aviatrix.AviatrixTransitGateway

Explore with Pulumi AI

Import

transit_gateway can be imported using the gw_name, e.g.

 $ pulumi import aviatrix:index/aviatrixTransitGateway:AviatrixTransitGateway test gw_name

Create AviatrixTransitGateway Resource

new AviatrixTransitGateway(name: string, args: AviatrixTransitGatewayArgs, opts?: CustomResourceOptions);
@overload
def AviatrixTransitGateway(resource_name: str,
                           opts: Optional[ResourceOptions] = None,
                           account_name: Optional[str] = None,
                           allocate_new_eip: Optional[bool] = None,
                           approved_learned_cidrs: Optional[Sequence[str]] = None,
                           availability_domain: Optional[str] = None,
                           azure_eip_name_resource_group: Optional[str] = None,
                           bgp_ecmp: Optional[bool] = None,
                           bgp_hold_time: Optional[int] = None,
                           bgp_lan_interfaces: Optional[Sequence[AviatrixTransitGatewayBgpLanInterfaceArgs]] = None,
                           bgp_lan_interfaces_count: Optional[int] = None,
                           bgp_manual_spoke_advertise_cidrs: Optional[str] = None,
                           bgp_polling_time: Optional[str] = None,
                           cloud_type: Optional[int] = None,
                           connected_transit: Optional[bool] = None,
                           customer_managed_keys: Optional[str] = None,
                           customized_spoke_vpc_routes: Optional[str] = None,
                           customized_transit_vpc_routes: Optional[Sequence[str]] = None,
                           eip: Optional[str] = None,
                           enable_active_standby: Optional[bool] = None,
                           enable_active_standby_preemptive: Optional[bool] = None,
                           enable_advertise_transit_cidr: Optional[bool] = None,
                           enable_bgp_over_lan: Optional[bool] = None,
                           enable_egress_transit_firenet: Optional[bool] = None,
                           enable_encrypt_volume: Optional[bool] = None,
                           enable_firenet: Optional[bool] = None,
                           enable_gateway_load_balancer: Optional[bool] = None,
                           enable_hybrid_connection: Optional[bool] = None,
                           enable_jumbo_frame: Optional[bool] = None,
                           enable_learned_cidrs_approval: Optional[bool] = None,
                           enable_monitor_gateway_subnets: Optional[bool] = None,
                           enable_multi_tier_transit: Optional[bool] = None,
                           enable_preserve_as_path: Optional[bool] = None,
                           enable_private_oob: Optional[bool] = None,
                           enable_s2c_rx_balancing: Optional[bool] = None,
                           enable_segmentation: Optional[bool] = None,
                           enable_spot_instance: Optional[bool] = None,
                           enable_transit_firenet: Optional[bool] = None,
                           enable_transit_summarize_cidr_to_tgw: Optional[bool] = None,
                           enable_vpc_dns_server: Optional[bool] = None,
                           excluded_advertised_spoke_routes: Optional[str] = None,
                           fault_domain: Optional[str] = None,
                           filtered_spoke_vpc_routes: Optional[str] = None,
                           gw_name: Optional[str] = None,
                           gw_size: Optional[str] = None,
                           ha_availability_domain: Optional[str] = None,
                           ha_azure_eip_name_resource_group: Optional[str] = None,
                           ha_bgp_lan_interfaces: Optional[Sequence[AviatrixTransitGatewayHaBgpLanInterfaceArgs]] = None,
                           ha_eip: Optional[str] = None,
                           ha_fault_domain: Optional[str] = None,
                           ha_gw_size: Optional[str] = None,
                           ha_image_version: Optional[str] = None,
                           ha_insane_mode_az: Optional[str] = None,
                           ha_oob_availability_zone: Optional[str] = None,
                           ha_oob_management_subnet: Optional[str] = None,
                           ha_private_mode_subnet_zone: Optional[str] = None,
                           ha_software_version: Optional[str] = None,
                           ha_subnet: Optional[str] = None,
                           ha_zone: Optional[str] = None,
                           image_version: Optional[str] = None,
                           insane_mode: Optional[bool] = None,
                           insane_mode_az: Optional[str] = None,
                           lan_private_subnet: Optional[str] = None,
                           lan_vpc_id: Optional[str] = None,
                           learned_cidrs_approval_mode: Optional[str] = None,
                           local_as_number: Optional[str] = None,
                           monitor_exclude_lists: Optional[Sequence[str]] = None,
                           oob_availability_zone: Optional[str] = None,
                           oob_management_subnet: Optional[str] = None,
                           prepend_as_paths: Optional[Sequence[str]] = None,
                           private_mode_lb_vpc_id: Optional[str] = None,
                           private_mode_subnet_zone: Optional[str] = None,
                           rx_queue_size: Optional[str] = None,
                           single_az_ha: Optional[bool] = None,
                           single_ip_snat: Optional[bool] = None,
                           software_version: Optional[str] = None,
                           spot_price: Optional[str] = None,
                           subnet: Optional[str] = None,
                           tag_lists: Optional[Sequence[str]] = None,
                           tags: Optional[Mapping[str, str]] = None,
                           tunnel_detection_time: Optional[int] = None,
                           vpc_id: Optional[str] = None,
                           vpc_reg: Optional[str] = None,
                           zone: Optional[str] = None)
@overload
def AviatrixTransitGateway(resource_name: str,
                           args: AviatrixTransitGatewayArgs,
                           opts: Optional[ResourceOptions] = None)
func NewAviatrixTransitGateway(ctx *Context, name string, args AviatrixTransitGatewayArgs, opts ...ResourceOption) (*AviatrixTransitGateway, error)
public AviatrixTransitGateway(string name, AviatrixTransitGatewayArgs args, CustomResourceOptions? opts = null)
public AviatrixTransitGateway(String name, AviatrixTransitGatewayArgs args)
public AviatrixTransitGateway(String name, AviatrixTransitGatewayArgs args, CustomResourceOptions options)
type: aviatrix:AviatrixTransitGateway
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args AviatrixTransitGatewayArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args AviatrixTransitGatewayArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args AviatrixTransitGatewayArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args AviatrixTransitGatewayArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args AviatrixTransitGatewayArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

AviatrixTransitGateway Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The AviatrixTransitGateway resource accepts the following input properties:

AccountName string

This parameter represents the name of a Cloud-Account in Aviatrix controller.

CloudType int

Type of cloud service provider, requires an integer value. Currently only AWS(1), GCP(4), Azure(8), OCI(16), AzureGov(32), AWSGov(256), AWSChina(1024), AzureChina(2048), Alibaba Cloud(8192), AWS Top Secret(16384) and AWS Secret (32768) are supported.

GwName string

Name of the gateway which is going to be created.

GwSize string

Size of the gateway instance. Example: AWS: "t2.large", Azure/AzureGov: "Standard_B1s", OCI: "VM.Standard2.2", GCP: "n1-standard-1", AWSGov: "t2.large", AWSChina: "t2.large", AzureChina: "Standard_A0".

Subnet string

A VPC Network address range selected from one of the available network ranges.

VpcId string

VPC-ID/VNet-Name of cloud provider.

VpcReg string

Region of cloud provider. Example: AWS: "us-east-1", GCP: "us-west2-a", Azure: "East US 2", OCI: "us-ashburn-1", AzureGov: "USGov Arizona", AWSGov: "us-gov-west-1", AWSChina: "cn-north-1", AzureChina: "China North", AWS Top Secret: "us-iso-east-1", AWS Secret: "us-isob-east-1".

AllocateNewEip bool

When value is false, reuse an idle address in Elastic IP pool for this gateway. Otherwise, allocate a new Elastic IP and use it for this gateway. Available in Controller 4.7+. Valid values: true, false. Default: true.

ApprovedLearnedCidrs List<string>

A set of approved learned CIDRs. Only valid when enable_learned_cidrs_approval is set to true. Example: ["10.250.0.0/16", "10.251.0.0/16"]. Available as of provider version R2.21+.

AvailabilityDomain string

Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

AzureEipNameResourceGroup string

Name of public IP Address resource and its resource group in Azure to be assigned to the Transit Gateway instance. Example: "IP_Name:Resource_Group_Name". Required if allocate_new_eip is false and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.

BgpEcmp bool

Enable Equal Cost Multi Path (ECMP) routing for the next hop. Default value: false.

BgpHoldTime int

BGP hold time. Unit is in seconds. Valid values are between 12 and 360. Default value: 180.

BgpLanInterfaces List<AviatrixTransitGatewayBgpLanInterfaceArgs>

Interfaces to run BGP protocol on top of the ethernet interface, to connect to the onprem/remote peer. Only available for GCP Transit. Each interface has the following attributes:

BgpLanInterfacesCount int

Number of interfaces that will be created for BGP over LAN enabled Azure transit. Valid value: 1~5 for FireNet case, 1~7 for Non-FireNet case. Default value: 1. Available as of provider version R2.22+.

BgpManualSpokeAdvertiseCidrs string

Intended CIDR list to be advertised to external BGP router. Example: "10.2.0.0/16,10.4.0.0/16". Available as of R2.6. NOTE: If previously enabled through vgw_conn resource prior to provider version R2.6, please see notes here.

BgpPollingTime string

BGP route polling time. Unit is in seconds. Valid values are between 10 and 50. Default value: "50".

ConnectedTransit bool

Specify Connected Transit status. If enabled, it allows spokes to run traffics to other spokes via transit gateway. Valid values: true, false. Default value: false.

CustomerManagedKeys string

Customer managed key ID.

CustomizedSpokeVpcRoutes string

A list of comma-separated CIDRs to be customized for the spoke VPC routes. When configured, it will replace all learned routes in VPC routing tables, including RFC1918 and non-RFC1918 CIDRs. It applies to all spoke gateways attached to this transit gateway. Example: "10.0.0.0/16,10.2.0.0/16".

CustomizedTransitVpcRoutes List<string>

A list of CIDRs to be customized for the transit VPC routes. When configured, it will replace all learned routes in VPC routing tables, including RFC1918 and non-RFC1918 CIDRs. To be effective, enable_advertise_transit_cidr or firewall management access for a Transit FireNet gateway must be enabled. Example: ["10.0.0.0/16", "10.2.0.0/16"].

Eip string

Required when allocate_new_eip is false. It uses the specified EIP for this gateway. Available in Controller version 4.7+. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.

EnableActiveStandby bool

Enables Active-Standby Mode. Available only with HA enabled. Valid values: true, false. Default value: false. Available in provider version R2.17.1+.

EnableActiveStandbyPreemptive bool

Enables Preemptive Mode for Active-Standby. Available only with BGP enabled, HA enabled and Active-Standby enabled. Valid values: true, false. Default value: false.

EnableAdvertiseTransitCidr bool

Switch to enable/disable advertise transit VPC network CIDR for a VGW connection. Available as of R2.6. NOTE: If previously enabled through vgw_conn resource prior to provider version R2.6, please see notes here.

EnableBgpOverLan bool

Pre-allocate a network interface(eth4) for "BGP over LAN" functionality. Must be enabled to create a BGP over LAN aviatrix.AviatrixTransitExternalDeviceConn resource with this Transit Gateway. Only valid for GCP (4), Azure (8), AzureGov (32) or AzureChina (2048). Valid values: true or false. Default value: false. Available as of provider version R2.18+.

EnableEgressTransitFirenet bool

Enable Egress Transit FireNet. Valid values: true, false. Default value: false. Available in provider version R2.16.3+.

EnableEncryptVolume bool

Enable EBS volume encryption for Gateway. Only supports AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret. Valid values: true, false. Default value: false.

EnableFirenet bool

Set to true to use gateway for legacy AWS TGW-based FireNet connection. Valid values: true, false. Default value: false. NOTE: If previously using an older provider version R2.5 where attribute name was enable_firenet_interfaces, please see notes here.

EnableGatewayLoadBalancer bool

Enable FireNet interfaces with AWS Gateway Load Balancer. Only valid when enable_firenet or enable_transit_firenet are set to true and cloud_type = 1 (AWS). Currently, AWS Gateway Load Balancer is only supported in AWS regions: us-west-2, us-east-1, eu-west-1, ap-southeast-2 and sa-east-1. Valid values: true or false. Default value: false. Available as of provider version R2.18+.

EnableHybridConnection bool

Sign of readiness for AWS TGW connection. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret. Example: false.

EnableJumboFrame bool

Enable jumbo frames for this transit gateway. Default value is true.

EnableLearnedCidrsApproval bool

Switch to enable/disable encrypted transit approval for transit gateway. Valid values: true, false. Default value: false.

EnableMonitorGatewaySubnets bool

If set to true, the Monitor Gateway Subnets feature is enabled. Default value is false. Available in provider version R2.18+.

EnableMultiTierTransit bool

Enable Multi-tier Transit mode on transit gateway. When enabled, transit gateway will propagate routes it receives from its transit peering peer to other transit peering peers. local_as_number is required. Default value: false. Available as of provider version R2.19+.

EnablePreserveAsPath bool

Enable preserve as_path when advertising manual summary cidrs on transit gateway. Valid values: true, false. Default value: false. Available as of provider version R.2.22.1+ },

EnablePrivateOob bool

Enable Private OOB feature. Only available for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret. Valid values: true, false. Default value: false.

EnableS2cRxBalancing bool

Enable S2C receive packet CPU re-balancing on transit gateway. Valid values: true, false. Default value: false. Available in provider version R2.21.2+.

EnableSegmentation bool

Enable transit gateway for segmentation. Valid values: true, false. Default: false.

EnableSpotInstance bool

Enable spot instance. NOT supported for production deployment.

EnableTransitFirenet bool

Set to true to use gateway for Transit FireNet connection. Valid values: true, false. Default value: false. Available in provider version R2.12+.

EnableTransitSummarizeCidrToTgw bool

Enable summarize CIDR to TGW. Valid values: true, false. Default value: false.

EnableVpcDnsServer bool

Enable VPC DNS Server for Gateway. Currently only supported for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, Alibaba Cloud, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.

ExcludedAdvertisedSpokeRoutes string

A list of comma-separated CIDRs to be advertised to on-prem as 'Excluded CIDR List'. When configured, it inspects all the advertised CIDRs from its spoke gateways and remove those included in the 'Excluded CIDR List'. Example: "10.4.0.0/16,10.5.0.0/16".

FaultDomain string

Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

FilteredSpokeVpcRoutes string

A list of comma-separated CIDRs to be filtered from the spoke VPC route table. When configured, filtering CIDR(s) or it’s subnet will be deleted from VPC routing tables as well as from spoke gateway’s routing table. It applies to all spoke gateways attached to this transit gateway. Example: "10.2.0.0/16,10.3.0.0/16".

HaAvailabilityDomain string

HA gateway availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

HaAzureEipNameResourceGroup string

Name of public IP Address resource and its resource group in Azure to be assigned to the HA Transit Gateway instance. Example: "IP_Name:Resource_Group_Name". Required if ha_eip is set and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.

HaBgpLanInterfaces List<AviatrixTransitGatewayHaBgpLanInterfaceArgs>

Interfaces to run BGP protocol on top of the ethernet interface, to connect to the onprem/remote peer. Only available for GCP Transit HA. Each interface has the following attributes:

HaEip string

Public IP address that you want to assign to the HA peering instance. If no value is given, a new EIP will automatically be allocated. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.

HaFaultDomain string

HA gateway fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

HaGwSize string

HA Gateway Size. Mandatory if enabling HA. Example: "t2.micro".

HaImageVersion string

The image version of the HA gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired ha_software_version. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.

HaInsaneModeAz string

AZ of subnet being created for Insane Mode Transit HA Gateway. Required for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret if insane_mode is enabled and ha_subnet is set. Example: AWS: "us-west-1a".

HaOobAvailabilityZone string

HA OOB availability zone. Required if enabling Private OOB and HA. Example: "us-west-1b".

HaOobManagementSubnet string

HA OOB management subnet. Required if enabling Private OOB and HA. Example: "11.0.0.48/28".

HaPrivateModeSubnetZone string

Availability Zone of the HA subnet. Required when Private Mode is enabled on the Controller and cloud_type is AWS or AWSGov with HA. Available in Provider version R2.23+.

HaSoftwareVersion string

The software version of the HA gateway. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the HA gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.

HaSubnet string

HA Subnet CIDR. Required only if enabling HA for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, OCI, Alibaba Cloud, AWS Top Secret or AWS Secret gateways. Optional for GCP. Setting to empty/unsetting will disable HA. Setting to a valid subnet CIDR will create an HA gateway on the subnet. Example: "10.12.0.0/24".

HaZone string

HA Zone. Required if enabling HA for GCP gateway. Optional if enabling HA for Azure gateway. For GCP, setting to empty/unsetting will disable HA and setting to a valid zone will create an HA gateway in the zone. Example: "us-west1-c". For Azure, this is an optional parameter to place the HA gateway in a specific availability zone. Valid values for Azure gateways are in the form "az-n". Example: "az-2". Available for Azure as of provider version R2.17+.

ImageVersion string

The image version of the gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired software_version. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.

InsaneMode bool

Specify true for Insane Mode high performance gateway. Insane Mode gateway size must be at least c5 size (AWS, AWSGov, AWS China, AWS Top Secret and AWS Secret) or Standard_D3_v2 (Azure and AzureGov); for GCP only four size are supported: "n1-highcpu-4", "n1-highcpu-8", "n1-highcpu-16" and "n1-highcpu-32". If enabled, you must specify a valid /26 CIDR segment of the VPC to create a new subnet for AWS, Azure, AzureGov, AWSGov, AWS Top Secret and AWS Secret. Only available for AWS, GCP/OCI, Azure, AzureGov, AzureChina, AWSGov, AWS Top Secret and AWS Secret. Valid values: true, false. Default value: false.

InsaneModeAz string

AZ of subnet being created for Insane Mode Transit Gateway. Required for AWS, AWSGov, AWS China, AWS Top Secret or AWS Secret if insane_mode is enabled. Example: AWS: "us-west-1a".

LanPrivateSubnet string

LAN Private Subnet. Only valid when enabling Transit FireNet on GCP. Available as of provider version R2.18.1+.

LanVpcId string

LAN VPC ID. Only valid when enabling Transit FireNet on GCP. Available as of provider version R2.18.1+.

LearnedCidrsApprovalMode string

Learned CIDRs approval mode. Either "gateway" (approval on a per gateway basis) or "connection" (approval on a per connection basis). Default value: "gateway". Available as of provider version R2.18+.

LocalAsNumber string

Changes the Aviatrix Transit Gateway ASN number before you setup Aviatrix Transit Gateway connection configurations.

MonitorExcludeLists List<string>

Set of monitored instance ids. Only valid when 'enable_monitor_gateway_subnets' = true. Available in provider version R2.18+.

OobAvailabilityZone string

OOB availability zone. Required if enabling Private OOB. Example: "us-west-1a".

OobManagementSubnet string

OOB management subnet. Required if enabling Private OOB. Example: "11.0.2.0/24".

PrependAsPaths List<string>

List of AS numbers to populate BGP AP_PATH field when it advertises to VGW or peer devices.

PrivateModeLbVpcId string

VPC ID of Private Mode load balancer. Required when Private Mode is enabled on the Controller. Available in Provider version R2.23+.

PrivateModeSubnetZone string

Availability Zone of the subnet. Required when Private Mode is enabled on the Controller and cloud_type is AWS or AWSGov. Available in Provider version R2.23+.

RxQueueSize string

Gateway ethernet interface RX queue size. Once set, can't be deleted or disabled. Available for AWS as of provider version R2.22+.

SingleAzHa bool

Set to true if this feature is desired. Valid values: true, false.

SingleIpSnat bool

Enable "single_ip" mode Source NAT for this container. Valid values: true, false. NOTE: Please see notes here in regards to changes to this argument in R2.10.

SoftwareVersion string

The software version of the gateway. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.

SpotPrice string

Price for spot instance. NOT supported for production deployment.

TagLists List<string>

(Optional) Instance tag of cloud provider. Only supported for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina. Example: ["key1:value1","key2:value2"].

Deprecated:

Use tags instead.

Tags Dictionary<string, string>

Map of tags to assign to the gateway. Only available for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret gateways. Allowed characters vary by cloud type but always include: letters, spaces, and numbers. AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret allow the use of any character. Azure, AzureGov and AzureChina allows the following special characters: + - = . _ : @. Example: {"key1" = "value1", "key2" = "value2"}.

TunnelDetectionTime int

The IPSec tunnel down detection time for the transit gateway.

Zone string

Availability Zone. Only available for cloud_type = 8 (Azure). Must be in the form 'az-n', for example, 'az-2'. Available in provider version R2.17+.

AccountName string

This parameter represents the name of a Cloud-Account in Aviatrix controller.

CloudType int

Type of cloud service provider, requires an integer value. Currently only AWS(1), GCP(4), Azure(8), OCI(16), AzureGov(32), AWSGov(256), AWSChina(1024), AzureChina(2048), Alibaba Cloud(8192), AWS Top Secret(16384) and AWS Secret (32768) are supported.

GwName string

Name of the gateway which is going to be created.

GwSize string

Size of the gateway instance. Example: AWS: "t2.large", Azure/AzureGov: "Standard_B1s", OCI: "VM.Standard2.2", GCP: "n1-standard-1", AWSGov: "t2.large", AWSChina: "t2.large", AzureChina: "Standard_A0".

Subnet string

A VPC Network address range selected from one of the available network ranges.

