A list of CIDR ranges separated by comma to configure when "Designated Gateway" feature is enabled. Example: "10.8.0.0/16,10.9.0.0/16,10.10.0.0/16".
    allocateNewEip Boolean
    If set to false, use an available address in Elastic IP pool for this gateway. Otherwise, allocate a new Elastic IP and use it for this gateway. Available in Controller 2.7+. Valid values: true, false. Default: true.
    availabilityDomain String
    Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.
    azureEipNameResourceGroup String
    Name of public IP Address resource and its resource group in Azure to be assigned to the gateway instance. Example: "IP_Name:Resource_Group_Name". Required when allocate_new_eip is false and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.
    cloudInstanceId String
    Cloud instance ID of the gateway.
    cloudType Number
    Cloud service provider to use to launch the gateway. Requires an integer value. Currently supports AWS(1), GCP(4), Azure(8), OCI(16), AzureGov(32), AWSGov(256), AWSChina(1024), AzureChina(2048), Alibaba Cloud (8192), AWS Top Secret (16384) and AWS Secret (32768).
    customerManagedKeys String
    Customer-managed key ID.
    duoApiHostname String
    API hostname for DUO auth mode. Required: Yes if otp_mode is "2".
    duoIntegrationKey String
    Integration key for DUO auth mode. Required if otp_mode is "2".
    duoPushMode String
    Push mode for DUO auth. Required if otp_mode is "2". Valid values: "auto", "selective" and "token".
    duoSecretKey String
    Secret key for DUO auth mode. Required if otp_mode is "2".
    eip String
    Specified EIP to use for gateway creation. Required when allocate_new_eip is false. Available in Controller version 3.5+. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.
    elbDnsName String
    ELB DNS name.
    elbName String
    A name for the ELB that is created. If it is not specified, a name is generated automatically.
    enableDesignatedGateway Boolean
    Enable Designated Gateway feature for Gateway. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false. Please view documentation here for more information on this feature.
    enableElb Boolean
    Specify whether to enable ELB or not. Not supported for OCI gateways. Valid values: true, false.
    enableEncryptVolume Boolean
    Enable EBS volume encryption for the gateway. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.
    enableJumboFrame Boolean
    Enable jumbo frames for this gateway. Default value is true.
    enableLdap Boolean
    Enable/disable LDAP. Valid values: true, false. Default value: false.
    enableMonitorGatewaySubnets Boolean
    If set to true, the Monitor Gateway Subnets feature is enabled. Default value is false. Available in provider version R2.17.1+.
    enablePublicSubnetFiltering Boolean
    Create a Public Subnet Filtering gateway.
    enableSpotInstance Boolean
    Enable spot instance. NOT supported for production deployment.
    enableVpcDnsServer Boolean
    Enable VPC DNS Server for gateway. Currently only supported for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, Alibaba Cloud, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.
    enableVpnNat Boolean
    Enable/disable VPN NAT. Only supported for VPN gateway. Valid values: true, false. Default value: true.
    faultDomain String
    Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.
    fqdnLanCidr String
    If fqdn_lan_cidr is set, the FQDN gateway will be created with an additional LAN interface using the provided CIDR. This attribute is required when enabling FQDN gateway FireNet in Azure or GCP. Available in provider version R2.17.1+.
    fqdnLanInterface String
    The lan interface id of the of FQDN gateway with additional LAN interface. This attribute will be exported when enabling FQDN gateway firenet in Azure. Available in provider version R2.17.1+.
    fqdnLanVpcId String
    FQDN LAN VPC ID. This attribute is required when enabling FQDN gateway FireNet in GCP. Available as of provider version R2.18.1+.
    gwName String
    Name of the Aviatrix gateway to be created.
    gwSize String
    Size of the gateway instance. Example: AWS/AWSGov/AWSChina: "t2.large", GCP: "n1-standard-1", Azure/AzureGov/AzureChina: "Standard_B1s", OCI: "VM.Standard2.2".
    idleTimeout Number
    It sets the value (seconds) of the idle timeout. This idle timeout feature is enable only if this attribute is set, otherwise it is disabled. The entered value must be an integer number greater than 300. Available in provider version R2.17.1+.
    imageVersion String
    The image version of the gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired software_version. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.
    insaneMode Boolean
    Enable Insane Mode for Gateway. Insane Mode gateway size must be at least c5 series (AWS) or Standard_D3_v2 (Azure/AzureGov). If enabled, a valid /26 CIDR segment of the VPC must be specified to create a new subnet. Only supported for AWS, AWSGov, Azure, AzureGov, AWS China, Azure China, AWS Top Secret or AWS Secret. Valid values: true, false.
    insaneModeAz String
    Region + Availability Zone of subnet being created for Insane Mode gateway. Required for AWS, AWSGov, AWS China, AWS Top Secret or AWS Secret if insane_mode is set. Example: AWS: "us-west-1a".
    ldapBaseDn String
    LDAP base DN. Required if enable_ldap is true.
    ldapBindDn String
    LDAP bind DN. Required if enable_ldap is true.
    ldapPassword String
    LDAP password. Required if enable_ldap is true.
    ldapServer String
    LDAP server address. Required if enable_ldap is true.
    ldapUsernameAttribute String
    LDAP user attribute. Required if enable_ldap is true.
    maxVpnConn String
    Maximum number of active VPN users allowed to be connected to this gateway. Required if vpn_access is true. Make sure the number is smaller than the VPN CIDR block. Example: 100. NOTE: Please see notes here in regards to any deltas found in your state with the addition of this argument in R1.14.