VpcId string

VPC-ID/VNet-Name of cloud provider.

VpcReg string

Region of cloud provider. Example: AWS: "us-east-1", GCP: "us-west2-a", Azure: "East US 2", OCI: "us-ashburn-1", AzureGov: "USGov Arizona", AWSGov: "us-gov-west-1", AWSChina: "cn-north-1", AzureChina: "China North", AWS Top Secret: "us-iso-east-1", AWS Secret: "us-isob-east-1".

AllocateNewEip bool

When value is false, reuse an idle address in Elastic IP pool for this gateway. Otherwise, allocate a new Elastic IP and use it for this gateway. Available in Controller 4.7+. Valid values: true, false. Default: true.

ApprovedLearnedCidrs []string

A set of approved learned CIDRs. Only valid when enable_learned_cidrs_approval is set to true. Example: ["10.250.0.0/16", "10.251.0.0/16"]. Available as of provider version R2.21+.

AvailabilityDomain string

Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

AzureEipNameResourceGroup string

Name of public IP Address resource and its resource group in Azure to be assigned to the Transit Gateway instance. Example: "IP_Name:Resource_Group_Name". Required if allocate_new_eip is false and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.

BgpEcmp bool

Enable Equal Cost Multi Path (ECMP) routing for the next hop. Default value: false.

BgpHoldTime int

BGP hold time. Unit is in seconds. Valid values are between 12 and 360. Default value: 180.

BgpLanInterfaces []AviatrixTransitGatewayBgpLanInterfaceArgs

Interfaces to run BGP protocol on top of the ethernet interface, to connect to the onprem/remote peer. Only available for GCP Transit. Each interface has the following attributes:

BgpLanInterfacesCount int

Number of interfaces that will be created for BGP over LAN enabled Azure transit. Valid value: 1~5 for FireNet case, 1~7 for Non-FireNet case. Default value: 1. Available as of provider version R2.22+.

BgpManualSpokeAdvertiseCidrs string

Intended CIDR list to be advertised to external BGP router. Example: "10.2.0.0/16,10.4.0.0/16". Available as of R2.6. NOTE: If previously enabled through vgw_conn resource prior to provider version R2.6, please see notes here.

BgpPollingTime string

BGP route polling time. Unit is in seconds. Valid values are between 10 and 50. Default value: "50".

ConnectedTransit bool

Specify Connected Transit status. If enabled, it allows spokes to run traffics to other spokes via transit gateway. Valid values: true, false. Default value: false.

CustomerManagedKeys string

Customer managed key ID.

CustomizedSpokeVpcRoutes string

A list of comma-separated CIDRs to be customized for the spoke VPC routes. When configured, it will replace all learned routes in VPC routing tables, including RFC1918 and non-RFC1918 CIDRs. It applies to all spoke gateways attached to this transit gateway. Example: "10.0.0.0/16,10.2.0.0/16".

CustomizedTransitVpcRoutes []string

A list of CIDRs to be customized for the transit VPC routes. When configured, it will replace all learned routes in VPC routing tables, including RFC1918 and non-RFC1918 CIDRs. To be effective, enable_advertise_transit_cidr or firewall management access for a Transit FireNet gateway must be enabled. Example: ["10.0.0.0/16", "10.2.0.0/16"].

Eip string

Required when allocate_new_eip is false. It uses the specified EIP for this gateway. Available in Controller version 4.7+. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.

EnableActiveStandby bool

Enables Active-Standby Mode. Available only with HA enabled. Valid values: true, false. Default value: false. Available in provider version R2.17.1+.

EnableActiveStandbyPreemptive bool

Enables Preemptive Mode for Active-Standby. Available only with BGP enabled, HA enabled and Active-Standby enabled. Valid values: true, false. Default value: false.

EnableAdvertiseTransitCidr bool

Switch to enable/disable advertise transit VPC network CIDR for a VGW connection. Available as of R2.6. NOTE: If previously enabled through vgw_conn resource prior to provider version R2.6, please see notes here.

EnableBgpOverLan bool

Pre-allocate a network interface(eth4) for "BGP over LAN" functionality. Must be enabled to create a BGP over LAN aviatrix.AviatrixTransitExternalDeviceConn resource with this Transit Gateway. Only valid for GCP (4), Azure (8), AzureGov (32) or AzureChina (2048). Valid values: true or false. Default value: false. Available as of provider version R2.18+.

EnableEgressTransitFirenet bool

Enable Egress Transit FireNet. Valid values: true, false. Default value: false. Available in provider version R2.16.3+.

EnableEncryptVolume bool

Enable EBS volume encryption for Gateway. Only supports AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret. Valid values: true, false. Default value: false.

EnableFirenet bool

Set to true to use gateway for legacy AWS TGW-based FireNet connection. Valid values: true, false. Default value: false. NOTE: If previously using an older provider version R2.5 where attribute name was enable_firenet_interfaces, please see notes here.

EnableGatewayLoadBalancer bool

Enable FireNet interfaces with AWS Gateway Load Balancer. Only valid when enable_firenet or enable_transit_firenet are set to true and cloud_type = 1 (AWS). Currently, AWS Gateway Load Balancer is only supported in AWS regions: us-west-2, us-east-1, eu-west-1, ap-southeast-2 and sa-east-1. Valid values: true or false. Default value: false. Available as of provider version R2.18+.

EnableHybridConnection bool

Sign of readiness for AWS TGW connection. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret. Example: false.

EnableJumboFrame bool

Enable jumbo frames for this transit gateway. Default value is true.

EnableLearnedCidrsApproval bool

Switch to enable/disable encrypted transit approval for transit gateway. Valid values: true, false. Default value: false.

EnableMonitorGatewaySubnets bool

If set to true, the Monitor Gateway Subnets feature is enabled. Default value is false. Available in provider version R2.18+.

EnableMultiTierTransit bool

Enable Multi-tier Transit mode on transit gateway. When enabled, transit gateway will propagate routes it receives from its transit peering peer to other transit peering peers. local_as_number is required. Default value: false. Available as of provider version R2.19+.

EnablePreserveAsPath bool

Enable preserve as_path when advertising manual summary cidrs on transit gateway. Valid values: true, false. Default value: false. Available as of provider version R.2.22.1+ },

EnablePrivateOob bool

Enable Private OOB feature. Only available for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret. Valid values: true, false. Default value: false.

EnableS2cRxBalancing bool

Enable S2C receive packet CPU re-balancing on transit gateway. Valid values: true, false. Default value: false. Available in provider version R2.21.2+.

EnableSegmentation bool

Enable transit gateway for segmentation. Valid values: true, false. Default: false.

EnableSpotInstance bool

Enable spot instance. NOT supported for production deployment.

EnableTransitFirenet bool

Set to true to use gateway for Transit FireNet connection. Valid values: true, false. Default value: false. Available in provider version R2.12+.

EnableTransitSummarizeCidrToTgw bool

Enable summarize CIDR to TGW. Valid values: true, false. Default value: false.

EnableVpcDnsServer bool

Enable VPC DNS Server for Gateway. Currently only supported for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, Alibaba Cloud, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.

ExcludedAdvertisedSpokeRoutes string

A list of comma-separated CIDRs to be advertised to on-prem as 'Excluded CIDR List'. When configured, it inspects all the advertised CIDRs from its spoke gateways and remove those included in the 'Excluded CIDR List'. Example: "10.4.0.0/16,10.5.0.0/16".

FaultDomain string

Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

FilteredSpokeVpcRoutes string

A list of comma-separated CIDRs to be filtered from the spoke VPC route table. When configured, filtering CIDR(s) or it’s subnet will be deleted from VPC routing tables as well as from spoke gateway’s routing table. It applies to all spoke gateways attached to this transit gateway. Example: "10.2.0.0/16,10.3.0.0/16".

HaAvailabilityDomain string

HA gateway availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

HaAzureEipNameResourceGroup string

Name of public IP Address resource and its resource group in Azure to be assigned to the HA Transit Gateway instance. Example: "IP_Name:Resource_Group_Name". Required if ha_eip is set and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.

HaBgpLanInterfaces []AviatrixTransitGatewayHaBgpLanInterfaceArgs

Interfaces to run BGP protocol on top of the ethernet interface, to connect to the onprem/remote peer. Only available for GCP Transit HA. Each interface has the following attributes:

HaEip string

Public IP address that you want to assign to the HA peering instance. If no value is given, a new EIP will automatically be allocated. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.

HaFaultDomain string

HA gateway fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

HaGwSize string

HA Gateway Size. Mandatory if enabling HA. Example: "t2.micro".

HaImageVersion string

The image version of the HA gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired ha_software_version. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.

HaInsaneModeAz string

AZ of subnet being created for Insane Mode Transit HA Gateway. Required for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret if insane_mode is enabled and ha_subnet is set. Example: AWS: "us-west-1a".

HaOobAvailabilityZone string

HA OOB availability zone. Required if enabling Private OOB and HA. Example: "us-west-1b".

HaOobManagementSubnet string

HA OOB management subnet. Required if enabling Private OOB and HA. Example: "11.0.0.48/28".

HaPrivateModeSubnetZone string

Availability Zone of the HA subnet. Required when Private Mode is enabled on the Controller and cloud_type is AWS or AWSGov with HA. Available in Provider version R2.23+.

HaSoftwareVersion string

The software version of the HA gateway. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the HA gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.

HaSubnet string

HA Subnet CIDR. Required only if enabling HA for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, OCI, Alibaba Cloud, AWS Top Secret or AWS Secret gateways. Optional for GCP. Setting to empty/unsetting will disable HA. Setting to a valid subnet CIDR will create an HA gateway on the subnet. Example: "10.12.0.0/24".

HaZone string

HA Zone. Required if enabling HA for GCP gateway. Optional if enabling HA for Azure gateway. For GCP, setting to empty/unsetting will disable HA and setting to a valid zone will create an HA gateway in the zone. Example: "us-west1-c". For Azure, this is an optional parameter to place the HA gateway in a specific availability zone. Valid values for Azure gateways are in the form "az-n". Example: "az-2". Available for Azure as of provider version R2.17+.

ImageVersion string

The image version of the gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired software_version. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.

InsaneMode bool

Specify true for Insane Mode high performance gateway. Insane Mode gateway size must be at least c5 size (AWS, AWSGov, AWS China, AWS Top Secret and AWS Secret) or Standard_D3_v2 (Azure and AzureGov); for GCP only four size are supported: "n1-highcpu-4", "n1-highcpu-8", "n1-highcpu-16" and "n1-highcpu-32". If enabled, you must specify a valid /26 CIDR segment of the VPC to create a new subnet for AWS, Azure, AzureGov, AWSGov, AWS Top Secret and AWS Secret. Only available for AWS, GCP/OCI, Azure, AzureGov, AzureChina, AWSGov, AWS Top Secret and AWS Secret. Valid values: true, false. Default value: false.

InsaneModeAz string

AZ of subnet being created for Insane Mode Transit Gateway. Required for AWS, AWSGov, AWS China, AWS Top Secret or AWS Secret if insane_mode is enabled. Example: AWS: "us-west-1a".

LanPrivateSubnet string

LAN Private Subnet. Only valid when enabling Transit FireNet on GCP. Available as of provider version R2.18.1+.

LanVpcId string

LAN VPC ID. Only valid when enabling Transit FireNet on GCP. Available as of provider version R2.18.1+.

LearnedCidrsApprovalMode string

Learned CIDRs approval mode. Either "gateway" (approval on a per gateway basis) or "connection" (approval on a per connection basis). Default value: "gateway". Available as of provider version R2.18+.

LocalAsNumber string

Changes the Aviatrix Transit Gateway ASN number before you setup Aviatrix Transit Gateway connection configurations.

MonitorExcludeLists []string

Set of monitored instance ids. Only valid when 'enable_monitor_gateway_subnets' = true. Available in provider version R2.18+.

OobAvailabilityZone string

OOB availability zone. Required if enabling Private OOB. Example: "us-west-1a".

OobManagementSubnet string

OOB management subnet. Required if enabling Private OOB. Example: "11.0.2.0/24".

PrependAsPaths []string

List of AS numbers to populate BGP AP_PATH field when it advertises to VGW or peer devices.

PrivateModeLbVpcId string

VPC ID of Private Mode load balancer. Required when Private Mode is enabled on the Controller. Available in Provider version R2.23+.

PrivateModeSubnetZone string

Availability Zone of the subnet. Required when Private Mode is enabled on the Controller and cloud_type is AWS or AWSGov. Available in Provider version R2.23+.

RxQueueSize string

Gateway ethernet interface RX queue size. Once set, can't be deleted or disabled. Available for AWS as of provider version R2.22+.

SingleAzHa bool

Set to true if this feature is desired. Valid values: true, false.

SingleIpSnat bool

Enable "single_ip" mode Source NAT for this container. Valid values: true, false. NOTE: Please see notes here in regards to changes to this argument in R2.10.

SoftwareVersion string

The software version of the gateway. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.

SpotPrice string

Price for spot instance. NOT supported for production deployment.

TagLists []string

(Optional) Instance tag of cloud provider. Only supported for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina. Example: ["key1:value1","key2:value2"].

Deprecated:

Use tags instead.

Tags map[string]string

Map of tags to assign to the gateway. Only available for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret gateways. Allowed characters vary by cloud type but always include: letters, spaces, and numbers. AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret allow the use of any character. Azure, AzureGov and AzureChina allows the following special characters: + - = . _ : @. Example: {"key1" = "value1", "key2" = "value2"}.

TunnelDetectionTime int

The IPSec tunnel down detection time for the transit gateway.

Zone string

Availability Zone. Only available for cloud_type = 8 (Azure). Must be in the form 'az-n', for example, 'az-2'. Available in provider version R2.17+.

accountName String

This parameter represents the name of a Cloud-Account in Aviatrix controller.

cloudType Integer

Type of cloud service provider, requires an integer value. Currently only AWS(1), GCP(4), Azure(8), OCI(16), AzureGov(32), AWSGov(256), AWSChina(1024), AzureChina(2048), Alibaba Cloud(8192), AWS Top Secret(16384) and AWS Secret (32768) are supported.

gwName String

Name of the gateway which is going to be created.

gwSize String

Size of the gateway instance. Example: AWS: "t2.large", Azure/AzureGov: "Standard_B1s", OCI: "VM.Standard2.2", GCP: "n1-standard-1", AWSGov: "t2.large", AWSChina: "t2.large", AzureChina: "Standard_A0".

subnet String

A VPC Network address range selected from one of the available network ranges.

vpcId String

VPC-ID/VNet-Name of cloud provider.

vpcReg String

Region of cloud provider. Example: AWS: "us-east-1", GCP: "us-west2-a", Azure: "East US 2", OCI: "us-ashburn-1", AzureGov: "USGov Arizona", AWSGov: "us-gov-west-1", AWSChina: "cn-north-1", AzureChina: "China North", AWS Top Secret: "us-iso-east-1", AWS Secret: "us-isob-east-1".

allocateNewEip Boolean

When value is false, reuse an idle address in Elastic IP pool for this gateway. Otherwise, allocate a new Elastic IP and use it for this gateway. Available in Controller 4.7+. Valid values: true, false. Default: true.

approvedLearnedCidrs List<String>

A set of approved learned CIDRs. Only valid when enable_learned_cidrs_approval is set to true. Example: ["10.250.0.0/16", "10.251.0.0/16"]. Available as of provider version R2.21+.

availabilityDomain String

Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

azureEipNameResourceGroup String

Name of public IP Address resource and its resource group in Azure to be assigned to the Transit Gateway instance. Example: "IP_Name:Resource_Group_Name". Required if allocate_new_eip is false and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.

bgpEcmp Boolean

Enable Equal Cost Multi Path (ECMP) routing for the next hop. Default value: false.

bgpHoldTime Integer

BGP hold time. Unit is in seconds. Valid values are between 12 and 360. Default value: 180.

bgpLanInterfaces List<AviatrixTransitGatewayBgpLanInterfaceArgs>

Interfaces to run BGP protocol on top of the ethernet interface, to connect to the onprem/remote peer. Only available for GCP Transit. Each interface has the following attributes:

bgpLanInterfacesCount Integer

Number of interfaces that will be created for BGP over LAN enabled Azure transit. Valid value: 1~5 for FireNet case, 1~7 for Non-FireNet case. Default value: 1. Available as of provider version R2.22+.

bgpManualSpokeAdvertiseCidrs String

Intended CIDR list to be advertised to external BGP router. Example: "10.2.0.0/16,10.4.0.0/16". Available as of R2.6. NOTE: If previously enabled through vgw_conn resource prior to provider version R2.6, please see notes here.

bgpPollingTime String

BGP route polling time. Unit is in seconds. Valid values are between 10 and 50. Default value: "50".

connectedTransit Boolean

Specify Connected Transit status. If enabled, it allows spokes to run traffics to other spokes via transit gateway. Valid values: true, false. Default value: false.

customerManagedKeys String

Customer managed key ID.

customizedSpokeVpcRoutes String

A list of comma-separated CIDRs to be customized for the spoke VPC routes. When configured, it will replace all learned routes in VPC routing tables, including RFC1918 and non-RFC1918 CIDRs. It applies to all spoke gateways attached to this transit gateway. Example: "10.0.0.0/16,10.2.0.0/16".

customizedTransitVpcRoutes List<String>

A list of CIDRs to be customized for the transit VPC routes. When configured, it will replace all learned routes in VPC routing tables, including RFC1918 and non-RFC1918 CIDRs. To be effective, enable_advertise_transit_cidr or firewall management access for a Transit FireNet gateway must be enabled. Example: ["10.0.0.0/16", "10.2.0.0/16"].

eip String

Required when allocate_new_eip is false. It uses the specified EIP for this gateway. Available in Controller version 4.7+. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.

enableActiveStandby Boolean

Enables Active-Standby Mode. Available only with HA enabled. Valid values: true, false. Default value: false. Available in provider version R2.17.1+.

enableActiveStandbyPreemptive Boolean

Enables Preemptive Mode for Active-Standby. Available only with BGP enabled, HA enabled and Active-Standby enabled. Valid values: true, false. Default value: false.

enableAdvertiseTransitCidr Boolean

Switch to enable/disable advertise transit VPC network CIDR for a VGW connection. Available as of R2.6. NOTE: If previously enabled through vgw_conn resource prior to provider version R2.6, please see notes here.

enableBgpOverLan Boolean

Pre-allocate a network interface(eth4) for "BGP over LAN" functionality. Must be enabled to create a BGP over LAN aviatrix.AviatrixTransitExternalDeviceConn resource with this Transit Gateway. Only valid for GCP (4), Azure (8), AzureGov (32) or AzureChina (2048). Valid values: true or false. Default value: false. Available as of provider version R2.18+.

enableEgressTransitFirenet Boolean

Enable Egress Transit FireNet. Valid values: true, false. Default value: false. Available in provider version R2.16.3+.

enableEncryptVolume Boolean

Enable EBS volume encryption for Gateway. Only supports AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret. Valid values: true, false. Default value: false.

enableFirenet Boolean

Set to true to use gateway for legacy AWS TGW-based FireNet connection. Valid values: true, false. Default value: false. NOTE: If previously using an older provider version R2.5 where attribute name was enable_firenet_interfaces, please see notes here.

enableGatewayLoadBalancer Boolean

Enable FireNet interfaces with AWS Gateway Load Balancer. Only valid when enable_firenet or enable_transit_firenet are set to true and cloud_type = 1 (AWS). Currently, AWS Gateway Load Balancer is only supported in AWS regions: us-west-2, us-east-1, eu-west-1, ap-southeast-2 and sa-east-1. Valid values: true or false. Default value: false. Available as of provider version R2.18+.

enableHybridConnection Boolean

Sign of readiness for AWS TGW connection. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret. Example: false.

enableJumboFrame Boolean

Enable jumbo frames for this transit gateway. Default value is true.

enableLearnedCidrsApproval Boolean

Switch to enable/disable encrypted transit approval for transit gateway. Valid values: true, false. Default value: false.

enableMonitorGatewaySubnets Boolean

If set to true, the Monitor Gateway Subnets feature is enabled. Default value is false. Available in provider version R2.18+.

enableMultiTierTransit Boolean

Enable Multi-tier Transit mode on transit gateway. When enabled, transit gateway will propagate routes it receives from its transit peering peer to other transit peering peers. local_as_number is required. Default value: false. Available as of provider version R2.19+.

enablePreserveAsPath Boolean

Enable preserve as_path when advertising manual summary cidrs on transit gateway. Valid values: true, false. Default value: false. Available as of provider version R.2.22.1+ },

enablePrivateOob Boolean

Enable Private OOB feature. Only available for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret. Valid values: true, false. Default value: false.

enableS2cRxBalancing Boolean

Enable S2C receive packet CPU re-balancing on transit gateway. Valid values: true, false. Default value: false. Available in provider version R2.21.2+.

enableSegmentation Boolean

Enable transit gateway for segmentation. Valid values: true, false. Default: false.

enableSpotInstance Boolean

Enable spot instance. NOT supported for production deployment.

enableTransitFirenet Boolean

Set to true to use gateway for Transit FireNet connection. Valid values: true, false. Default value: false. Available in provider version R2.12+.

enableTransitSummarizeCidrToTgw Boolean

Enable summarize CIDR to TGW. Valid values: true, false. Default value: false.

enableVpcDnsServer Boolean

Enable VPC DNS Server for Gateway. Currently only supported for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, Alibaba Cloud, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.

excludedAdvertisedSpokeRoutes String

A list of comma-separated CIDRs to be advertised to on-prem as 'Excluded CIDR List'. When configured, it inspects all the advertised CIDRs from its spoke gateways and remove those included in the 'Excluded CIDR List'. Example: "10.4.0.0/16,10.5.0.0/16".

faultDomain String

Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

filteredSpokeVpcRoutes String

A list of comma-separated CIDRs to be filtered from the spoke VPC route table. When configured, filtering CIDR(s) or it’s subnet will be deleted from VPC routing tables as well as from spoke gateway’s routing table. It applies to all spoke gateways attached to this transit gateway. Example: "10.2.0.0/16,10.3.0.0/16".

haAvailabilityDomain String

HA gateway availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

haAzureEipNameResourceGroup String

Name of public IP Address resource and its resource group in Azure to be assigned to the HA Transit Gateway instance. Example: "IP_Name:Resource_Group_Name". Required if ha_eip is set and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.

haBgpLanInterfaces List<AviatrixTransitGatewayHaBgpLanInterfaceArgs>

Interfaces to run BGP protocol on top of the ethernet interface, to connect to the onprem/remote peer. Only available for GCP Transit HA. Each interface has the following attributes:

haEip String

Public IP address that you want to assign to the HA peering instance. If no value is given, a new EIP will automatically be allocated. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.

haFaultDomain String

HA gateway fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

haGwSize String

HA Gateway Size. Mandatory if enabling HA. Example: "t2.micro".

haImageVersion String

The image version of the HA gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired ha_software_version. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.

haInsaneModeAz String

AZ of subnet being created for Insane Mode Transit HA Gateway. Required for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret if insane_mode is enabled and ha_subnet is set. Example: AWS: "us-west-1a".

haOobAvailabilityZone String

HA OOB availability zone. Required if enabling Private OOB and HA. Example: "us-west-1b".

haOobManagementSubnet String

HA OOB management subnet. Required if enabling Private OOB and HA. Example: "11.0.0.48/28".

haPrivateModeSubnetZone String

Availability Zone of the HA subnet. Required when Private Mode is enabled on the Controller and cloud_type is AWS or AWSGov with HA. Available in Provider version R2.23+.

haSoftwareVersion String

The software version of the HA gateway. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the HA gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.

haSubnet String

HA Subnet CIDR. Required only if enabling HA for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, OCI, Alibaba Cloud, AWS Top Secret or AWS Secret gateways. Optional for GCP. Setting to empty/unsetting will disable HA. Setting to a valid subnet CIDR will create an HA gateway on the subnet. Example: "10.12.0.0/24".

haZone String

HA Zone. Required if enabling HA for GCP gateway. Optional if enabling HA for Azure gateway. For GCP, setting to empty/unsetting will disable HA and setting to a valid zone will create an HA gateway in the zone. Example: "us-west1-c". For Azure, this is an optional parameter to place the HA gateway in a specific availability zone. Valid values for Azure gateways are in the form "az-n". Example: "az-2". Available for Azure as of provider version R2.17+.

imageVersion String

The image version of the gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired software_version. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.

insaneMode Boolean

Specify true for Insane Mode high performance gateway. Insane Mode gateway size must be at least c5 size (AWS, AWSGov, AWS China, AWS Top Secret and AWS Secret) or Standard_D3_v2 (Azure and AzureGov); for GCP only four size are supported: "n1-highcpu-4", "n1-highcpu-8", "n1-highcpu-16" and "n1-highcpu-32". If enabled, you must specify a valid /26 CIDR segment of the VPC to create a new subnet for AWS, Azure, AzureGov, AWSGov, AWS Top Secret and AWS Secret. Only available for AWS, GCP/OCI, Azure, AzureGov, AzureChina, AWSGov, AWS Top Secret and AWS Secret. Valid values: true, false. Default value: false.

insaneModeAz String

AZ of subnet being created for Insane Mode Transit Gateway. Required for AWS, AWSGov, AWS China, AWS Top Secret or AWS Secret if insane_mode is enabled. Example: AWS: "us-west-1a".

lanPrivateSubnet String

LAN Private Subnet. Only valid when enabling Transit FireNet on GCP. Available as of provider version R2.18.1+.

lanVpcId String

LAN VPC ID. Only valid when enabling Transit FireNet on GCP. Available as of provider version R2.18.1+.

learnedCidrsApprovalMode String

Learned CIDRs approval mode. Either "gateway" (approval on a per gateway basis) or "connection" (approval on a per connection basis). Default value: "gateway". Available as of provider version R2.18+.

localAsNumber String

Changes the Aviatrix Transit Gateway ASN number before you setup Aviatrix Transit Gateway connection configurations.

monitorExcludeLists List<String>

Set of monitored instance ids. Only valid when 'enable_monitor_gateway_subnets' = true. Available in provider version R2.18+.

oobAvailabilityZone String

OOB availability zone. Required if enabling Private OOB. Example: "us-west-1a".

oobManagementSubnet String

OOB management subnet. Required if enabling Private OOB. Example: "11.0.2.0/24".

prependAsPaths List<String>

List of AS numbers to populate BGP AP_PATH field when it advertises to VGW or peer devices.

privateModeLbVpcId String

VPC ID of Private Mode load balancer. Required when Private Mode is enabled on the Controller. Available in Provider version R2.23+.

privateModeSubnetZone String

Availability Zone of the subnet. Required when Private Mode is enabled on the Controller and cloud_type is AWS or AWSGov. Available in Provider version R2.23+.

rxQueueSize String

Gateway ethernet interface RX queue size. Once set, can't be deleted or disabled. Available for AWS as of provider version R2.22+.

singleAzHa Boolean

Set to true if this feature is desired. Valid values: true, false.

singleIpSnat Boolean

Enable "single_ip" mode Source NAT for this container. Valid values: true, false. NOTE: Please see notes here in regards to changes to this argument in R2.10.

softwareVersion String

The software version of the gateway. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.

spotPrice String

Price for spot instance. NOT supported for production deployment.

tagLists List<String>

(Optional) Instance tag of cloud provider. Only supported for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina. Example: ["key1:value1","key2:value2"].

Deprecated:

Use tags instead.

tags Map<String,String>

Map of tags to assign to the gateway. Only available for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret gateways. Allowed characters vary by cloud type but always include: letters, spaces, and numbers. AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret allow the use of any character. Azure, AzureGov and AzureChina allows the following special characters: + - = . _ : @. Example: {"key1" = "value1", "key2" = "value2"}.

tunnelDetectionTime Integer

The IPSec tunnel down detection time for the transit gateway.

zone String

Availability Zone. Only available for cloud_type = 8 (Azure). Must be in the form 'az-n', for example, 'az-2'. Available in provider version R2.17+.

accountName string

This parameter represents the name of a Cloud-Account in Aviatrix controller.

cloudType number

Type of cloud service provider, requires an integer value. Currently only AWS(1), GCP(4), Azure(8), OCI(16), AzureGov(32), AWSGov(256), AWSChina(1024), AzureChina(2048), Alibaba Cloud(8192), AWS Top Secret(16384) and AWS Secret (32768) are supported.

gwName string

Name of the gateway which is going to be created.

gwSize string

Size of the gateway instance. Example: AWS: "t2.large", Azure/AzureGov: "Standard_B1s", OCI: "VM.Standard2.2", GCP: "n1-standard-1", AWSGov: "t2.large", AWSChina: "t2.large", AzureChina: "Standard_A0".

subnet string

A VPC Network address range selected from one of the available network ranges.

vpcId string

VPC-ID/VNet-Name of cloud provider.

vpcReg string

Region of cloud provider. Example: AWS: "us-east-1", GCP: "us-west2-a", Azure: "East US 2", OCI: "us-ashburn-1", AzureGov: "USGov Arizona", AWSGov: "us-gov-west-1", AWSChina: "cn-north-1", AzureChina: "China North", AWS Top Secret: "us-iso-east-1", AWS Secret: "us-isob-east-1".

allocateNewEip boolean

When value is false, reuse an idle address in Elastic IP pool for this gateway. Otherwise, allocate a new Elastic IP and use it for this gateway. Available in Controller 4.7+. Valid values: true, false. Default: true.

approvedLearnedCidrs string[]

A set of approved learned CIDRs. Only valid when enable_learned_cidrs_approval is set to true. Example: ["10.250.0.0/16", "10.251.0.0/16"]. Available as of provider version R2.21+.

availabilityDomain string

Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

azureEipNameResourceGroup string

Name of public IP Address resource and its resource group in Azure to be assigned to the Transit Gateway instance. Example: "IP_Name:Resource_Group_Name". Required if allocate_new_eip is false and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.

bgpEcmp boolean

Enable Equal Cost Multi Path (ECMP) routing for the next hop. Default value: false.

bgpHoldTime number

BGP hold time. Unit is in seconds. Valid values are between 12 and 360. Default value: 180.

bgpLanInterfaces AviatrixTransitGatewayBgpLanInterfaceArgs[]

Interfaces to run BGP protocol on top of the ethernet interface, to connect to the onprem/remote peer. Only available for GCP Transit. Each interface has the following attributes:

bgpLanInterfacesCount number

Number of interfaces that will be created for BGP over LAN enabled Azure transit. Valid value: 1~5 for FireNet case, 1~7 for Non-FireNet case. Default value: 1. Available as of provider version R2.22+.

bgpManualSpokeAdvertiseCidrs string

Intended CIDR list to be advertised to external BGP router. Example: "10.2.0.0/16,10.4.0.0/16". Available as of R2.6. NOTE: If previously enabled through vgw_conn resource prior to provider version R2.6, please see notes here.

bgpPollingTime string

BGP route polling time. Unit is in seconds. Valid values are between 10 and 50. Default value: "50".

connectedTransit boolean

Specify Connected Transit status. If enabled, it allows spokes to run traffics to other spokes via transit gateway. Valid values: true, false. Default value: false.

customerManagedKeys string

Customer managed key ID.

customizedSpokeVpcRoutes string

A list of comma-separated CIDRs to be customized for the spoke VPC routes. When configured, it will replace all learned routes in VPC routing tables, including RFC1918 and non-RFC1918 CIDRs. It applies to all spoke gateways attached to this transit gateway. Example: "10.0.0.0/16,10.2.0.0/16".

customizedTransitVpcRoutes string[]

A list of CIDRs to be customized for the transit VPC routes. When configured, it will replace all learned routes in VPC routing tables, including RFC1918 and non-RFC1918 CIDRs. To be effective, enable_advertise_transit_cidr or firewall management access for a Transit FireNet gateway must be enabled. Example: ["10.0.0.0/16", "10.2.0.0/16"].

eip string

Required when allocate_new_eip is false. It uses the specified EIP for this gateway. Available in Controller version 4.7+. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.

enableActiveStandby boolean

Enables Active-Standby Mode. Available only with HA enabled. Valid values: true, false. Default value: false. Available in provider version R2.17.1+.

enableActiveStandbyPreemptive boolean

Enables Preemptive Mode for Active-Standby. Available only with BGP enabled, HA enabled and Active-Standby enabled. Valid values: true, false. Default value: false.

enableAdvertiseTransitCidr boolean

Switch to enable/disable advertise transit VPC network CIDR for a VGW connection. Available as of R2.6. NOTE: If previously enabled through vgw_conn resource prior to provider version R2.6, please see notes here.

enableBgpOverLan boolean

Pre-allocate a network interface(eth4) for "BGP over LAN" functionality. Must be enabled to create a BGP over LAN aviatrix.AviatrixTransitExternalDeviceConn resource with this Transit Gateway. Only valid for GCP (4), Azure (8), AzureGov (32) or AzureChina (2048). Valid values: true or false. Default value: false. Available as of provider version R2.18+.

enableEgressTransitFirenet boolean

Enable Egress Transit FireNet. Valid values: true, false. Default value: false. Available in provider version R2.16.3+.

enableEncryptVolume boolean

Enable EBS volume encryption for Gateway. Only supports AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret. Valid values: true, false. Default value: false.

enableFirenet boolean

Set to true to use gateway for legacy AWS TGW-based FireNet connection. Valid values: true, false. Default value: false. NOTE: If previously using an older provider version R2.5 where attribute name was enable_firenet_interfaces, please see notes here.

enableGatewayLoadBalancer boolean

Enable FireNet interfaces with AWS Gateway Load Balancer. Only valid when enable_firenet or enable_transit_firenet are set to true and cloud_type = 1 (AWS). Currently, AWS Gateway Load Balancer is only supported in AWS regions: us-west-2, us-east-1, eu-west-1, ap-southeast-2 and sa-east-1. Valid values: true or false. Default value: false. Available as of provider version R2.18+.

enableHybridConnection boolean

Sign of readiness for AWS TGW connection. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret. Example: false.

enableJumboFrame boolean

Enable jumbo frames for this transit gateway. Default value is true.

enableLearnedCidrsApproval boolean

Switch to enable/disable encrypted transit approval for transit gateway. Valid values: true, false. Default value: false.

enableMonitorGatewaySubnets boolean

If set to true, the Monitor Gateway Subnets feature is enabled. Default value is false. Available in provider version R2.18+.

enableMultiTierTransit boolean

Enable Multi-tier Transit mode on transit gateway. When enabled, transit gateway will propagate routes it receives from its transit peering peer to other transit peering peers. local_as_number is required. Default value: false. Available as of provider version R2.19+.

enablePreserveAsPath boolean

Enable preserve as_path when advertising manual summary cidrs on transit gateway. Valid values: true, false. Default value: false. Available as of provider version R.2.22.1+ },

enablePrivateOob boolean

Enable Private OOB feature. Only available for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret. Valid values: true, false. Default value: false.

enableS2cRxBalancing boolean

Enable S2C receive packet CPU re-balancing on transit gateway. Valid values: true, false. Default value: false. Available in provider version R2.21.2+.

enableSegmentation boolean

Enable transit gateway for segmentation. Valid values: true, false. Default: false.

enableSpotInstance boolean

Enable spot instance. NOT supported for production deployment.

enableTransitFirenet boolean

Set to true to use gateway for Transit FireNet connection. Valid values: true, false. Default value: false. Available in provider version R2.12+.

enableTransitSummarizeCidrToTgw boolean

Enable summarize CIDR to TGW. Valid values: true, false. Default value: false.

enableVpcDnsServer boolean

Enable VPC DNS Server for Gateway. Currently only supported for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, Alibaba Cloud, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.

excludedAdvertisedSpokeRoutes string

A list of comma-separated CIDRs to be advertised to on-prem as 'Excluded CIDR List'. When configured, it inspects all the advertised CIDRs from its spoke gateways and remove those included in the 'Excluded CIDR List'. Example: "10.4.0.0/16,10.5.0.0/16".

faultDomain string

Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

filteredSpokeVpcRoutes string

A list of comma-separated CIDRs to be filtered from the spoke VPC route table. When configured, filtering CIDR(s) or it’s subnet will be deleted from VPC routing tables as well as from spoke gateway’s routing table. It applies to all spoke gateways attached to this transit gateway. Example: "10.2.0.0/16,10.3.0.0/16".

haAvailabilityDomain string

HA gateway availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

haAzureEipNameResourceGroup string

Name of public IP Address resource and its resource group in Azure to be assigned to the HA Transit Gateway instance. Example: "IP_Name:Resource_Group_Name". Required if ha_eip is set and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.

haBgpLanInterfaces AviatrixTransitGatewayHaBgpLanInterfaceArgs[]

Interfaces to run BGP protocol on top of the ethernet interface, to connect to the onprem/remote peer. Only available for GCP Transit HA. Each interface has the following attributes:

haEip string

Public IP address that you want to assign to the HA peering instance. If no value is given, a new EIP will automatically be allocated. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.

haFaultDomain string

HA gateway fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

haGwSize string

HA Gateway Size. Mandatory if enabling HA. Example: "t2.micro".

haImageVersion string

The image version of the HA gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired ha_software_version. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.

haInsaneModeAz string

AZ of subnet being created for Insane Mode Transit HA Gateway. Required for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret if insane_mode is enabled and ha_subnet is set. Example: AWS: "us-west-1a".

haOobAvailabilityZone string

HA OOB availability zone. Required if enabling Private OOB and HA. Example: "us-west-1b".

haOobManagementSubnet string

HA OOB management subnet. Required if enabling Private OOB and HA. Example: "11.0.0.48/28".

haPrivateModeSubnetZone string

Availability Zone of the HA subnet. Required when Private Mode is enabled on the Controller and cloud_type is AWS or AWSGov with HA. Available in Provider version R2.23+.

haSoftwareVersion string

The software version of the HA gateway. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the HA gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.

haSubnet string

HA Subnet CIDR. Required only if enabling HA for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, OCI, Alibaba Cloud, AWS Top Secret or AWS Secret gateways. Optional for GCP. Setting to empty/unsetting will disable HA. Setting to a valid subnet CIDR will create an HA gateway on the subnet. Example: "10.12.0.0/24".

haZone string

HA Zone. Required if enabling HA for GCP gateway. Optional if enabling HA for Azure gateway. For GCP, setting to empty/unsetting will disable HA and setting to a valid zone will create an HA gateway in the zone. Example: "us-west1-c". For Azure, this is an optional parameter to place the HA gateway in a specific availability zone. Valid values for Azure gateways are in the form "az-n". Example: "az-2". Available for Azure as of provider version R2.17+.

imageVersion string

The image version of the gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired software_version. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.

insaneMode boolean

Specify true for Insane Mode high performance gateway. Insane Mode gateway size must be at least c5 size (AWS, AWSGov, AWS China, AWS Top Secret and AWS Secret) or Standard_D3_v2 (Azure and AzureGov); for GCP only four size are supported: "n1-highcpu-4", "n1-highcpu-8", "n1-highcpu-16" and "n1-highcpu-32". If enabled, you must specify a valid /26 CIDR segment of the VPC to create a new subnet for AWS, Azure, AzureGov, AWSGov, AWS Top Secret and AWS Secret. Only available for AWS, GCP/OCI, Azure, AzureGov, AzureChina, AWSGov, AWS Top Secret and AWS Secret. Valid values: true, false. Default value: false.

insaneModeAz string

AZ of subnet being created for Insane Mode Transit Gateway. Required for AWS, AWSGov, AWS China, AWS Top Secret or AWS Secret if insane_mode is enabled. Example: AWS: "us-west-1a".

lanPrivateSubnet string

LAN Private Subnet. Only valid when enabling Transit FireNet on GCP. Available as of provider version R2.18.1+.

lanVpcId string

LAN VPC ID. Only valid when enabling Transit FireNet on GCP. Available as of provider version R2.18.1+.

learnedCidrsApprovalMode string

Learned CIDRs approval mode. Either "gateway" (approval on a per gateway basis) or "connection" (approval on a per connection basis). Default value: "gateway". Available as of provider version R2.18+.

localAsNumber string

Changes the Aviatrix Transit Gateway ASN number before you setup Aviatrix Transit Gateway connection configurations.

monitorExcludeLists string[]

Set of monitored instance ids. Only valid when 'enable_monitor_gateway_subnets' = true. Available in provider version R2.18+.

oobAvailabilityZone string

OOB availability zone. Required if enabling Private OOB. Example: "us-west-1a".

oobManagementSubnet string

OOB management subnet. Required if enabling Private OOB. Example: "11.0.2.0/24".

prependAsPaths string[]

List of AS numbers to populate BGP AP_PATH field when it advertises to VGW or peer devices.

privateModeLbVpcId string

VPC ID of Private Mode load balancer. Required when Private Mode is enabled on the Controller. Available in Provider version R2.23+.

privateModeSubnetZone string

Availability Zone of the subnet. Required when Private Mode is enabled on the Controller and cloud_type is AWS or AWSGov. Available in Provider version R2.23+.

rxQueueSize string

Gateway ethernet interface RX queue size. Once set, can't be deleted or disabled. Available for AWS as of provider version R2.22+.

singleAzHa boolean

Set to true if this feature is desired. Valid values: true, false.

singleIpSnat boolean

Enable "single_ip" mode Source NAT for this container. Valid values: true, false. NOTE: Please see notes here in regards to changes to this argument in R2.10.

softwareVersion string

The software version of the gateway. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.

spotPrice string

Price for spot instance. NOT supported for production deployment.

tagLists string[]

(Optional) Instance tag of cloud provider. Only supported for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina. Example: ["key1:value1","key2:value2"].