    monitorExcludeLists List<String>
    Set of monitored instance ids. Only valid when 'enable_monitor_gateway_subnets' = true. Available in provider version R2.17.1+.
    nameServers String
    A list of DNS servers used to resolve domain names by a connected VPN user when Split Tunnel Mode is enabled.
    oktaToken String
    Token for Okta auth mode. Required if otp_mode is "3".
    oktaUrl String
    URL for Okta auth mode. Required if otp_mode is "3".
    oktaUsernameSuffix String
    Username suffix for Okta auth mode. Example: "aviatrix.com".
    otpMode String
    Two step authentication mode. Valid values: "2" for DUO, "3" for Okta.
    peeringHaAvailabilityDomain String
    Peering HA gateway availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.
    peeringHaAzureEipNameResourceGroup String
    Name of public IP address resource and its resource group in Azure to be assigned to the HA peering instance. Example: "IP_Name:Resource_Group_Name". Required if peering_ha_eip is set and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.
    peeringHaCloudInstanceId String
    Cloud instance ID of the HA gateway.
    peeringHaEip String
    Public IP address to be assigned to the HA peering instance. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.
    peeringHaFaultDomain String
    Peering HA gateway fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.
    peeringHaGwName String
    Aviatrix gateway unique name of HA gateway.
    peeringHaGwSize String
    Size of the Peering HA Gateway to be created. Required if enabling Peering HA. NOTE: Please see notes here in regards to any deltas found in your state with the addition of this argument in R1.8.
    peeringHaImageVersion String
    The image version of the HA gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired ha_software_version. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.
    peeringHaInsaneModeAz String
    Region + Availability Zone of subnet being created for Insane Mode-enabled Peering HA Gateway. Required for AWS only if insane_mode is set and peering_ha_subnet is set. Example: AWS: "us-west-1a".
    peeringHaPrivateIp String
    Private IP address of HA gateway.
    peeringHaSecurityGroupId String
    HA security group used for the gateway.
    peeringHaSoftwareVersion String
    The software version of the HA gateway. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the HA gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.
    peeringHaSubnet String
    Public subnet CIDR to create Peering HA Gateway in. Required if enabling Peering HA for AWS/AWSGov/AWS Top Secret/AWS Secret/Azure/AzureGov/Alibaba Cloud. Optional if enabling Peering HA for GCP. Example: AWS: "10.0.0.0/16".
    peeringHaZone String
    Zone to create Peering HA Gateway in. Required if enabling Peering HA for GCP. Example: GCP: "us-west1-c". Optional for Azure. Valid values for Azure gateways are in the form "az-n". Example: "az-2". Available for Azure as of provider version R2.17+.
    privateIp String
    Private IP address of the gateway created.
    publicDnsServer String
    DNS server used by the gateway. Default is "8.8.8.8", can be overridden with the VPC's setting.
    publicSubnetFilteringGuardDutyEnforced Boolean
    Whether to enforce Guard Duty IP blocking. Only valid when enable_public_subnet_filtering attribute is true. Valid values: true or false. Default value: true. Available as of provider version R2.18+.
    publicSubnetFilteringHaRouteTables List<String>
    Route tables whose associated public subnets are protected for the HA PSF gateway. Required when enable_public_subnet_filtering and peering_ha_subnet are set. Available as of provider version R2.18+.
    publicSubnetFilteringRouteTables List<String>
    Route tables whose associated public subnets are protected. Only valid when enable_public_subnet_filtering attribute is true. Available as of provider version R2.18+.
    renegotiationInterval Number
    It sets the value (seconds) of the renegotiation interval. This renegotiation interval feature is enable only if this attribute is set, otherwise it is disabled. The entered value must be an integer number greater than 300. Available in provider version R2.17.1+.
    rxQueueSize String
    Gateway ethernet interface RX queue size. Once set, can't be deleted or disabled. Available for AWS as of provider version R2.22+.
    samlEnabled Boolean
    Enable/disable SAML. This field is available in Controller version 3.3 or later release. Valid values: true, false. Default value: false.
    searchDomains String
    A list of domain names that will use the NameServer when a specific name is not in the destination when Split Tunnel Mode is enabled.
    securityGroupId String
    Security group used for the gateway.
    singleAzHa Boolean
    If enabled, Controller monitors the health of the gateway and restarts the gateway if it becomes unreachable. Valid values: true, false. Default value: false.
    singleIpSnat Boolean
    Enable Source NAT in "single ip" mode for this gateway. Valid values: true, false. Default value: false. NOTE: If using SNAT for FQDN use-case, please see notes here.
    softwareVersion String
    The software version of the gateway. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.
    splitTunnel Boolean
    Enable/disable Split Tunnel Mode. Valid values: true, false. Default value: true. Please see here for more information on split tunnel.
    spotPrice String
    Price for spot instance. NOT supported for production deployment.
    subnet String
    A VPC network address range selected from one of the available network ranges. Example: "172.31.0.0/20". NOTE: If using insane_mode, please see notes here.
    tagLists List<String>
    (Optional) Tag list of the gateway instance. Only available for AWS, AWSGov, AWSChina, Azure, AzureGov and AzureChina gateways. Example: ["key1:value1", "key2:value2"].