Deprecated:

Use tags instead.

tags {[key: string]: string}

Map of tags to assign to the gateway. Only available for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret gateways. Allowed characters vary by cloud type but always include: letters, spaces, and numbers. AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret allow the use of any character. Azure, AzureGov and AzureChina allows the following special characters: + - = . _ : @. Example: {"key1" = "value1", "key2" = "value2"}.

tunnelDetectionTime number

The IPSec tunnel down detection time for the transit gateway.

zone string

Availability Zone. Only available for cloud_type = 8 (Azure). Must be in the form 'az-n', for example, 'az-2'. Available in provider version R2.17+.

account_name str

This parameter represents the name of a Cloud-Account in Aviatrix controller.

cloud_type int

Type of cloud service provider, requires an integer value. Currently only AWS(1), GCP(4), Azure(8), OCI(16), AzureGov(32), AWSGov(256), AWSChina(1024), AzureChina(2048), Alibaba Cloud(8192), AWS Top Secret(16384) and AWS Secret (32768) are supported.

gw_name str

Name of the gateway which is going to be created.

gw_size str

Size of the gateway instance. Example: AWS: "t2.large", Azure/AzureGov: "Standard_B1s", OCI: "VM.Standard2.2", GCP: "n1-standard-1", AWSGov: "t2.large", AWSChina: "t2.large", AzureChina: "Standard_A0".

subnet str

A VPC Network address range selected from one of the available network ranges.

vpc_id str

VPC-ID/VNet-Name of cloud provider.

vpc_reg str

Region of cloud provider. Example: AWS: "us-east-1", GCP: "us-west2-a", Azure: "East US 2", OCI: "us-ashburn-1", AzureGov: "USGov Arizona", AWSGov: "us-gov-west-1", AWSChina: "cn-north-1", AzureChina: "China North", AWS Top Secret: "us-iso-east-1", AWS Secret: "us-isob-east-1".

allocate_new_eip bool

When value is false, reuse an idle address in Elastic IP pool for this gateway. Otherwise, allocate a new Elastic IP and use it for this gateway. Available in Controller 4.7+. Valid values: true, false. Default: true.

approved_learned_cidrs Sequence[str]

A set of approved learned CIDRs. Only valid when enable_learned_cidrs_approval is set to true. Example: ["10.250.0.0/16", "10.251.0.0/16"]. Available as of provider version R2.21+.

availability_domain str

Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

azure_eip_name_resource_group str

Name of public IP Address resource and its resource group in Azure to be assigned to the Transit Gateway instance. Example: "IP_Name:Resource_Group_Name". Required if allocate_new_eip is false and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.

bgp_ecmp bool

Enable Equal Cost Multi Path (ECMP) routing for the next hop. Default value: false.

bgp_hold_time int

BGP hold time. Unit is in seconds. Valid values are between 12 and 360. Default value: 180.

bgp_lan_interfaces Sequence[AviatrixTransitGatewayBgpLanInterfaceArgs]

Interfaces to run BGP protocol on top of the ethernet interface, to connect to the onprem/remote peer. Only available for GCP Transit. Each interface has the following attributes:

bgp_lan_interfaces_count int

Number of interfaces that will be created for BGP over LAN enabled Azure transit. Valid value: 1~5 for FireNet case, 1~7 for Non-FireNet case. Default value: 1. Available as of provider version R2.22+.

bgp_manual_spoke_advertise_cidrs str

Intended CIDR list to be advertised to external BGP router. Example: "10.2.0.0/16,10.4.0.0/16". Available as of R2.6. NOTE: If previously enabled through vgw_conn resource prior to provider version R2.6, please see notes here.

bgp_polling_time str

BGP route polling time. Unit is in seconds. Valid values are between 10 and 50. Default value: "50".

connected_transit bool

Specify Connected Transit status. If enabled, it allows spokes to run traffics to other spokes via transit gateway. Valid values: true, false. Default value: false.

customer_managed_keys str

Customer managed key ID.

customized_spoke_vpc_routes str

A list of comma-separated CIDRs to be customized for the spoke VPC routes. When configured, it will replace all learned routes in VPC routing tables, including RFC1918 and non-RFC1918 CIDRs. It applies to all spoke gateways attached to this transit gateway. Example: "10.0.0.0/16,10.2.0.0/16".

customized_transit_vpc_routes Sequence[str]

A list of CIDRs to be customized for the transit VPC routes. When configured, it will replace all learned routes in VPC routing tables, including RFC1918 and non-RFC1918 CIDRs. To be effective, enable_advertise_transit_cidr or firewall management access for a Transit FireNet gateway must be enabled. Example: ["10.0.0.0/16", "10.2.0.0/16"].

eip str

Required when allocate_new_eip is false. It uses the specified EIP for this gateway. Available in Controller version 4.7+. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.

enable_active_standby bool

Enables Active-Standby Mode. Available only with HA enabled. Valid values: true, false. Default value: false. Available in provider version R2.17.1+.

enable_active_standby_preemptive bool

Enables Preemptive Mode for Active-Standby. Available only with BGP enabled, HA enabled and Active-Standby enabled. Valid values: true, false. Default value: false.

enable_advertise_transit_cidr bool

Switch to enable/disable advertise transit VPC network CIDR for a VGW connection. Available as of R2.6. NOTE: If previously enabled through vgw_conn resource prior to provider version R2.6, please see notes here.

enable_bgp_over_lan bool

Pre-allocate a network interface(eth4) for "BGP over LAN" functionality. Must be enabled to create a BGP over LAN aviatrix.AviatrixTransitExternalDeviceConn resource with this Transit Gateway. Only valid for GCP (4), Azure (8), AzureGov (32) or AzureChina (2048). Valid values: true or false. Default value: false. Available as of provider version R2.18+.

enable_egress_transit_firenet bool

Enable Egress Transit FireNet. Valid values: true, false. Default value: false. Available in provider version R2.16.3+.

enable_encrypt_volume bool

Enable EBS volume encryption for Gateway. Only supports AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret. Valid values: true, false. Default value: false.

enable_firenet bool

Set to true to use gateway for legacy AWS TGW-based FireNet connection. Valid values: true, false. Default value: false. NOTE: If previously using an older provider version R2.5 where attribute name was enable_firenet_interfaces, please see notes here.

enable_gateway_load_balancer bool

Enable FireNet interfaces with AWS Gateway Load Balancer. Only valid when enable_firenet or enable_transit_firenet are set to true and cloud_type = 1 (AWS). Currently, AWS Gateway Load Balancer is only supported in AWS regions: us-west-2, us-east-1, eu-west-1, ap-southeast-2 and sa-east-1. Valid values: true or false. Default value: false. Available as of provider version R2.18+.

enable_hybrid_connection bool

Sign of readiness for AWS TGW connection. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret. Example: false.

enable_jumbo_frame bool

Enable jumbo frames for this transit gateway. Default value is true.

enable_learned_cidrs_approval bool

Switch to enable/disable encrypted transit approval for transit gateway. Valid values: true, false. Default value: false.

enable_monitor_gateway_subnets bool

If set to true, the Monitor Gateway Subnets feature is enabled. Default value is false. Available in provider version R2.18+.

enable_multi_tier_transit bool

Enable Multi-tier Transit mode on transit gateway. When enabled, transit gateway will propagate routes it receives from its transit peering peer to other transit peering peers. local_as_number is required. Default value: false. Available as of provider version R2.19+.

enable_preserve_as_path bool

Enable preserve as_path when advertising manual summary cidrs on transit gateway. Valid values: true, false. Default value: false. Available as of provider version R.2.22.1+ },

enable_private_oob bool

Enable Private OOB feature. Only available for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret. Valid values: true, false. Default value: false.

enable_s2c_rx_balancing bool

Enable S2C receive packet CPU re-balancing on transit gateway. Valid values: true, false. Default value: false. Available in provider version R2.21.2+.

enable_segmentation bool

Enable transit gateway for segmentation. Valid values: true, false. Default: false.

enable_spot_instance bool

Enable spot instance. NOT supported for production deployment.

enable_transit_firenet bool

Set to true to use gateway for Transit FireNet connection. Valid values: true, false. Default value: false. Available in provider version R2.12+.

enable_transit_summarize_cidr_to_tgw bool

Enable summarize CIDR to TGW. Valid values: true, false. Default value: false.

enable_vpc_dns_server bool

Enable VPC DNS Server for Gateway. Currently only supported for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, Alibaba Cloud, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.

excluded_advertised_spoke_routes str

A list of comma-separated CIDRs to be advertised to on-prem as 'Excluded CIDR List'. When configured, it inspects all the advertised CIDRs from its spoke gateways and remove those included in the 'Excluded CIDR List'. Example: "10.4.0.0/16,10.5.0.0/16".

fault_domain str

Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

filtered_spoke_vpc_routes str

A list of comma-separated CIDRs to be filtered from the spoke VPC route table. When configured, filtering CIDR(s) or it’s subnet will be deleted from VPC routing tables as well as from spoke gateway’s routing table. It applies to all spoke gateways attached to this transit gateway. Example: "10.2.0.0/16,10.3.0.0/16".

ha_availability_domain str

HA gateway availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

ha_azure_eip_name_resource_group str

Name of public IP Address resource and its resource group in Azure to be assigned to the HA Transit Gateway instance. Example: "IP_Name:Resource_Group_Name". Required if ha_eip is set and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.

ha_bgp_lan_interfaces Sequence[AviatrixTransitGatewayHaBgpLanInterfaceArgs]

Interfaces to run BGP protocol on top of the ethernet interface, to connect to the onprem/remote peer. Only available for GCP Transit HA. Each interface has the following attributes:

ha_eip str

Public IP address that you want to assign to the HA peering instance. If no value is given, a new EIP will automatically be allocated. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.

ha_fault_domain str

HA gateway fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

ha_gw_size str

HA Gateway Size. Mandatory if enabling HA. Example: "t2.micro".

ha_image_version str

The image version of the HA gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired ha_software_version. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.

ha_insane_mode_az str

AZ of subnet being created for Insane Mode Transit HA Gateway. Required for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret if insane_mode is enabled and ha_subnet is set. Example: AWS: "us-west-1a".

ha_oob_availability_zone str

HA OOB availability zone. Required if enabling Private OOB and HA. Example: "us-west-1b".

ha_oob_management_subnet str

HA OOB management subnet. Required if enabling Private OOB and HA. Example: "11.0.0.48/28".

ha_private_mode_subnet_zone str

Availability Zone of the HA subnet. Required when Private Mode is enabled on the Controller and cloud_type is AWS or AWSGov with HA. Available in Provider version R2.23+.

ha_software_version str

The software version of the HA gateway. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the HA gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.

ha_subnet str

HA Subnet CIDR. Required only if enabling HA for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, OCI, Alibaba Cloud, AWS Top Secret or AWS Secret gateways. Optional for GCP. Setting to empty/unsetting will disable HA. Setting to a valid subnet CIDR will create an HA gateway on the subnet. Example: "10.12.0.0/24".

ha_zone str

HA Zone. Required if enabling HA for GCP gateway. Optional if enabling HA for Azure gateway. For GCP, setting to empty/unsetting will disable HA and setting to a valid zone will create an HA gateway in the zone. Example: "us-west1-c". For Azure, this is an optional parameter to place the HA gateway in a specific availability zone. Valid values for Azure gateways are in the form "az-n". Example: "az-2". Available for Azure as of provider version R2.17+.

image_version str

The image version of the gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired software_version. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.

insane_mode bool

Specify true for Insane Mode high performance gateway. Insane Mode gateway size must be at least c5 size (AWS, AWSGov, AWS China, AWS Top Secret and AWS Secret) or Standard_D3_v2 (Azure and AzureGov); for GCP only four size are supported: "n1-highcpu-4", "n1-highcpu-8", "n1-highcpu-16" and "n1-highcpu-32". If enabled, you must specify a valid /26 CIDR segment of the VPC to create a new subnet for AWS, Azure, AzureGov, AWSGov, AWS Top Secret and AWS Secret. Only available for AWS, GCP/OCI, Azure, AzureGov, AzureChina, AWSGov, AWS Top Secret and AWS Secret. Valid values: true, false. Default value: false.

insane_mode_az str

AZ of subnet being created for Insane Mode Transit Gateway. Required for AWS, AWSGov, AWS China, AWS Top Secret or AWS Secret if insane_mode is enabled. Example: AWS: "us-west-1a".

lan_private_subnet str

LAN Private Subnet. Only valid when enabling Transit FireNet on GCP. Available as of provider version R2.18.1+.

lan_vpc_id str

LAN VPC ID. Only valid when enabling Transit FireNet on GCP. Available as of provider version R2.18.1+.

learned_cidrs_approval_mode str

Learned CIDRs approval mode. Either "gateway" (approval on a per gateway basis) or "connection" (approval on a per connection basis). Default value: "gateway". Available as of provider version R2.18+.

local_as_number str

Changes the Aviatrix Transit Gateway ASN number before you setup Aviatrix Transit Gateway connection configurations.

monitor_exclude_lists Sequence[str]

Set of monitored instance ids. Only valid when 'enable_monitor_gateway_subnets' = true. Available in provider version R2.18+.

oob_availability_zone str

OOB availability zone. Required if enabling Private OOB. Example: "us-west-1a".

oob_management_subnet str

OOB management subnet. Required if enabling Private OOB. Example: "11.0.2.0/24".

prepend_as_paths Sequence[str]

List of AS numbers to populate BGP AP_PATH field when it advertises to VGW or peer devices.

private_mode_lb_vpc_id str

VPC ID of Private Mode load balancer. Required when Private Mode is enabled on the Controller. Available in Provider version R2.23+.

private_mode_subnet_zone str

Availability Zone of the subnet. Required when Private Mode is enabled on the Controller and cloud_type is AWS or AWSGov. Available in Provider version R2.23+.

rx_queue_size str

Gateway ethernet interface RX queue size. Once set, can't be deleted or disabled. Available for AWS as of provider version R2.22+.

single_az_ha bool

Set to true if this feature is desired. Valid values: true, false.

single_ip_snat bool

Enable "single_ip" mode Source NAT for this container. Valid values: true, false. NOTE: Please see notes here in regards to changes to this argument in R2.10.

software_version str

The software version of the gateway. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.

spot_price str

Price for spot instance. NOT supported for production deployment.

tag_lists Sequence[str]

(Optional) Instance tag of cloud provider. Only supported for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina. Example: ["key1:value1","key2:value2"].

Deprecated:

Use tags instead.

tags Mapping[str, str]

Map of tags to assign to the gateway. Only available for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret gateways. Allowed characters vary by cloud type but always include: letters, spaces, and numbers. AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret allow the use of any character. Azure, AzureGov and AzureChina allows the following special characters: + - = . _ : @. Example: {"key1" = "value1", "key2" = "value2"}.

tunnel_detection_time int

The IPSec tunnel down detection time for the transit gateway.

zone str

Availability Zone. Only available for cloud_type = 8 (Azure). Must be in the form 'az-n', for example, 'az-2'. Available in provider version R2.17+.

accountName String

This parameter represents the name of a Cloud-Account in Aviatrix controller.

cloudType Number

Type of cloud service provider, requires an integer value. Currently only AWS(1), GCP(4), Azure(8), OCI(16), AzureGov(32), AWSGov(256), AWSChina(1024), AzureChina(2048), Alibaba Cloud(8192), AWS Top Secret(16384) and AWS Secret (32768) are supported.

gwName String

Name of the gateway which is going to be created.

gwSize String

Size of the gateway instance. Example: AWS: "t2.large", Azure/AzureGov: "Standard_B1s", OCI: "VM.Standard2.2", GCP: "n1-standard-1", AWSGov: "t2.large", AWSChina: "t2.large", AzureChina: "Standard_A0".

subnet String

A VPC Network address range selected from one of the available network ranges.

vpcId String

VPC-ID/VNet-Name of cloud provider.

vpcReg String

Region of cloud provider. Example: AWS: "us-east-1", GCP: "us-west2-a", Azure: "East US 2", OCI: "us-ashburn-1", AzureGov: "USGov Arizona", AWSGov: "us-gov-west-1", AWSChina: "cn-north-1", AzureChina: "China North", AWS Top Secret: "us-iso-east-1", AWS Secret: "us-isob-east-1".

allocateNewEip Boolean

When value is false, reuse an idle address in Elastic IP pool for this gateway. Otherwise, allocate a new Elastic IP and use it for this gateway. Available in Controller 4.7+. Valid values: true, false. Default: true.

approvedLearnedCidrs List<String>

A set of approved learned CIDRs. Only valid when enable_learned_cidrs_approval is set to true. Example: ["10.250.0.0/16", "10.251.0.0/16"]. Available as of provider version R2.21+.

availabilityDomain String

Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

azureEipNameResourceGroup String

Name of public IP Address resource and its resource group in Azure to be assigned to the Transit Gateway instance. Example: "IP_Name:Resource_Group_Name". Required if allocate_new_eip is false and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.

bgpEcmp Boolean

Enable Equal Cost Multi Path (ECMP) routing for the next hop. Default value: false.

bgpHoldTime Number

BGP hold time. Unit is in seconds. Valid values are between 12 and 360. Default value: 180.

bgpLanInterfaces List<Property Map>

Interfaces to run BGP protocol on top of the ethernet interface, to connect to the onprem/remote peer. Only available for GCP Transit. Each interface has the following attributes:

bgpLanInterfacesCount Number

Number of interfaces that will be created for BGP over LAN enabled Azure transit. Valid value: 1~5 for FireNet case, 1~7 for Non-FireNet case. Default value: 1. Available as of provider version R2.22+.

bgpManualSpokeAdvertiseCidrs String

Intended CIDR list to be advertised to external BGP router. Example: "10.2.0.0/16,10.4.0.0/16". Available as of R2.6. NOTE: If previously enabled through vgw_conn resource prior to provider version R2.6, please see notes here.

bgpPollingTime String

BGP route polling time. Unit is in seconds. Valid values are between 10 and 50. Default value: "50".

connectedTransit Boolean

Specify Connected Transit status. If enabled, it allows spokes to run traffics to other spokes via transit gateway. Valid values: true, false. Default value: false.

customerManagedKeys String

Customer managed key ID.

customizedSpokeVpcRoutes String

A list of comma-separated CIDRs to be customized for the spoke VPC routes. When configured, it will replace all learned routes in VPC routing tables, including RFC1918 and non-RFC1918 CIDRs. It applies to all spoke gateways attached to this transit gateway. Example: "10.0.0.0/16,10.2.0.0/16".

customizedTransitVpcRoutes List<String>

A list of CIDRs to be customized for the transit VPC routes. When configured, it will replace all learned routes in VPC routing tables, including RFC1918 and non-RFC1918 CIDRs. To be effective, enable_advertise_transit_cidr or firewall management access for a Transit FireNet gateway must be enabled. Example: ["10.0.0.0/16", "10.2.0.0/16"].

eip String

Required when allocate_new_eip is false. It uses the specified EIP for this gateway. Available in Controller version 4.7+. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.

enableActiveStandby Boolean

Enables Active-Standby Mode. Available only with HA enabled. Valid values: true, false. Default value: false. Available in provider version R2.17.1+.

enableActiveStandbyPreemptive Boolean

Enables Preemptive Mode for Active-Standby. Available only with BGP enabled, HA enabled and Active-Standby enabled. Valid values: true, false. Default value: false.

enableAdvertiseTransitCidr Boolean

Switch to enable/disable advertise transit VPC network CIDR for a VGW connection. Available as of R2.6. NOTE: If previously enabled through vgw_conn resource prior to provider version R2.6, please see notes here.

enableBgpOverLan Boolean

Pre-allocate a network interface(eth4) for "BGP over LAN" functionality. Must be enabled to create a BGP over LAN aviatrix.AviatrixTransitExternalDeviceConn resource with this Transit Gateway. Only valid for GCP (4), Azure (8), AzureGov (32) or AzureChina (2048). Valid values: true or false. Default value: false. Available as of provider version R2.18+.

enableEgressTransitFirenet Boolean

Enable Egress Transit FireNet. Valid values: true, false. Default value: false. Available in provider version R2.16.3+.

enableEncryptVolume Boolean

Enable EBS volume encryption for Gateway. Only supports AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret. Valid values: true, false. Default value: false.

enableFirenet Boolean

Set to true to use gateway for legacy AWS TGW-based FireNet connection. Valid values: true, false. Default value: false. NOTE: If previously using an older provider version R2.5 where attribute name was enable_firenet_interfaces, please see notes here.

enableGatewayLoadBalancer Boolean

Enable FireNet interfaces with AWS Gateway Load Balancer. Only valid when enable_firenet or enable_transit_firenet are set to true and cloud_type = 1 (AWS). Currently, AWS Gateway Load Balancer is only supported in AWS regions: us-west-2, us-east-1, eu-west-1, ap-southeast-2 and sa-east-1. Valid values: true or false. Default value: false. Available as of provider version R2.18+.

enableHybridConnection Boolean

Sign of readiness for AWS TGW connection. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret. Example: false.

enableJumboFrame Boolean

Enable jumbo frames for this transit gateway. Default value is true.

enableLearnedCidrsApproval Boolean

Switch to enable/disable encrypted transit approval for transit gateway. Valid values: true, false. Default value: false.

enableMonitorGatewaySubnets Boolean

If set to true, the Monitor Gateway Subnets feature is enabled. Default value is false. Available in provider version R2.18+.

enableMultiTierTransit Boolean

Enable Multi-tier Transit mode on transit gateway. When enabled, transit gateway will propagate routes it receives from its transit peering peer to other transit peering peers. local_as_number is required. Default value: false. Available as of provider version R2.19+.

enablePreserveAsPath Boolean

Enable preserve as_path when advertising manual summary cidrs on transit gateway. Valid values: true, false. Default value: false. Available as of provider version R.2.22.1+ },

enablePrivateOob Boolean

Enable Private OOB feature. Only available for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret. Valid values: true, false. Default value: false.

enableS2cRxBalancing Boolean

Enable S2C receive packet CPU re-balancing on transit gateway. Valid values: true, false. Default value: false. Available in provider version R2.21.2+.

enableSegmentation Boolean

Enable transit gateway for segmentation. Valid values: true, false. Default: false.

enableSpotInstance Boolean

Enable spot instance. NOT supported for production deployment.

enableTransitFirenet Boolean

Set to true to use gateway for Transit FireNet connection. Valid values: true, false. Default value: false. Available in provider version R2.12+.

enableTransitSummarizeCidrToTgw Boolean

Enable summarize CIDR to TGW. Valid values: true, false. Default value: false.

enableVpcDnsServer Boolean

Enable VPC DNS Server for Gateway. Currently only supported for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, Alibaba Cloud, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.

excludedAdvertisedSpokeRoutes String

A list of comma-separated CIDRs to be advertised to on-prem as 'Excluded CIDR List'. When configured, it inspects all the advertised CIDRs from its spoke gateways and remove those included in the 'Excluded CIDR List'. Example: "10.4.0.0/16,10.5.0.0/16".

faultDomain String

Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

filteredSpokeVpcRoutes String

A list of comma-separated CIDRs to be filtered from the spoke VPC route table. When configured, filtering CIDR(s) or it’s subnet will be deleted from VPC routing tables as well as from spoke gateway’s routing table. It applies to all spoke gateways attached to this transit gateway. Example: "10.2.0.0/16,10.3.0.0/16".

haAvailabilityDomain String

HA gateway availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

haAzureEipNameResourceGroup String

Name of public IP Address resource and its resource group in Azure to be assigned to the HA Transit Gateway instance. Example: "IP_Name:Resource_Group_Name". Required if ha_eip is set and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.

haBgpLanInterfaces List<Property Map>

Interfaces to run BGP protocol on top of the ethernet interface, to connect to the onprem/remote peer. Only available for GCP Transit HA. Each interface has the following attributes:

haEip String

Public IP address that you want to assign to the HA peering instance. If no value is given, a new EIP will automatically be allocated. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.

haFaultDomain String

HA gateway fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

haGwSize String

HA Gateway Size. Mandatory if enabling HA. Example: "t2.micro".

haImageVersion String

The image version of the HA gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired ha_software_version. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.

haInsaneModeAz String

AZ of subnet being created for Insane Mode Transit HA Gateway. Required for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret if insane_mode is enabled and ha_subnet is set. Example: AWS: "us-west-1a".

haOobAvailabilityZone String

HA OOB availability zone. Required if enabling Private OOB and HA. Example: "us-west-1b".

haOobManagementSubnet String

HA OOB management subnet. Required if enabling Private OOB and HA. Example: "11.0.0.48/28".

haPrivateModeSubnetZone String

Availability Zone of the HA subnet. Required when Private Mode is enabled on the Controller and cloud_type is AWS or AWSGov with HA. Available in Provider version R2.23+.

haSoftwareVersion String

The software version of the HA gateway. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the HA gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.

haSubnet String

HA Subnet CIDR. Required only if enabling HA for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, OCI, Alibaba Cloud, AWS Top Secret or AWS Secret gateways. Optional for GCP. Setting to empty/unsetting will disable HA. Setting to a valid subnet CIDR will create an HA gateway on the subnet. Example: "10.12.0.0/24".

haZone String

HA Zone. Required if enabling HA for GCP gateway. Optional if enabling HA for Azure gateway. For GCP, setting to empty/unsetting will disable HA and setting to a valid zone will create an HA gateway in the zone. Example: "us-west1-c". For Azure, this is an optional parameter to place the HA gateway in a specific availability zone. Valid values for Azure gateways are in the form "az-n". Example: "az-2". Available for Azure as of provider version R2.17+.

imageVersion String

The image version of the gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired software_version. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.

insaneMode Boolean

Specify true for Insane Mode high performance gateway. Insane Mode gateway size must be at least c5 size (AWS, AWSGov, AWS China, AWS Top Secret and AWS Secret) or Standard_D3_v2 (Azure and AzureGov); for GCP only four size are supported: "n1-highcpu-4", "n1-highcpu-8", "n1-highcpu-16" and "n1-highcpu-32". If enabled, you must specify a valid /26 CIDR segment of the VPC to create a new subnet for AWS, Azure, AzureGov, AWSGov, AWS Top Secret and AWS Secret. Only available for AWS, GCP/OCI, Azure, AzureGov, AzureChina, AWSGov, AWS Top Secret and AWS Secret. Valid values: true, false. Default value: false.

insaneModeAz String

AZ of subnet being created for Insane Mode Transit Gateway. Required for AWS, AWSGov, AWS China, AWS Top Secret or AWS Secret if insane_mode is enabled. Example: AWS: "us-west-1a".

lanPrivateSubnet String

LAN Private Subnet. Only valid when enabling Transit FireNet on GCP. Available as of provider version R2.18.1+.

lanVpcId String

LAN VPC ID. Only valid when enabling Transit FireNet on GCP. Available as of provider version R2.18.1+.

learnedCidrsApprovalMode String

Learned CIDRs approval mode. Either "gateway" (approval on a per gateway basis) or "connection" (approval on a per connection basis). Default value: "gateway". Available as of provider version R2.18+.

localAsNumber String

Changes the Aviatrix Transit Gateway ASN number before you setup Aviatrix Transit Gateway connection configurations.

monitorExcludeLists List<String>

Set of monitored instance ids. Only valid when 'enable_monitor_gateway_subnets' = true. Available in provider version R2.18+.

oobAvailabilityZone String

OOB availability zone. Required if enabling Private OOB. Example: "us-west-1a".

oobManagementSubnet String

OOB management subnet. Required if enabling Private OOB. Example: "11.0.2.0/24".

prependAsPaths List<String>

List of AS numbers to populate BGP AP_PATH field when it advertises to VGW or peer devices.

privateModeLbVpcId String

VPC ID of Private Mode load balancer. Required when Private Mode is enabled on the Controller. Available in Provider version R2.23+.

privateModeSubnetZone String

Availability Zone of the subnet. Required when Private Mode is enabled on the Controller and cloud_type is AWS or AWSGov. Available in Provider version R2.23+.

rxQueueSize String

Gateway ethernet interface RX queue size. Once set, can't be deleted or disabled. Available for AWS as of provider version R2.22+.

singleAzHa Boolean

Set to true if this feature is desired. Valid values: true, false.

singleIpSnat Boolean

Enable "single_ip" mode Source NAT for this container. Valid values: true, false. NOTE: Please see notes here in regards to changes to this argument in R2.10.

softwareVersion String

The software version of the gateway. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.

spotPrice String

Price for spot instance. NOT supported for production deployment.

tagLists List<String>

(Optional) Instance tag of cloud provider. Only supported for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina. Example: ["key1:value1","key2:value2"].

Deprecated:

Use tags instead.

tags Map<String>

Map of tags to assign to the gateway. Only available for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret gateways. Allowed characters vary by cloud type but always include: letters, spaces, and numbers. AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret allow the use of any character. Azure, AzureGov and AzureChina allows the following special characters: + - = . _ : @. Example: {"key1" = "value1", "key2" = "value2"}.

tunnelDetectionTime Number

The IPSec tunnel down detection time for the transit gateway.

zone String

Availability Zone. Only available for cloud_type = 8 (Azure). Must be in the form 'az-n', for example, 'az-2'. Available in provider version R2.17+.

Outputs

All input properties are implicitly available as output properties. Additionally, the AviatrixTransitGateway resource produces the following output properties:

BgpLanIpLists List<string>

List of available BGP LAN interface IPs for transit external device connection creation. Only supports GCP and Azure. Available as of provider version R2.21.0+.

CloudInstanceId string

Cloud instance ID of the transit gateway.

HaBgpLanIpLists List<string>

List of available BGP LAN interface IPs for transit external device HA connection creation. Only supports GCP and Azure. Available as of provider version R2.21.0+.

HaCloudInstanceId string

Cloud instance ID of the HA transit gateway.

HaGwName string

Aviatrix transit gateway unique name of HA transit gateway.

HaLanInterfaceCidr string

LAN interface CIDR of the HA transit gateway created (will be used when enabling FQDN Firenet in Azure). Available in provider version R2.18+.

HaPrivateIp string

Private IP address of the HA transit gateway created.

HaPublicIp string

Public IP address of the HA Transit Gateway.

HaSecurityGroupId string

HA security group used for the transit gateway.

Id string

The provider-assigned unique ID for this managed resource.

LanInterfaceCidr string

LAN interface CIDR of the transit gateway created (will be used when enabling FQDN Firenet in Azure). Available in provider version R2.17.1+.

PrivateIp string

Private IP address of the transit gateway created.

PublicIp string

Public IP address of the Transit Gateway created.

SecurityGroupId string

Security group used for the transit gateway.

BgpLanIpLists []string

List of available BGP LAN interface IPs for transit external device connection creation. Only supports GCP and Azure. Available as of provider version R2.21.0+.

CloudInstanceId string

Cloud instance ID of the transit gateway.

HaBgpLanIpLists []string

List of available BGP LAN interface IPs for transit external device HA connection creation. Only supports GCP and Azure. Available as of provider version R2.21.0+.

HaCloudInstanceId string

Cloud instance ID of the HA transit gateway.

HaGwName string

Aviatrix transit gateway unique name of HA transit gateway.

HaLanInterfaceCidr string

LAN interface CIDR of the HA transit gateway created (will be used when enabling FQDN Firenet in Azure). Available in provider version R2.18+.

HaPrivateIp string

Private IP address of the HA transit gateway created.

HaPublicIp string

Public IP address of the HA Transit Gateway.

HaSecurityGroupId string

HA security group used for the transit gateway.

Id string

The provider-assigned unique ID for this managed resource.

LanInterfaceCidr string

LAN interface CIDR of the transit gateway created (will be used when enabling FQDN Firenet in Azure). Available in provider version R2.17.1+.

PrivateIp string

Private IP address of the transit gateway created.

PublicIp string

Public IP address of the Transit Gateway created.

SecurityGroupId string

Security group used for the transit gateway.

bgpLanIpLists List<String>

List of available BGP LAN interface IPs for transit external device connection creation. Only supports GCP and Azure. Available as of provider version R2.21.0+.

cloudInstanceId String

Cloud instance ID of the transit gateway.

haBgpLanIpLists List<String>

List of available BGP LAN interface IPs for transit external device HA connection creation. Only supports GCP and Azure. Available as of provider version R2.21.0+.

haCloudInstanceId String

Cloud instance ID of the HA transit gateway.

haGwName String

Aviatrix transit gateway unique name of HA transit gateway.

haLanInterfaceCidr String

LAN interface CIDR of the HA transit gateway created (will be used when enabling FQDN Firenet in Azure). Available in provider version R2.18+.

haPrivateIp String

Private IP address of the HA transit gateway created.

haPublicIp String

Public IP address of the HA Transit Gateway.

haSecurityGroupId String

HA security group used for the transit gateway.

id String

The provider-assigned unique ID for this managed resource.

lanInterfaceCidr String

LAN interface CIDR of the transit gateway created (will be used when enabling FQDN Firenet in Azure). Available in provider version R2.17.1+.

privateIp String

Private IP address of the transit gateway created.

publicIp String

Public IP address of the Transit Gateway created.

securityGroupId String

Security group used for the transit gateway.

bgpLanIpLists string[]

List of available BGP LAN interface IPs for transit external device connection creation. Only supports GCP and Azure. Available as of provider version R2.21.0+.

cloudInstanceId string

Cloud instance ID of the transit gateway.

haBgpLanIpLists string[]

List of available BGP LAN interface IPs for transit external device HA connection creation. Only supports GCP and Azure. Available as of provider version R2.21.0+.

haCloudInstanceId string

Cloud instance ID of the HA transit gateway.

haGwName string

Aviatrix transit gateway unique name of HA transit gateway.

haLanInterfaceCidr string

LAN interface CIDR of the HA transit gateway created (will be used when enabling FQDN Firenet in Azure). Available in provider version R2.18+.

haPrivateIp string

Private IP address of the HA transit gateway created.

haPublicIp string

Public IP address of the HA Transit Gateway.

haSecurityGroupId string

HA security group used for the transit gateway.

id string

The provider-assigned unique ID for this managed resource.

lanInterfaceCidr string

LAN interface CIDR of the transit gateway created (will be used when enabling FQDN Firenet in Azure). Available in provider version R2.17.1+.

privateIp string

Private IP address of the transit gateway created.

publicIp string

Public IP address of the Transit Gateway created.

securityGroupId string

Security group used for the transit gateway.

bgp_lan_ip_lists Sequence[str]

List of available BGP LAN interface IPs for transit external device connection creation. Only supports GCP and Azure. Available as of provider version R2.21.0+.

cloud_instance_id str

Cloud instance ID of the transit gateway.

ha_bgp_lan_ip_lists Sequence[str]

List of available BGP LAN interface IPs for transit external device HA connection creation. Only supports GCP and Azure. Available as of provider version R2.21.0+.

ha_cloud_instance_id str

Cloud instance ID of the HA transit gateway.

ha_gw_name str

Aviatrix transit gateway unique name of HA transit gateway.

ha_lan_interface_cidr str

LAN interface CIDR of the HA transit gateway created (will be used when enabling FQDN Firenet in Azure). Available in provider version R2.18+.

ha_private_ip str

Private IP address of the HA transit gateway created.

ha_public_ip str

Public IP address of the HA Transit Gateway.

ha_security_group_id str

HA security group used for the transit gateway.

id str

The provider-assigned unique ID for this managed resource.

lan_interface_cidr str

LAN interface CIDR of the transit gateway created (will be used when enabling FQDN Firenet in Azure). Available in provider version R2.17.1+.

private_ip str

Private IP address of the transit gateway created.

public_ip str

Public IP address of the Transit Gateway created.

security_group_id str

Security group used for the transit gateway.

bgpLanIpLists List<String>

List of available BGP LAN interface IPs for transit external device connection creation. Only supports GCP and Azure. Available as of provider version R2.21.0+.

cloudInstanceId String

Cloud instance ID of the transit gateway.

haBgpLanIpLists List<String>

List of available BGP LAN interface IPs for transit external device HA connection creation. Only supports GCP and Azure. Available as of provider version R2.21.0+.

haCloudInstanceId String

Cloud instance ID of the HA transit gateway.

haGwName String

Aviatrix transit gateway unique name of HA transit gateway.

haLanInterfaceCidr String

LAN interface CIDR of the HA transit gateway created (will be used when enabling FQDN Firenet in Azure). Available in provider version R2.18+.

haPrivateIp String

Private IP address of the HA transit gateway created.

haPublicIp String

Public IP address of the HA Transit Gateway.

haSecurityGroupId String

HA security group used for the transit gateway.

id String

The provider-assigned unique ID for this managed resource.

lanInterfaceCidr String

LAN interface CIDR of the transit gateway created (will be used when enabling FQDN Firenet in Azure). Available in provider version R2.17.1+.

privateIp String

Private IP address of the transit gateway created.

publicIp String

Public IP address of the Transit Gateway created.

securityGroupId String

Security group used for the transit gateway.

Look up Existing AviatrixTransitGateway Resource

Get an existing AviatrixTransitGateway resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: AviatrixTransitGatewayState, opts?: CustomResourceOptions): AviatrixTransitGateway
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        account_name: Optional[str] = None,
        allocate_new_eip: Optional[bool] = None,
        approved_learned_cidrs: Optional[Sequence[str]] = None,
        availability_domain: Optional[str] = None,
        azure_eip_name_resource_group: Optional[str] = None,
        bgp_ecmp: Optional[bool] = None,
        bgp_hold_time: Optional[int] = None,
        bgp_lan_interfaces: Optional[Sequence[AviatrixTransitGatewayBgpLanInterfaceArgs]] = None,
        bgp_lan_interfaces_count: Optional[int] = None,
        bgp_lan_ip_lists: Optional[Sequence[str]] = None,
        bgp_manual_spoke_advertise_cidrs: Optional[str] = None,
        bgp_polling_time: Optional[str] = None,
        cloud_instance_id: Optional[str] = None,
        cloud_type: Optional[int] = None,
        connected_transit: Optional[bool] = None,
        customer_managed_keys: Optional[str] = None,
        customized_spoke_vpc_routes: Optional[str] = None,
        customized_transit_vpc_routes: Optional[Sequence[str]] = None,
        eip: Optional[str] = None,
        enable_active_standby: Optional[bool] = None,
        enable_active_standby_preemptive: Optional[bool] = None,
        enable_advertise_transit_cidr: Optional[bool] = None,
        enable_bgp_over_lan: Optional[bool] = None,
        enable_egress_transit_firenet: Optional[bool] = None,
        enable_encrypt_volume: Optional[bool] = None,
        enable_firenet: Optional[bool] = None,
        enable_gateway_load_balancer: Optional[bool] = None,
        enable_hybrid_connection: Optional[bool] = None,
        enable_jumbo_frame: Optional[bool] = None,
        enable_learned_cidrs_approval: Optional[bool] = None,
        enable_monitor_gateway_subnets: Optional[bool] = None,
        enable_multi_tier_transit: Optional[bool] = None,
        enable_preserve_as_path: Optional[bool] = None,
        enable_private_oob: Optional[bool] = None,
        enable_s2c_rx_balancing: Optional[bool] = None,
        enable_segmentation: Optional[bool] = None,
        enable_spot_instance: Optional[bool] = None,
        enable_transit_firenet: Optional[bool] = None,
        enable_transit_summarize_cidr_to_tgw: Optional[bool] = None,
        enable_vpc_dns_server: Optional[bool] = None,
        excluded_advertised_spoke_routes: Optional[str] = None,
        fault_domain: Optional[str] = None,
        filtered_spoke_vpc_routes: Optional[str] = None,
        gw_name: Optional[str] = None,
        gw_size: Optional[str] = None,
        ha_availability_domain: Optional[str] = None,
        ha_azure_eip_name_resource_group: Optional[str] = None,
        ha_bgp_lan_interfaces: Optional[Sequence[AviatrixTransitGatewayHaBgpLanInterfaceArgs]] = None,
        ha_bgp_lan_ip_lists: Optional[Sequence[str]] = None,
        ha_cloud_instance_id: Optional[str] = None,
        ha_eip: Optional[str] = None,
        ha_fault_domain: Optional[str] = None,
        ha_gw_name: Optional[str] = None,
        ha_gw_size: Optional[str] = None,
        ha_image_version: Optional[str] = None,
        ha_insane_mode_az: Optional[str] = None,
        ha_lan_interface_cidr: Optional[str] = None,
        ha_oob_availability_zone: Optional[str] = None,
        ha_oob_management_subnet: Optional[str] = None,
        ha_private_ip: Optional[str] = None,
        ha_private_mode_subnet_zone: Optional[str] = None,
        ha_public_ip: Optional[str] = None,
        ha_security_group_id: Optional[str] = None,
        ha_software_version: Optional[str] = None,
        ha_subnet: Optional[str] = None,
        ha_zone: Optional[str] = None,
        image_version: Optional[str] = None,
        insane_mode: Optional[bool] = None,
        insane_mode_az: Optional[str] = None,
        lan_interface_cidr: Optional[str] = None,
        lan_private_subnet: Optional[str] = None,
        lan_vpc_id: Optional[str] = None,
        learned_cidrs_approval_mode: Optional[str] = None,
        local_as_number: Optional[str] = None,
        monitor_exclude_lists: Optional[Sequence[str]] = None,
        oob_availability_zone: Optional[str] = None,
        oob_management_subnet: Optional[str] = None,
        prepend_as_paths: Optional[Sequence[str]] = None,
        private_ip: Optional[str] = None,
        private_mode_lb_vpc_id: Optional[str] = None,
        private_mode_subnet_zone: Optional[str] = None,
        public_ip: Optional[str] = None,
        rx_queue_size: Optional[str] = None,
        security_group_id: Optional[str] = None,
        single_az_ha: Optional[bool] = None,
        single_ip_snat: Optional[bool] = None,
        software_version: Optional[str] = None,
        spot_price: Optional[str] = None,
        subnet: Optional[str] = None,
        tag_lists: Optional[Sequence[str]] = None,
        tags: Optional[Mapping[str, str]] = None,
        tunnel_detection_time: Optional[int] = None,
        vpc_id: Optional[str] = None,
        vpc_reg: Optional[str] = None,
        zone: Optional[str] = None) -> AviatrixTransitGateway
func GetAviatrixTransitGateway(ctx *Context, name string, id IDInput, state *AviatrixTransitGatewayState, opts ...ResourceOption) (*AviatrixTransitGateway, error)
public static AviatrixTransitGateway Get(string name, Input<string> id, AviatrixTransitGatewayState? state, CustomResourceOptions? opts = null)
public static AviatrixTransitGateway get(String name, Output<String> id, AviatrixTransitGatewayState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
AccountName string

This parameter represents the name of a Cloud-Account in Aviatrix controller.

AllocateNewEip bool

When value is false, reuse an idle address in Elastic IP pool for this gateway. Otherwise, allocate a new Elastic IP and use it for this gateway. Available in Controller 4.7+. Valid values: true, false. Default: true.

ApprovedLearnedCidrs List<string>

A set of approved learned CIDRs. Only valid when enable_learned_cidrs_approval is set to true. Example: ["10.250.0.0/16", "10.251.0.0/16"]. Available as of provider version R2.21+.

AvailabilityDomain string

Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

AzureEipNameResourceGroup string

Name of public IP Address resource and its resource group in Azure to be assigned to the Transit Gateway instance. Example: "IP_Name:Resource_Group_Name". Required if allocate_new_eip is false and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.

BgpEcmp bool

Enable Equal Cost Multi Path (ECMP) routing for the next hop. Default value: false.