    • storage_name (Optional) Specify a storage account. Required if cloud_type is 2048 (AzureChina). Removed in Provider version 2.21.0+.

    Deprecated:Use tags instead.

    tags Map<String>
    Map of tags to assign to the gateway. Only available for AWS, AWSGov, AWSChina, Azure, AzureGov, AzureChina, AWS Top Secret and AWS Secret gateways. Allowed characters vary by cloud type but always include: letters, spaces, and numbers. AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret allow the use of any character. Azure, AzureGov and AzureChina allows the following special characters: + - = . _ : @. Example: {"key1" = "value1", "key2" = "value2"}.
    tunnelDetectionTime Number
    The IPSec tunnel down detection time for the Gateway.
    vpcId String
    VPC ID/VNet name of cloud provider. Example: AWS/AWSGov/AWSChina: "vpc-abcd1234", GCP: "vpc-gcp-test~-~project-id", Azure/AzureGov/AzureChina: "vnet_name:rg_name:resource_guid", OCI: "ocid1.vcn.oc1.iad.aaaaaaaaba3pv6wkcr4jqae5f44n2b2m2yt2j6rx32uzr4h25vqstifsfdsq".
    vpcReg String
    VPC region the gateway will be created in. Example: AWS: "us-east-1", GCP: "us-west2-a", Azure: "East US 2", OCI: "us-ashburn-1", AzureGov: "USGov Arizona", AWSGov: "us-gov-west-1", AWSChina: "cn-north-1", AzureChina: "China North", AWS Top Secret: "us-iso-east-1", AWS Secret: "us-isob-east-1".
    vpnAccess Boolean
    Enable user access through VPN to this gateway. Valid values: true, false.
    vpnCidr String
    VPN CIDR block for the gateway. Required if vpn_access is true. Example: "192.168.43.0/24".
    vpnProtocol String
    Transport mode for VPN connection. All cloud_types support TCP with ELB, and UDP without ELB. AWS(1) additionally supports UDP with ELB. Valid values: "TCP", "UDP". If not specified, "TCP" will be used.
    zone String
    Availability Zone. Only available for Azure and Public Subnet Filtering gateway. Available for Azure as of provider version R2.17+.

    Package Details

    Repository
    aviatrix astipkovits/pulumi-aviatrix
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the aviatrix Terraform Provider.
    aviatrix logo
    Aviatrix v0.0.11 published on Saturday, Jun 17, 2023 by Aviatrix