BgpHoldTime int

BGP hold time. Unit is in seconds. Valid values are between 12 and 360. Default value: 180.

BgpLanInterfaces List<AviatrixTransitGatewayBgpLanInterfaceArgs>

Interfaces to run BGP protocol on top of the ethernet interface, to connect to the onprem/remote peer. Only available for GCP Transit. Each interface has the following attributes:

BgpLanInterfacesCount int

Number of interfaces that will be created for BGP over LAN enabled Azure transit. Valid value: 1~5 for FireNet case, 1~7 for Non-FireNet case. Default value: 1. Available as of provider version R2.22+.

BgpLanIpLists List<string>

List of available BGP LAN interface IPs for transit external device connection creation. Only supports GCP and Azure. Available as of provider version R2.21.0+.

BgpManualSpokeAdvertiseCidrs string

Intended CIDR list to be advertised to external BGP router. Example: "10.2.0.0/16,10.4.0.0/16". Available as of R2.6. NOTE: If previously enabled through vgw_conn resource prior to provider version R2.6, please see notes here.

BgpPollingTime string

BGP route polling time. Unit is in seconds. Valid values are between 10 and 50. Default value: "50".

CloudInstanceId string

Cloud instance ID of the transit gateway.

CloudType int

Type of cloud service provider, requires an integer value. Currently only AWS(1), GCP(4), Azure(8), OCI(16), AzureGov(32), AWSGov(256), AWSChina(1024), AzureChina(2048), Alibaba Cloud(8192), AWS Top Secret(16384) and AWS Secret (32768) are supported.

ConnectedTransit bool

Specify Connected Transit status. If enabled, it allows spokes to run traffics to other spokes via transit gateway. Valid values: true, false. Default value: false.

CustomerManagedKeys string

Customer managed key ID.

CustomizedSpokeVpcRoutes string

A list of comma-separated CIDRs to be customized for the spoke VPC routes. When configured, it will replace all learned routes in VPC routing tables, including RFC1918 and non-RFC1918 CIDRs. It applies to all spoke gateways attached to this transit gateway. Example: "10.0.0.0/16,10.2.0.0/16".

CustomizedTransitVpcRoutes List<string>

A list of CIDRs to be customized for the transit VPC routes. When configured, it will replace all learned routes in VPC routing tables, including RFC1918 and non-RFC1918 CIDRs. To be effective, enable_advertise_transit_cidr or firewall management access for a Transit FireNet gateway must be enabled. Example: ["10.0.0.0/16", "10.2.0.0/16"].

Eip string

Required when allocate_new_eip is false. It uses the specified EIP for this gateway. Available in Controller version 4.7+. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.

EnableActiveStandby bool

Enables Active-Standby Mode. Available only with HA enabled. Valid values: true, false. Default value: false. Available in provider version R2.17.1+.

EnableActiveStandbyPreemptive bool

Enables Preemptive Mode for Active-Standby. Available only with BGP enabled, HA enabled and Active-Standby enabled. Valid values: true, false. Default value: false.

EnableAdvertiseTransitCidr bool

Switch to enable/disable advertise transit VPC network CIDR for a VGW connection. Available as of R2.6. NOTE: If previously enabled through vgw_conn resource prior to provider version R2.6, please see notes here.

EnableBgpOverLan bool

Pre-allocate a network interface(eth4) for "BGP over LAN" functionality. Must be enabled to create a BGP over LAN aviatrix.AviatrixTransitExternalDeviceConn resource with this Transit Gateway. Only valid for GCP (4), Azure (8), AzureGov (32) or AzureChina (2048). Valid values: true or false. Default value: false. Available as of provider version R2.18+.

EnableEgressTransitFirenet bool

Enable Egress Transit FireNet. Valid values: true, false. Default value: false. Available in provider version R2.16.3+.

EnableEncryptVolume bool

Enable EBS volume encryption for Gateway. Only supports AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret. Valid values: true, false. Default value: false.

EnableFirenet bool

Set to true to use gateway for legacy AWS TGW-based FireNet connection. Valid values: true, false. Default value: false. NOTE: If previously using an older provider version R2.5 where attribute name was enable_firenet_interfaces, please see notes here.

EnableGatewayLoadBalancer bool

Enable FireNet interfaces with AWS Gateway Load Balancer. Only valid when enable_firenet or enable_transit_firenet are set to true and cloud_type = 1 (AWS). Currently, AWS Gateway Load Balancer is only supported in AWS regions: us-west-2, us-east-1, eu-west-1, ap-southeast-2 and sa-east-1. Valid values: true or false. Default value: false. Available as of provider version R2.18+.

EnableHybridConnection bool

Sign of readiness for AWS TGW connection. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret. Example: false.

EnableJumboFrame bool

Enable jumbo frames for this transit gateway. Default value is true.

EnableLearnedCidrsApproval bool

Switch to enable/disable encrypted transit approval for transit gateway. Valid values: true, false. Default value: false.

EnableMonitorGatewaySubnets bool

If set to true, the Monitor Gateway Subnets feature is enabled. Default value is false. Available in provider version R2.18+.

EnableMultiTierTransit bool

Enable Multi-tier Transit mode on transit gateway. When enabled, transit gateway will propagate routes it receives from its transit peering peer to other transit peering peers. local_as_number is required. Default value: false. Available as of provider version R2.19+.

EnablePreserveAsPath bool

Enable preserve as_path when advertising manual summary cidrs on transit gateway. Valid values: true, false. Default value: false. Available as of provider version R.2.22.1+ },

EnablePrivateOob bool

Enable Private OOB feature. Only available for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret. Valid values: true, false. Default value: false.

EnableS2cRxBalancing bool

Enable S2C receive packet CPU re-balancing on transit gateway. Valid values: true, false. Default value: false. Available in provider version R2.21.2+.

EnableSegmentation bool

Enable transit gateway for segmentation. Valid values: true, false. Default: false.

EnableSpotInstance bool

Enable spot instance. NOT supported for production deployment.

EnableTransitFirenet bool

Set to true to use gateway for Transit FireNet connection. Valid values: true, false. Default value: false. Available in provider version R2.12+.

EnableTransitSummarizeCidrToTgw bool

Enable summarize CIDR to TGW. Valid values: true, false. Default value: false.

EnableVpcDnsServer bool

Enable VPC DNS Server for Gateway. Currently only supported for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, Alibaba Cloud, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.

ExcludedAdvertisedSpokeRoutes string

A list of comma-separated CIDRs to be advertised to on-prem as 'Excluded CIDR List'. When configured, it inspects all the advertised CIDRs from its spoke gateways and remove those included in the 'Excluded CIDR List'. Example: "10.4.0.0/16,10.5.0.0/16".

FaultDomain string

Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

FilteredSpokeVpcRoutes string

A list of comma-separated CIDRs to be filtered from the spoke VPC route table. When configured, filtering CIDR(s) or it’s subnet will be deleted from VPC routing tables as well as from spoke gateway’s routing table. It applies to all spoke gateways attached to this transit gateway. Example: "10.2.0.0/16,10.3.0.0/16".

GwName string

Name of the gateway which is going to be created.

GwSize string

Size of the gateway instance. Example: AWS: "t2.large", Azure/AzureGov: "Standard_B1s", OCI: "VM.Standard2.2", GCP: "n1-standard-1", AWSGov: "t2.large", AWSChina: "t2.large", AzureChina: "Standard_A0".

HaAvailabilityDomain string

HA gateway availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

HaAzureEipNameResourceGroup string

Name of public IP Address resource and its resource group in Azure to be assigned to the HA Transit Gateway instance. Example: "IP_Name:Resource_Group_Name". Required if ha_eip is set and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.

HaBgpLanInterfaces List<AviatrixTransitGatewayHaBgpLanInterfaceArgs>

Interfaces to run BGP protocol on top of the ethernet interface, to connect to the onprem/remote peer. Only available for GCP Transit HA. Each interface has the following attributes:

HaBgpLanIpLists List<string>

List of available BGP LAN interface IPs for transit external device HA connection creation. Only supports GCP and Azure. Available as of provider version R2.21.0+.

HaCloudInstanceId string

Cloud instance ID of the HA transit gateway.

HaEip string

Public IP address that you want to assign to the HA peering instance. If no value is given, a new EIP will automatically be allocated. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.

HaFaultDomain string

HA gateway fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

HaGwName string

Aviatrix transit gateway unique name of HA transit gateway.

HaGwSize string

HA Gateway Size. Mandatory if enabling HA. Example: "t2.micro".

HaImageVersion string

The image version of the HA gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired ha_software_version. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.

HaInsaneModeAz string

AZ of subnet being created for Insane Mode Transit HA Gateway. Required for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret if insane_mode is enabled and ha_subnet is set. Example: AWS: "us-west-1a".

HaLanInterfaceCidr string

LAN interface CIDR of the HA transit gateway created (will be used when enabling FQDN Firenet in Azure). Available in provider version R2.18+.

HaOobAvailabilityZone string

HA OOB availability zone. Required if enabling Private OOB and HA. Example: "us-west-1b".

HaOobManagementSubnet string

HA OOB management subnet. Required if enabling Private OOB and HA. Example: "11.0.0.48/28".

HaPrivateIp string

Private IP address of the HA transit gateway created.

HaPrivateModeSubnetZone string

Availability Zone of the HA subnet. Required when Private Mode is enabled on the Controller and cloud_type is AWS or AWSGov with HA. Available in Provider version R2.23+.

HaPublicIp string

Public IP address of the HA Transit Gateway.

HaSecurityGroupId string

HA security group used for the transit gateway.

HaSoftwareVersion string

The software version of the HA gateway. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the HA gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.

HaSubnet string

HA Subnet CIDR. Required only if enabling HA for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, OCI, Alibaba Cloud, AWS Top Secret or AWS Secret gateways. Optional for GCP. Setting to empty/unsetting will disable HA. Setting to a valid subnet CIDR will create an HA gateway on the subnet. Example: "10.12.0.0/24".

HaZone string

HA Zone. Required if enabling HA for GCP gateway. Optional if enabling HA for Azure gateway. For GCP, setting to empty/unsetting will disable HA and setting to a valid zone will create an HA gateway in the zone. Example: "us-west1-c". For Azure, this is an optional parameter to place the HA gateway in a specific availability zone. Valid values for Azure gateways are in the form "az-n". Example: "az-2". Available for Azure as of provider version R2.17+.

ImageVersion string

The image version of the gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired software_version. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.

InsaneMode bool

Specify true for Insane Mode high performance gateway. Insane Mode gateway size must be at least c5 size (AWS, AWSGov, AWS China, AWS Top Secret and AWS Secret) or Standard_D3_v2 (Azure and AzureGov); for GCP only four size are supported: "n1-highcpu-4", "n1-highcpu-8", "n1-highcpu-16" and "n1-highcpu-32". If enabled, you must specify a valid /26 CIDR segment of the VPC to create a new subnet for AWS, Azure, AzureGov, AWSGov, AWS Top Secret and AWS Secret. Only available for AWS, GCP/OCI, Azure, AzureGov, AzureChina, AWSGov, AWS Top Secret and AWS Secret. Valid values: true, false. Default value: false.

InsaneModeAz string

AZ of subnet being created for Insane Mode Transit Gateway. Required for AWS, AWSGov, AWS China, AWS Top Secret or AWS Secret if insane_mode is enabled. Example: AWS: "us-west-1a".

LanInterfaceCidr string

LAN interface CIDR of the transit gateway created (will be used when enabling FQDN Firenet in Azure). Available in provider version R2.17.1+.

LanPrivateSubnet string

LAN Private Subnet. Only valid when enabling Transit FireNet on GCP. Available as of provider version R2.18.1+.

LanVpcId string

LAN VPC ID. Only valid when enabling Transit FireNet on GCP. Available as of provider version R2.18.1+.

LearnedCidrsApprovalMode string

Learned CIDRs approval mode. Either "gateway" (approval on a per gateway basis) or "connection" (approval on a per connection basis). Default value: "gateway". Available as of provider version R2.18+.

LocalAsNumber string

Changes the Aviatrix Transit Gateway ASN number before you setup Aviatrix Transit Gateway connection configurations.

MonitorExcludeLists List<string>

Set of monitored instance ids. Only valid when 'enable_monitor_gateway_subnets' = true. Available in provider version R2.18+.

OobAvailabilityZone string

OOB availability zone. Required if enabling Private OOB. Example: "us-west-1a".

OobManagementSubnet string

OOB management subnet. Required if enabling Private OOB. Example: "11.0.2.0/24".

PrependAsPaths List<string>

List of AS numbers to populate BGP AP_PATH field when it advertises to VGW or peer devices.

PrivateIp string

Private IP address of the transit gateway created.

PrivateModeLbVpcId string

VPC ID of Private Mode load balancer. Required when Private Mode is enabled on the Controller. Available in Provider version R2.23+.

PrivateModeSubnetZone string

Availability Zone of the subnet. Required when Private Mode is enabled on the Controller and cloud_type is AWS or AWSGov. Available in Provider version R2.23+.

PublicIp string

Public IP address of the Transit Gateway created.

RxQueueSize string

Gateway ethernet interface RX queue size. Once set, can't be deleted or disabled. Available for AWS as of provider version R2.22+.

SecurityGroupId string

Security group used for the transit gateway.

SingleAzHa bool

Set to true if this feature is desired. Valid values: true, false.

SingleIpSnat bool

Enable "single_ip" mode Source NAT for this container. Valid values: true, false. NOTE: Please see notes here in regards to changes to this argument in R2.10.

SoftwareVersion string

The software version of the gateway. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.

SpotPrice string

Price for spot instance. NOT supported for production deployment.

Subnet string

A VPC Network address range selected from one of the available network ranges.

TagLists List<string>

(Optional) Instance tag of cloud provider. Only supported for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina. Example: ["key1:value1","key2:value2"].

Deprecated:

Use tags instead.

Tags Dictionary<string, string>

Map of tags to assign to the gateway. Only available for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret gateways. Allowed characters vary by cloud type but always include: letters, spaces, and numbers. AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret allow the use of any character. Azure, AzureGov and AzureChina allows the following special characters: + - = . _ : @. Example: {"key1" = "value1", "key2" = "value2"}.

TunnelDetectionTime int

The IPSec tunnel down detection time for the transit gateway.

VpcId string

VPC-ID/VNet-Name of cloud provider.

VpcReg string

Region of cloud provider. Example: AWS: "us-east-1", GCP: "us-west2-a", Azure: "East US 2", OCI: "us-ashburn-1", AzureGov: "USGov Arizona", AWSGov: "us-gov-west-1", AWSChina: "cn-north-1", AzureChina: "China North", AWS Top Secret: "us-iso-east-1", AWS Secret: "us-isob-east-1".

Zone string

Availability Zone. Only available for cloud_type = 8 (Azure). Must be in the form 'az-n', for example, 'az-2'. Available in provider version R2.17+.

AccountName string

This parameter represents the name of a Cloud-Account in Aviatrix controller.

AllocateNewEip bool

When value is false, reuse an idle address in Elastic IP pool for this gateway. Otherwise, allocate a new Elastic IP and use it for this gateway. Available in Controller 4.7+. Valid values: true, false. Default: true.

ApprovedLearnedCidrs []string

A set of approved learned CIDRs. Only valid when enable_learned_cidrs_approval is set to true. Example: ["10.250.0.0/16", "10.251.0.0/16"]. Available as of provider version R2.21+.

AvailabilityDomain string

Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

AzureEipNameResourceGroup string

Name of public IP Address resource and its resource group in Azure to be assigned to the Transit Gateway instance. Example: "IP_Name:Resource_Group_Name". Required if allocate_new_eip is false and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.

BgpEcmp bool

Enable Equal Cost Multi Path (ECMP) routing for the next hop. Default value: false.

BgpHoldTime int

BGP hold time. Unit is in seconds. Valid values are between 12 and 360. Default value: 180.

BgpLanInterfaces []AviatrixTransitGatewayBgpLanInterfaceArgs

Interfaces to run BGP protocol on top of the ethernet interface, to connect to the onprem/remote peer. Only available for GCP Transit. Each interface has the following attributes:

BgpLanInterfacesCount int

Number of interfaces that will be created for BGP over LAN enabled Azure transit. Valid value: 1~5 for FireNet case, 1~7 for Non-FireNet case. Default value: 1. Available as of provider version R2.22+.

BgpLanIpLists []string

List of available BGP LAN interface IPs for transit external device connection creation. Only supports GCP and Azure. Available as of provider version R2.21.0+.

BgpManualSpokeAdvertiseCidrs string

Intended CIDR list to be advertised to external BGP router. Example: "10.2.0.0/16,10.4.0.0/16". Available as of R2.6. NOTE: If previously enabled through vgw_conn resource prior to provider version R2.6, please see notes here.

BgpPollingTime string

BGP route polling time. Unit is in seconds. Valid values are between 10 and 50. Default value: "50".

CloudInstanceId string

Cloud instance ID of the transit gateway.

CloudType int

Type of cloud service provider, requires an integer value. Currently only AWS(1), GCP(4), Azure(8), OCI(16), AzureGov(32), AWSGov(256), AWSChina(1024), AzureChina(2048), Alibaba Cloud(8192), AWS Top Secret(16384) and AWS Secret (32768) are supported.

ConnectedTransit bool

Specify Connected Transit status. If enabled, it allows spokes to run traffics to other spokes via transit gateway. Valid values: true, false. Default value: false.

CustomerManagedKeys string

Customer managed key ID.

CustomizedSpokeVpcRoutes string

A list of comma-separated CIDRs to be customized for the spoke VPC routes. When configured, it will replace all learned routes in VPC routing tables, including RFC1918 and non-RFC1918 CIDRs. It applies to all spoke gateways attached to this transit gateway. Example: "10.0.0.0/16,10.2.0.0/16".

CustomizedTransitVpcRoutes []string

A list of CIDRs to be customized for the transit VPC routes. When configured, it will replace all learned routes in VPC routing tables, including RFC1918 and non-RFC1918 CIDRs. To be effective, enable_advertise_transit_cidr or firewall management access for a Transit FireNet gateway must be enabled. Example: ["10.0.0.0/16", "10.2.0.0/16"].

Eip string

Required when allocate_new_eip is false. It uses the specified EIP for this gateway. Available in Controller version 4.7+. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.

EnableActiveStandby bool

Enables Active-Standby Mode. Available only with HA enabled. Valid values: true, false. Default value: false. Available in provider version R2.17.1+.

EnableActiveStandbyPreemptive bool

Enables Preemptive Mode for Active-Standby. Available only with BGP enabled, HA enabled and Active-Standby enabled. Valid values: true, false. Default value: false.

EnableAdvertiseTransitCidr bool

Switch to enable/disable advertise transit VPC network CIDR for a VGW connection. Available as of R2.6. NOTE: If previously enabled through vgw_conn resource prior to provider version R2.6, please see notes here.

EnableBgpOverLan bool

Pre-allocate a network interface(eth4) for "BGP over LAN" functionality. Must be enabled to create a BGP over LAN aviatrix.AviatrixTransitExternalDeviceConn resource with this Transit Gateway. Only valid for GCP (4), Azure (8), AzureGov (32) or AzureChina (2048). Valid values: true or false. Default value: false. Available as of provider version R2.18+.

EnableEgressTransitFirenet bool

Enable Egress Transit FireNet. Valid values: true, false. Default value: false. Available in provider version R2.16.3+.

EnableEncryptVolume bool

Enable EBS volume encryption for Gateway. Only supports AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret. Valid values: true, false. Default value: false.

EnableFirenet bool

Set to true to use gateway for legacy AWS TGW-based FireNet connection. Valid values: true, false. Default value: false. NOTE: If previously using an older provider version R2.5 where attribute name was enable_firenet_interfaces, please see notes here.

EnableGatewayLoadBalancer bool

Enable FireNet interfaces with AWS Gateway Load Balancer. Only valid when enable_firenet or enable_transit_firenet are set to true and cloud_type = 1 (AWS). Currently, AWS Gateway Load Balancer is only supported in AWS regions: us-west-2, us-east-1, eu-west-1, ap-southeast-2 and sa-east-1. Valid values: true or false. Default value: false. Available as of provider version R2.18+.

EnableHybridConnection bool

Sign of readiness for AWS TGW connection. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret. Example: false.

EnableJumboFrame bool

Enable jumbo frames for this transit gateway. Default value is true.

EnableLearnedCidrsApproval bool

Switch to enable/disable encrypted transit approval for transit gateway. Valid values: true, false. Default value: false.

EnableMonitorGatewaySubnets bool

If set to true, the Monitor Gateway Subnets feature is enabled. Default value is false. Available in provider version R2.18+.

EnableMultiTierTransit bool

Enable Multi-tier Transit mode on transit gateway. When enabled, transit gateway will propagate routes it receives from its transit peering peer to other transit peering peers. local_as_number is required. Default value: false. Available as of provider version R2.19+.

EnablePreserveAsPath bool

Enable preserve as_path when advertising manual summary cidrs on transit gateway. Valid values: true, false. Default value: false. Available as of provider version R.2.22.1+ },

EnablePrivateOob bool

Enable Private OOB feature. Only available for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret. Valid values: true, false. Default value: false.

EnableS2cRxBalancing bool

Enable S2C receive packet CPU re-balancing on transit gateway. Valid values: true, false. Default value: false. Available in provider version R2.21.2+.

EnableSegmentation bool

Enable transit gateway for segmentation. Valid values: true, false. Default: false.

EnableSpotInstance bool

Enable spot instance. NOT supported for production deployment.

EnableTransitFirenet bool

Set to true to use gateway for Transit FireNet connection. Valid values: true, false. Default value: false. Available in provider version R2.12+.

EnableTransitSummarizeCidrToTgw bool

Enable summarize CIDR to TGW. Valid values: true, false. Default value: false.

EnableVpcDnsServer bool

Enable VPC DNS Server for Gateway. Currently only supported for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, Alibaba Cloud, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.

ExcludedAdvertisedSpokeRoutes string

A list of comma-separated CIDRs to be advertised to on-prem as 'Excluded CIDR List'. When configured, it inspects all the advertised CIDRs from its spoke gateways and remove those included in the 'Excluded CIDR List'. Example: "10.4.0.0/16,10.5.0.0/16".

FaultDomain string

Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

FilteredSpokeVpcRoutes string

A list of comma-separated CIDRs to be filtered from the spoke VPC route table. When configured, filtering CIDR(s) or it’s subnet will be deleted from VPC routing tables as well as from spoke gateway’s routing table. It applies to all spoke gateways attached to this transit gateway. Example: "10.2.0.0/16,10.3.0.0/16".

GwName string

Name of the gateway which is going to be created.

GwSize string

Size of the gateway instance. Example: AWS: "t2.large", Azure/AzureGov: "Standard_B1s", OCI: "VM.Standard2.2", GCP: "n1-standard-1", AWSGov: "t2.large", AWSChina: "t2.large", AzureChina: "Standard_A0".

HaAvailabilityDomain string

HA gateway availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

HaAzureEipNameResourceGroup string

Name of public IP Address resource and its resource group in Azure to be assigned to the HA Transit Gateway instance. Example: "IP_Name:Resource_Group_Name". Required if ha_eip is set and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.

HaBgpLanInterfaces []AviatrixTransitGatewayHaBgpLanInterfaceArgs

Interfaces to run BGP protocol on top of the ethernet interface, to connect to the onprem/remote peer. Only available for GCP Transit HA. Each interface has the following attributes:

HaBgpLanIpLists []string

List of available BGP LAN interface IPs for transit external device HA connection creation. Only supports GCP and Azure. Available as of provider version R2.21.0+.

HaCloudInstanceId string

Cloud instance ID of the HA transit gateway.

HaEip string

Public IP address that you want to assign to the HA peering instance. If no value is given, a new EIP will automatically be allocated. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.

HaFaultDomain string

HA gateway fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

HaGwName string

Aviatrix transit gateway unique name of HA transit gateway.

HaGwSize string

HA Gateway Size. Mandatory if enabling HA. Example: "t2.micro".

HaImageVersion string

The image version of the HA gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired ha_software_version. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.

HaInsaneModeAz string

AZ of subnet being created for Insane Mode Transit HA Gateway. Required for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret if insane_mode is enabled and ha_subnet is set. Example: AWS: "us-west-1a".

HaLanInterfaceCidr string

LAN interface CIDR of the HA transit gateway created (will be used when enabling FQDN Firenet in Azure). Available in provider version R2.18+.

HaOobAvailabilityZone string

HA OOB availability zone. Required if enabling Private OOB and HA. Example: "us-west-1b".

HaOobManagementSubnet string

HA OOB management subnet. Required if enabling Private OOB and HA. Example: "11.0.0.48/28".

HaPrivateIp string

Private IP address of the HA transit gateway created.

HaPrivateModeSubnetZone string

Availability Zone of the HA subnet. Required when Private Mode is enabled on the Controller and cloud_type is AWS or AWSGov with HA. Available in Provider version R2.23+.

HaPublicIp string

Public IP address of the HA Transit Gateway.

HaSecurityGroupId string

HA security group used for the transit gateway.

HaSoftwareVersion string

The software version of the HA gateway. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the HA gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.

HaSubnet string

HA Subnet CIDR. Required only if enabling HA for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, OCI, Alibaba Cloud, AWS Top Secret or AWS Secret gateways. Optional for GCP. Setting to empty/unsetting will disable HA. Setting to a valid subnet CIDR will create an HA gateway on the subnet. Example: "10.12.0.0/24".

HaZone string

HA Zone. Required if enabling HA for GCP gateway. Optional if enabling HA for Azure gateway. For GCP, setting to empty/unsetting will disable HA and setting to a valid zone will create an HA gateway in the zone. Example: "us-west1-c". For Azure, this is an optional parameter to place the HA gateway in a specific availability zone. Valid values for Azure gateways are in the form "az-n". Example: "az-2". Available for Azure as of provider version R2.17+.

ImageVersion string

The image version of the gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired software_version. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.

InsaneMode bool

Specify true for Insane Mode high performance gateway. Insane Mode gateway size must be at least c5 size (AWS, AWSGov, AWS China, AWS Top Secret and AWS Secret) or Standard_D3_v2 (Azure and AzureGov); for GCP only four size are supported: "n1-highcpu-4", "n1-highcpu-8", "n1-highcpu-16" and "n1-highcpu-32". If enabled, you must specify a valid /26 CIDR segment of the VPC to create a new subnet for AWS, Azure, AzureGov, AWSGov, AWS Top Secret and AWS Secret. Only available for AWS, GCP/OCI, Azure, AzureGov, AzureChina, AWSGov, AWS Top Secret and AWS Secret. Valid values: true, false. Default value: false.

InsaneModeAz string

AZ of subnet being created for Insane Mode Transit Gateway. Required for AWS, AWSGov, AWS China, AWS Top Secret or AWS Secret if insane_mode is enabled. Example: AWS: "us-west-1a".

LanInterfaceCidr string

LAN interface CIDR of the transit gateway created (will be used when enabling FQDN Firenet in Azure). Available in provider version R2.17.1+.

LanPrivateSubnet string

LAN Private Subnet. Only valid when enabling Transit FireNet on GCP. Available as of provider version R2.18.1+.

LanVpcId string

LAN VPC ID. Only valid when enabling Transit FireNet on GCP. Available as of provider version R2.18.1+.

LearnedCidrsApprovalMode string

Learned CIDRs approval mode. Either "gateway" (approval on a per gateway basis) or "connection" (approval on a per connection basis). Default value: "gateway". Available as of provider version R2.18+.

LocalAsNumber string

Changes the Aviatrix Transit Gateway ASN number before you setup Aviatrix Transit Gateway connection configurations.

MonitorExcludeLists []string

Set of monitored instance ids. Only valid when 'enable_monitor_gateway_subnets' = true. Available in provider version R2.18+.

OobAvailabilityZone string

OOB availability zone. Required if enabling Private OOB. Example: "us-west-1a".

OobManagementSubnet string

OOB management subnet. Required if enabling Private OOB. Example: "11.0.2.0/24".

PrependAsPaths []string

List of AS numbers to populate BGP AP_PATH field when it advertises to VGW or peer devices.

PrivateIp string

Private IP address of the transit gateway created.

PrivateModeLbVpcId string

VPC ID of Private Mode load balancer. Required when Private Mode is enabled on the Controller. Available in Provider version R2.23+.

PrivateModeSubnetZone string

Availability Zone of the subnet. Required when Private Mode is enabled on the Controller and cloud_type is AWS or AWSGov. Available in Provider version R2.23+.

PublicIp string

Public IP address of the Transit Gateway created.

RxQueueSize string

Gateway ethernet interface RX queue size. Once set, can't be deleted or disabled. Available for AWS as of provider version R2.22+.

SecurityGroupId string

Security group used for the transit gateway.

SingleAzHa bool

Set to true if this feature is desired. Valid values: true, false.

SingleIpSnat bool

Enable "single_ip" mode Source NAT for this container. Valid values: true, false. NOTE: Please see notes here in regards to changes to this argument in R2.10.

SoftwareVersion string

The software version of the gateway. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.

SpotPrice string

Price for spot instance. NOT supported for production deployment.

Subnet string

A VPC Network address range selected from one of the available network ranges.

TagLists []string

(Optional) Instance tag of cloud provider. Only supported for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina. Example: ["key1:value1","key2:value2"].

Deprecated:

Use tags instead.

Tags map[string]string

Map of tags to assign to the gateway. Only available for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret gateways. Allowed characters vary by cloud type but always include: letters, spaces, and numbers. AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret allow the use of any character. Azure, AzureGov and AzureChina allows the following special characters: + - = . _ : @. Example: {"key1" = "value1", "key2" = "value2"}.

TunnelDetectionTime int

The IPSec tunnel down detection time for the transit gateway.

VpcId string

VPC-ID/VNet-Name of cloud provider.

VpcReg string

Region of cloud provider. Example: AWS: "us-east-1", GCP: "us-west2-a", Azure: "East US 2", OCI: "us-ashburn-1", AzureGov: "USGov Arizona", AWSGov: "us-gov-west-1", AWSChina: "cn-north-1", AzureChina: "China North", AWS Top Secret: "us-iso-east-1", AWS Secret: "us-isob-east-1".

Zone string

Availability Zone. Only available for cloud_type = 8 (Azure). Must be in the form 'az-n', for example, 'az-2'. Available in provider version R2.17+.

accountName String

This parameter represents the name of a Cloud-Account in Aviatrix controller.

allocateNewEip Boolean

When value is false, reuse an idle address in Elastic IP pool for this gateway. Otherwise, allocate a new Elastic IP and use it for this gateway. Available in Controller 4.7+. Valid values: true, false. Default: true.

approvedLearnedCidrs List<String>

A set of approved learned CIDRs. Only valid when enable_learned_cidrs_approval is set to true. Example: ["10.250.0.0/16", "10.251.0.0/16"]. Available as of provider version R2.21+.

availabilityDomain String

Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

azureEipNameResourceGroup String

Name of public IP Address resource and its resource group in Azure to be assigned to the Transit Gateway instance. Example: "IP_Name:Resource_Group_Name". Required if allocate_new_eip is false and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.

bgpEcmp Boolean

Enable Equal Cost Multi Path (ECMP) routing for the next hop. Default value: false.

bgpHoldTime Integer

BGP hold time. Unit is in seconds. Valid values are between 12 and 360. Default value: 180.

bgpLanInterfaces List<AviatrixTransitGatewayBgpLanInterfaceArgs>

Interfaces to run BGP protocol on top of the ethernet interface, to connect to the onprem/remote peer. Only available for GCP Transit. Each interface has the following attributes:

bgpLanInterfacesCount Integer

Number of interfaces that will be created for BGP over LAN enabled Azure transit. Valid value: 1~5 for FireNet case, 1~7 for Non-FireNet case. Default value: 1. Available as of provider version R2.22+.

bgpLanIpLists List<String>

List of available BGP LAN interface IPs for transit external device connection creation. Only supports GCP and Azure. Available as of provider version R2.21.0+.

bgpManualSpokeAdvertiseCidrs String

Intended CIDR list to be advertised to external BGP router. Example: "10.2.0.0/16,10.4.0.0/16". Available as of R2.6. NOTE: If previously enabled through vgw_conn resource prior to provider version R2.6, please see notes here.

bgpPollingTime String

BGP route polling time. Unit is in seconds. Valid values are between 10 and 50. Default value: "50".

cloudInstanceId String

Cloud instance ID of the transit gateway.

cloudType Integer

Type of cloud service provider, requires an integer value. Currently only AWS(1), GCP(4), Azure(8), OCI(16), AzureGov(32), AWSGov(256), AWSChina(1024), AzureChina(2048), Alibaba Cloud(8192), AWS Top Secret(16384) and AWS Secret (32768) are supported.

connectedTransit Boolean

Specify Connected Transit status. If enabled, it allows spokes to run traffics to other spokes via transit gateway. Valid values: true, false. Default value: false.

customerManagedKeys String

Customer managed key ID.

customizedSpokeVpcRoutes String

A list of comma-separated CIDRs to be customized for the spoke VPC routes. When configured, it will replace all learned routes in VPC routing tables, including RFC1918 and non-RFC1918 CIDRs. It applies to all spoke gateways attached to this transit gateway. Example: "10.0.0.0/16,10.2.0.0/16".

customizedTransitVpcRoutes List<String>

A list of CIDRs to be customized for the transit VPC routes. When configured, it will replace all learned routes in VPC routing tables, including RFC1918 and non-RFC1918 CIDRs. To be effective, enable_advertise_transit_cidr or firewall management access for a Transit FireNet gateway must be enabled. Example: ["10.0.0.0/16", "10.2.0.0/16"].

eip String

Required when allocate_new_eip is false. It uses the specified EIP for this gateway. Available in Controller version 4.7+. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.

enableActiveStandby Boolean

Enables Active-Standby Mode. Available only with HA enabled. Valid values: true, false. Default value: false. Available in provider version R2.17.1+.

enableActiveStandbyPreemptive Boolean

Enables Preemptive Mode for Active-Standby. Available only with BGP enabled, HA enabled and Active-Standby enabled. Valid values: true, false. Default value: false.

enableAdvertiseTransitCidr Boolean

Switch to enable/disable advertise transit VPC network CIDR for a VGW connection. Available as of R2.6. NOTE: If previously enabled through vgw_conn resource prior to provider version R2.6, please see notes here.

enableBgpOverLan Boolean

Pre-allocate a network interface(eth4) for "BGP over LAN" functionality. Must be enabled to create a BGP over LAN aviatrix.AviatrixTransitExternalDeviceConn resource with this Transit Gateway. Only valid for GCP (4), Azure (8), AzureGov (32) or AzureChina (2048). Valid values: true or false. Default value: false. Available as of provider version R2.18+.

enableEgressTransitFirenet Boolean

Enable Egress Transit FireNet. Valid values: true, false. Default value: false. Available in provider version R2.16.3+.

enableEncryptVolume Boolean

Enable EBS volume encryption for Gateway. Only supports AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret. Valid values: true, false. Default value: false.

enableFirenet Boolean

Set to true to use gateway for legacy AWS TGW-based FireNet connection. Valid values: true, false. Default value: false. NOTE: If previously using an older provider version R2.5 where attribute name was enable_firenet_interfaces, please see notes here.

enableGatewayLoadBalancer Boolean

Enable FireNet interfaces with AWS Gateway Load Balancer. Only valid when enable_firenet or enable_transit_firenet are set to true and cloud_type = 1 (AWS). Currently, AWS Gateway Load Balancer is only supported in AWS regions: us-west-2, us-east-1, eu-west-1, ap-southeast-2 and sa-east-1. Valid values: true or false. Default value: false. Available as of provider version R2.18+.

enableHybridConnection Boolean

Sign of readiness for AWS TGW connection. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret. Example: false.

enableJumboFrame Boolean

Enable jumbo frames for this transit gateway. Default value is true.

enableLearnedCidrsApproval Boolean

Switch to enable/disable encrypted transit approval for transit gateway. Valid values: true, false. Default value: false.

enableMonitorGatewaySubnets Boolean

If set to true, the Monitor Gateway Subnets feature is enabled. Default value is false. Available in provider version R2.18+.

enableMultiTierTransit Boolean

Enable Multi-tier Transit mode on transit gateway. When enabled, transit gateway will propagate routes it receives from its transit peering peer to other transit peering peers. local_as_number is required. Default value: false. Available as of provider version R2.19+.

enablePreserveAsPath Boolean

Enable preserve as_path when advertising manual summary cidrs on transit gateway. Valid values: true, false. Default value: false. Available as of provider version R.2.22.1+ },

enablePrivateOob Boolean

Enable Private OOB feature. Only available for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret. Valid values: true, false. Default value: false.

enableS2cRxBalancing Boolean

Enable S2C receive packet CPU re-balancing on transit gateway. Valid values: true, false. Default value: false. Available in provider version R2.21.2+.

enableSegmentation Boolean

Enable transit gateway for segmentation. Valid values: true, false. Default: false.

enableSpotInstance Boolean

Enable spot instance. NOT supported for production deployment.

enableTransitFirenet Boolean

Set to true to use gateway for Transit FireNet connection. Valid values: true, false. Default value: false. Available in provider version R2.12+.

enableTransitSummarizeCidrToTgw Boolean

Enable summarize CIDR to TGW. Valid values: true, false. Default value: false.

enableVpcDnsServer Boolean

Enable VPC DNS Server for Gateway. Currently only supported for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, Alibaba Cloud, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.

excludedAdvertisedSpokeRoutes String

A list of comma-separated CIDRs to be advertised to on-prem as 'Excluded CIDR List'. When configured, it inspects all the advertised CIDRs from its spoke gateways and remove those included in the 'Excluded CIDR List'. Example: "10.4.0.0/16,10.5.0.0/16".

faultDomain String

Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

filteredSpokeVpcRoutes String

A list of comma-separated CIDRs to be filtered from the spoke VPC route table. When configured, filtering CIDR(s) or it’s subnet will be deleted from VPC routing tables as well as from spoke gateway’s routing table. It applies to all spoke gateways attached to this transit gateway. Example: "10.2.0.0/16,10.3.0.0/16".

gwName String

Name of the gateway which is going to be created.

gwSize String

Size of the gateway instance. Example: AWS: "t2.large", Azure/AzureGov: "Standard_B1s", OCI: "VM.Standard2.2", GCP: "n1-standard-1", AWSGov: "t2.large", AWSChina: "t2.large", AzureChina: "Standard_A0".

haAvailabilityDomain String

HA gateway availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

haAzureEipNameResourceGroup String

Name of public IP Address resource and its resource group in Azure to be assigned to the HA Transit Gateway instance. Example: "IP_Name:Resource_Group_Name". Required if ha_eip is set and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.

haBgpLanInterfaces List<AviatrixTransitGatewayHaBgpLanInterfaceArgs>

Interfaces to run BGP protocol on top of the ethernet interface, to connect to the onprem/remote peer. Only available for GCP Transit HA. Each interface has the following attributes:

haBgpLanIpLists List<String>

List of available BGP LAN interface IPs for transit external device HA connection creation. Only supports GCP and Azure. Available as of provider version R2.21.0+.

haCloudInstanceId String

Cloud instance ID of the HA transit gateway.

haEip String

Public IP address that you want to assign to the HA peering instance. If no value is given, a new EIP will automatically be allocated. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.

haFaultDomain String

HA gateway fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

haGwName String

Aviatrix transit gateway unique name of HA transit gateway.

haGwSize String

HA Gateway Size. Mandatory if enabling HA. Example: "t2.micro".

haImageVersion String

The image version of the HA gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired ha_software_version. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.

haInsaneModeAz String

AZ of subnet being created for Insane Mode Transit HA Gateway. Required for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret if insane_mode is enabled and ha_subnet is set. Example: AWS: "us-west-1a".

haLanInterfaceCidr String

LAN interface CIDR of the HA transit gateway created (will be used when enabling FQDN Firenet in Azure). Available in provider version R2.18+.

haOobAvailabilityZone String

HA OOB availability zone. Required if enabling Private OOB and HA. Example: "us-west-1b".

haOobManagementSubnet String

HA OOB management subnet. Required if enabling Private OOB and HA. Example: "11.0.0.48/28".

haPrivateIp String

Private IP address of the HA transit gateway created.

haPrivateModeSubnetZone String

Availability Zone of the HA subnet. Required when Private Mode is enabled on the Controller and cloud_type is AWS or AWSGov with HA. Available in Provider version R2.23+.

haPublicIp String

Public IP address of the HA Transit Gateway.

haSecurityGroupId String

HA security group used for the transit gateway.

haSoftwareVersion String

The software version of the HA gateway. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the HA gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.

haSubnet String

HA Subnet CIDR. Required only if enabling HA for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, OCI, Alibaba Cloud, AWS Top Secret or AWS Secret gateways. Optional for GCP. Setting to empty/unsetting will disable HA. Setting to a valid subnet CIDR will create an HA gateway on the subnet. Example: "10.12.0.0/24".

haZone String

HA Zone. Required if enabling HA for GCP gateway. Optional if enabling HA for Azure gateway. For GCP, setting to empty/unsetting will disable HA and setting to a valid zone will create an HA gateway in the zone. Example: "us-west1-c". For Azure, this is an optional parameter to place the HA gateway in a specific availability zone. Valid values for Azure gateways are in the form "az-n". Example: "az-2". Available for Azure as of provider version R2.17+.

imageVersion String

The image version of the gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired software_version. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.

insaneMode Boolean

Specify true for Insane Mode high performance gateway. Insane Mode gateway size must be at least c5 size (AWS, AWSGov, AWS China, AWS Top Secret and AWS Secret) or Standard_D3_v2 (Azure and AzureGov); for GCP only four size are supported: "n1-highcpu-4", "n1-highcpu-8", "n1-highcpu-16" and "n1-highcpu-32". If enabled, you must specify a valid /26 CIDR segment of the VPC to create a new subnet for AWS, Azure, AzureGov, AWSGov, AWS Top Secret and AWS Secret. Only available for AWS, GCP/OCI, Azure, AzureGov, AzureChina, AWSGov, AWS Top Secret and AWS Secret. Valid values: true, false. Default value: false.

insaneModeAz String

AZ of subnet being created for Insane Mode Transit Gateway. Required for AWS, AWSGov, AWS China, AWS Top Secret or AWS Secret if insane_mode is enabled. Example: AWS: "us-west-1a".

lanInterfaceCidr String

LAN interface CIDR of the transit gateway created (will be used when enabling FQDN Firenet in Azure). Available in provider version R2.17.1+.

lanPrivateSubnet String

LAN Private Subnet. Only valid when enabling Transit FireNet on GCP. Available as of provider version R2.18.1+.

lanVpcId String

LAN VPC ID. Only valid when enabling Transit FireNet on GCP. Available as of provider version R2.18.1+.

learnedCidrsApprovalMode String

Learned CIDRs approval mode. Either "gateway" (approval on a per gateway basis) or "connection" (approval on a per connection basis). Default value: "gateway". Available as of provider version R2.18+.

localAsNumber String

Changes the Aviatrix Transit Gateway ASN number before you setup Aviatrix Transit Gateway connection configurations.

monitorExcludeLists List<String>

Set of monitored instance ids. Only valid when 'enable_monitor_gateway_subnets' = true. Available in provider version R2.18+.

oobAvailabilityZone String

OOB availability zone. Required if enabling Private OOB. Example: "us-west-1a".

oobManagementSubnet String

OOB management subnet. Required if enabling Private OOB. Example: "11.0.2.0/24".

prependAsPaths List<String>

List of AS numbers to populate BGP AP_PATH field when it advertises to VGW or peer devices.

privateIp String

Private IP address of the transit gateway created.

privateModeLbVpcId String

VPC ID of Private Mode load balancer. Required when Private Mode is enabled on the Controller. Available in Provider version R2.23+.

privateModeSubnetZone String

Availability Zone of the subnet. Required when Private Mode is enabled on the Controller and cloud_type is AWS or AWSGov. Available in Provider version R2.23+.

publicIp String

Public IP address of the Transit Gateway created.

rxQueueSize String

Gateway ethernet interface RX queue size. Once set, can't be deleted or disabled. Available for AWS as of provider version R2.22+.

securityGroupId String

Security group used for the transit gateway.

singleAzHa Boolean

Set to true if this feature is desired. Valid values: true, false.

singleIpSnat Boolean

Enable "single_ip" mode Source NAT for this container. Valid values: true, false. NOTE: Please see notes here in regards to changes to this argument in R2.10.

softwareVersion String

The software version of the gateway. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.

spotPrice String

Price for spot instance. NOT supported for production deployment.

subnet String

A VPC Network address range selected from one of the available network ranges.

tagLists List<String>

(Optional) Instance tag of cloud provider. Only supported for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina. Example: ["key1:value1","key2:value2"].

Deprecated:

Use tags instead.

tags Map<String,String>

Map of tags to assign to the gateway. Only available for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret gateways. Allowed characters vary by cloud type but always include: letters, spaces, and numbers. AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret allow the use of any character. Azure, AzureGov and AzureChina allows the following special characters: + - = . _ : @. Example: {"key1" = "value1", "key2" = "value2"}.

tunnelDetectionTime Integer

The IPSec tunnel down detection time for the transit gateway.

vpcId String

VPC-ID/VNet-Name of cloud provider.

vpcReg String

Region of cloud provider. Example: AWS: "us-east-1", GCP: "us-west2-a", Azure: "East US 2", OCI: "us-ashburn-1", AzureGov: "USGov Arizona", AWSGov: "us-gov-west-1", AWSChina: "cn-north-1", AzureChina: "China North", AWS Top Secret: "us-iso-east-1", AWS Secret: "us-isob-east-1".

zone String

Availability Zone. Only available for cloud_type = 8 (Azure). Must be in the form 'az-n', for example, 'az-2'. Available in provider version R2.17+.

accountName string

This parameter represents the name of a Cloud-Account in Aviatrix controller.

allocateNewEip boolean

When value is false, reuse an idle address in Elastic IP pool for this gateway. Otherwise, allocate a new Elastic IP and use it for this gateway. Available in Controller 4.7+. Valid values: true, false. Default: true.

approvedLearnedCidrs string[]

A set of approved learned CIDRs. Only valid when enable_learned_cidrs_approval is set to true. Example: ["10.250.0.0/16", "10.251.0.0/16"]. Available as of provider version R2.21+.

availabilityDomain string

Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

azureEipNameResourceGroup string

Name of public IP Address resource and its resource group in Azure to be assigned to the Transit Gateway instance. Example: "IP_Name:Resource_Group_Name". Required if allocate_new_eip is false and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.

bgpEcmp boolean

Enable Equal Cost Multi Path (ECMP) routing for the next hop. Default value: false.

bgpHoldTime number

BGP hold time. Unit is in seconds. Valid values are between 12 and 360. Default value: 180.

bgpLanInterfaces AviatrixTransitGatewayBgpLanInterfaceArgs[]

Interfaces to run BGP protocol on top of the ethernet interface, to connect to the onprem/remote peer. Only available for GCP Transit. Each interface has the following attributes:

bgpLanInterfacesCount number

Number of interfaces that will be created for BGP over LAN enabled Azure transit. Valid value: 1~5 for FireNet case, 1~7 for Non-FireNet case. Default value: 1. Available as of provider version R2.22+.

bgpLanIpLists string[]

List of available BGP LAN interface IPs for transit external device connection creation. Only supports GCP and Azure. Available as of provider version R2.21.0+.

bgpManualSpokeAdvertiseCidrs string

Intended CIDR list to be advertised to external BGP router. Example: "10.2.0.0/16,10.4.0.0/16". Available as of R2.6. NOTE: If previously enabled through vgw_conn resource prior to provider version R2.6, please see notes here.

bgpPollingTime string

BGP route polling time. Unit is in seconds. Valid values are between 10 and 50. Default value: "50".

cloudInstanceId string

Cloud instance ID of the transit gateway.

cloudType number

Type of cloud service provider, requires an integer value. Currently only AWS(1), GCP(4), Azure(8), OCI(16), AzureGov(32), AWSGov(256), AWSChina(1024), AzureChina(2048), Alibaba Cloud(8192), AWS Top Secret(16384) and AWS Secret (32768) are supported.

connectedTransit boolean

Specify Connected Transit status. If enabled, it allows spokes to run traffics to other spokes via transit gateway. Valid values: true, false. Default value: false.

customerManagedKeys string

Customer managed key ID.

customizedSpokeVpcRoutes string

A list of comma-separated CIDRs to be customized for the spoke VPC routes. When configured, it will replace all learned routes in VPC routing tables, including RFC1918 and non-RFC1918 CIDRs. It applies to all spoke gateways attached to this transit gateway. Example: "10.0.0.0/16,10.2.0.0/16".

customizedTransitVpcRoutes string[]

A list of CIDRs to be customized for the transit VPC routes. When configured, it will replace all learned routes in VPC routing tables, including RFC1918 and non-RFC1918 CIDRs. To be effective, enable_advertise_transit_cidr or firewall management access for a Transit FireNet gateway must be enabled. Example: ["10.0.0.0/16", "10.2.0.0/16"].

eip string

Required when allocate_new_eip is false. It uses the specified EIP for this gateway. Available in Controller version 4.7+. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.

enableActiveStandby boolean

Enables Active-Standby Mode. Available only with HA enabled. Valid values: true, false. Default value: false. Available in provider version R2.17.1+.

enableActiveStandbyPreemptive boolean

Enables Preemptive Mode for Active-Standby. Available only with BGP enabled, HA enabled and Active-Standby enabled. Valid values: true, false. Default value: false.

enableAdvertiseTransitCidr boolean

Switch to enable/disable advertise transit VPC network CIDR for a VGW connection. Available as of R2.6. NOTE: If previously enabled through vgw_conn resource prior to provider version R2.6, please see notes here.

enableBgpOverLan boolean

Pre-allocate a network interface(eth4) for "BGP over LAN" functionality. Must be enabled to create a BGP over LAN aviatrix.AviatrixTransitExternalDeviceConn resource with this Transit Gateway. Only valid for GCP (4), Azure (8), AzureGov (32) or AzureChina (2048). Valid values: true or false. Default value: false. Available as of provider version R2.18+.

enableEgressTransitFirenet boolean

Enable Egress Transit FireNet. Valid values: true, false. Default value: false. Available in provider version R2.16.3+.

enableEncryptVolume boolean

Enable EBS volume encryption for Gateway. Only supports AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret. Valid values: true, false. Default value: false.

enableFirenet boolean

Set to true to use gateway for legacy AWS TGW-based FireNet connection. Valid values: true, false. Default value: false. NOTE: If previously using an older provider version R2.5 where attribute name was enable_firenet_interfaces, please see notes here.

enableGatewayLoadBalancer boolean

Enable FireNet interfaces with AWS Gateway Load Balancer. Only valid when enable_firenet or enable_transit_firenet are set to true and cloud_type = 1 (AWS). Currently, AWS Gateway Load Balancer is only supported in AWS regions: us-west-2, us-east-1, eu-west-1, ap-southeast-2 and sa-east-1. Valid values: true or false. Default value: false. Available as of provider version R2.18+.

enableHybridConnection boolean

Sign of readiness for AWS TGW connection. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret. Example: false.

enableJumboFrame boolean

Enable jumbo frames for this transit gateway. Default value is true.

enableLearnedCidrsApproval boolean

Switch to enable/disable encrypted transit approval for transit gateway. Valid values: true, false. Default value: false.

enableMonitorGatewaySubnets boolean

If set to true, the Monitor Gateway Subnets feature is enabled. Default value is false. Available in provider version R2.18+.

enableMultiTierTransit boolean

Enable Multi-tier Transit mode on transit gateway. When enabled, transit gateway will propagate routes it receives from its transit peering peer to other transit peering peers. local_as_number is required. Default value: false. Available as of provider version R2.19+.

enablePreserveAsPath boolean

Enable preserve as_path when advertising manual summary cidrs on transit gateway. Valid values: true, false. Default value: false. Available as of provider version R.2.22.1+ },

enablePrivateOob boolean

Enable Private OOB feature. Only available for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret. Valid values: true, false. Default value: false.

enableS2cRxBalancing boolean

Enable S2C receive packet CPU re-balancing on transit gateway. Valid values: true, false. Default value: false. Available in provider version R2.21.2+.

enableSegmentation boolean

Enable transit gateway for segmentation. Valid values: true, false. Default: false.

enableSpotInstance boolean

Enable spot instance. NOT supported for production deployment.

enableTransitFirenet boolean

Set to true to use gateway for Transit FireNet connection. Valid values: true, false. Default value: false. Available in provider version R2.12+.

enableTransitSummarizeCidrToTgw boolean

Enable summarize CIDR to TGW. Valid values: true, false. Default value: false.

enableVpcDnsServer boolean

Enable VPC DNS Server for Gateway. Currently only supported for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, Alibaba Cloud, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.

excludedAdvertisedSpokeRoutes string

A list of comma-separated CIDRs to be advertised to on-prem as 'Excluded CIDR List'. When configured, it inspects all the advertised CIDRs from its spoke gateways and remove those included in the 'Excluded CIDR List'. Example: "10.4.0.0/16,10.5.0.0/16".

faultDomain string

Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

filteredSpokeVpcRoutes string

A list of comma-separated CIDRs to be filtered from the spoke VPC route table. When configured, filtering CIDR(s) or it’s subnet will be deleted from VPC routing tables as well as from spoke gateway’s routing table. It applies to all spoke gateways attached to this transit gateway. Example: "10.2.0.0/16,10.3.0.0/16".

gwName string

Name of the gateway which is going to be created.

gwSize string

Size of the gateway instance. Example: AWS: "t2.large", Azure/AzureGov: "Standard_B1s", OCI: "VM.Standard2.2", GCP: "n1-standard-1", AWSGov: "t2.large", AWSChina: "t2.large", AzureChina: "Standard_A0".

haAvailabilityDomain string

HA gateway availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

haAzureEipNameResourceGroup string

Name of public IP Address resource and its resource group in Azure to be assigned to the HA Transit Gateway instance. Example: "IP_Name:Resource_Group_Name". Required if ha_eip is set and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.

haBgpLanInterfaces AviatrixTransitGatewayHaBgpLanInterfaceArgs[]

Interfaces to run BGP protocol on top of the ethernet interface, to connect to the onprem/remote peer. Only available for GCP Transit HA. Each interface has the following attributes:

haBgpLanIpLists string[]

List of available BGP LAN interface IPs for transit external device HA connection creation. Only supports GCP and Azure. Available as of provider version R2.21.0+.

haCloudInstanceId string

Cloud instance ID of the HA transit gateway.

haEip string

Public IP address that you want to assign to the HA peering instance. If no value is given, a new EIP will automatically be allocated. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.

haFaultDomain string

HA gateway fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

haGwName string

Aviatrix transit gateway unique name of HA transit gateway.

haGwSize string

HA Gateway Size. Mandatory if enabling HA. Example: "t2.micro".

haImageVersion string

The image version of the HA gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired ha_software_version. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.

haInsaneModeAz string

AZ of subnet being created for Insane Mode Transit HA Gateway. Required for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret if insane_mode is enabled and ha_subnet is set. Example: AWS: "us-west-1a".

haLanInterfaceCidr string

LAN interface CIDR of the HA transit gateway created (will be used when enabling FQDN Firenet in Azure). Available in provider version R2.18+.

haOobAvailabilityZone string

HA OOB availability zone. Required if enabling Private OOB and HA. Example: "us-west-1b".

haOobManagementSubnet string

HA OOB management subnet. Required if enabling Private OOB and HA. Example: "11.0.0.48/28".

haPrivateIp string

Private IP address of the HA transit gateway created.

haPrivateModeSubnetZone string

Availability Zone of the HA subnet. Required when Private Mode is enabled on the Controller and cloud_type is AWS or AWSGov with HA. Available in Provider version R2.23+.

haPublicIp string

Public IP address of the HA Transit Gateway.

haSecurityGroupId string

HA security group used for the transit gateway.

haSoftwareVersion string

The software version of the HA gateway. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the HA gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.

haSubnet string

HA Subnet CIDR. Required only if enabling HA for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, OCI, Alibaba Cloud, AWS Top Secret or AWS Secret gateways. Optional for GCP. Setting to empty/unsetting will disable HA. Setting to a valid subnet CIDR will create an HA gateway on the subnet. Example: "10.12.0.0/24".

haZone string

HA Zone. Required if enabling HA for GCP gateway. Optional if enabling HA for Azure gateway. For GCP, setting to empty/unsetting will disable HA and setting to a valid zone will create an HA gateway in the zone. Example: "us-west1-c". For Azure, this is an optional parameter to place the HA gateway in a specific availability zone. Valid values for Azure gateways are in the form "az-n". Example: "az-2". Available for Azure as of provider version R2.17+.

imageVersion string

The image version of the gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired software_version. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.

insaneMode boolean

Specify true for Insane Mode high performance gateway. Insane Mode gateway size must be at least c5 size (AWS, AWSGov, AWS China, AWS Top Secret and AWS Secret) or Standard_D3_v2 (Azure and AzureGov); for GCP only four size are supported: "n1-highcpu-4", "n1-highcpu-8", "n1-highcpu-16" and "n1-highcpu-32". If enabled, you must specify a valid /26 CIDR segment of the VPC to create a new subnet for AWS, Azure, AzureGov, AWSGov, AWS Top Secret and AWS Secret. Only available for AWS, GCP/OCI, Azure, AzureGov, AzureChina, AWSGov, AWS Top Secret and AWS Secret. Valid values: true, false. Default value: false.

insaneModeAz string

AZ of subnet being created for Insane Mode Transit Gateway. Required for AWS, AWSGov, AWS China, AWS Top Secret or AWS Secret if insane_mode is enabled. Example: AWS: "us-west-1a".

lanInterfaceCidr string

LAN interface CIDR of the transit gateway created (will be used when enabling FQDN Firenet in Azure). Available in provider version R2.17.1+.

lanPrivateSubnet string

LAN Private Subnet. Only valid when enabling Transit FireNet on GCP. Available as of provider version R2.18.1+.

lanVpcId string

LAN VPC ID. Only valid when enabling Transit FireNet on GCP. Available as of provider version R2.18.1+.

learnedCidrsApprovalMode string

Learned CIDRs approval mode. Either "gateway" (approval on a per gateway basis) or "connection" (approval on a per connection basis). Default value: "gateway". Available as of provider version R2.18+.

localAsNumber string

Changes the Aviatrix Transit Gateway ASN number before you setup Aviatrix Transit Gateway connection configurations.

monitorExcludeLists string[]

Set of monitored instance ids. Only valid when 'enable_monitor_gateway_subnets' = true. Available in provider version R2.18+.

oobAvailabilityZone string

OOB availability zone. Required if enabling Private OOB. Example: "us-west-1a".

oobManagementSubnet string

OOB management subnet. Required if enabling Private OOB. Example: "11.0.2.0/24".

prependAsPaths string[]

List of AS numbers to populate BGP AP_PATH field when it advertises to VGW or peer devices.

privateIp string

Private IP address of the transit gateway created.

privateModeLbVpcId string

VPC ID of Private Mode load balancer. Required when Private Mode is enabled on the Controller. Available in Provider version R2.23+.

privateModeSubnetZone string

Availability Zone of the subnet. Required when Private Mode is enabled on the Controller and cloud_type is AWS or AWSGov. Available in Provider version R2.23+.

publicIp string

Public IP address of the Transit Gateway created.

rxQueueSize string

Gateway ethernet interface RX queue size. Once set, can't be deleted or disabled. Available for AWS as of provider version R2.22+.

securityGroupId string

Security group used for the transit gateway.

singleAzHa boolean

Set to true if this feature is desired. Valid values: true, false.

singleIpSnat boolean

Enable "single_ip" mode Source NAT for this container. Valid values: true, false. NOTE: Please see notes here in regards to changes to this argument in R2.10.

softwareVersion string

The software version of the gateway. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.

spotPrice string

Price for spot instance. NOT supported for production deployment.

subnet string

A VPC Network address range selected from one of the available network ranges.

tagLists string[]

(Optional) Instance tag of cloud provider. Only supported for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina. Example: ["key1:value1","key2:value2"].

Deprecated:

Use tags instead.

tags {[key: string]: string}

Map of tags to assign to the gateway. Only available for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret gateways. Allowed characters vary by cloud type but always include: letters, spaces, and numbers. AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret allow the use of any character. Azure, AzureGov and AzureChina allows the following special characters: + - = . _ : @. Example: {"key1" = "value1", "key2" = "value2"}.

tunnelDetectionTime number

The IPSec tunnel down detection time for the transit gateway.

vpcId string

VPC-ID/VNet-Name of cloud provider.

vpcReg string

Region of cloud provider. Example: AWS: "us-east-1", GCP: "us-west2-a", Azure: "East US 2", OCI: "us-ashburn-1", AzureGov: "USGov Arizona", AWSGov: "us-gov-west-1", AWSChina: "cn-north-1", AzureChina: "China North", AWS Top Secret: "us-iso-east-1", AWS Secret: "us-isob-east-1".

zone string

Availability Zone. Only available for cloud_type = 8 (Azure). Must be in the form 'az-n', for example, 'az-2'. Available in provider version R2.17+.

account_name str

This parameter represents the name of a Cloud-Account in Aviatrix controller.

allocate_new_eip bool

When value is false, reuse an idle address in Elastic IP pool for this gateway. Otherwise, allocate a new Elastic IP and use it for this gateway. Available in Controller 4.7+. Valid values: true, false. Default: true.

approved_learned_cidrs Sequence[str]

A set of approved learned CIDRs. Only valid when enable_learned_cidrs_approval is set to true. Example: ["10.250.0.0/16", "10.251.0.0/16"]. Available as of provider version R2.21+.

availability_domain str

Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

azure_eip_name_resource_group str

Name of public IP Address resource and its resource group in Azure to be assigned to the Transit Gateway instance. Example: "IP_Name:Resource_Group_Name". Required if allocate_new_eip is false and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.

bgp_ecmp bool

Enable Equal Cost Multi Path (ECMP) routing for the next hop. Default value: false.

bgp_hold_time int

BGP hold time. Unit is in seconds. Valid values are between 12 and 360. Default value: 180.

bgp_lan_interfaces Sequence[AviatrixTransitGatewayBgpLanInterfaceArgs]

Interfaces to run BGP protocol on top of the ethernet interface, to connect to the onprem/remote peer. Only available for GCP Transit. Each interface has the following attributes:

bgp_lan_interfaces_count int

Number of interfaces that will be created for BGP over LAN enabled Azure transit. Valid value: 1~5 for FireNet case, 1~7 for Non-FireNet case. Default value: 1. Available as of provider version R2.22+.

bgp_lan_ip_lists Sequence[str]

List of available BGP LAN interface IPs for transit external device connection creation. Only supports GCP and Azure. Available as of provider version R2.21.0+.

bgp_manual_spoke_advertise_cidrs str

Intended CIDR list to be advertised to external BGP router. Example: "10.2.0.0/16,10.4.0.0/16". Available as of R2.6. NOTE: If previously enabled through vgw_conn resource prior to provider version R2.6, please see notes here.

bgp_polling_time str

BGP route polling time. Unit is in seconds. Valid values are between 10 and 50. Default value: "50".

cloud_instance_id str

Cloud instance ID of the transit gateway.

cloud_type int

Type of cloud service provider, requires an integer value. Currently only AWS(1), GCP(4), Azure(8), OCI(16), AzureGov(32), AWSGov(256), AWSChina(1024), AzureChina(2048), Alibaba Cloud(8192), AWS Top Secret(16384) and AWS Secret (32768) are supported.

connected_transit bool

Specify Connected Transit status. If enabled, it allows spokes to run traffics to other spokes via transit gateway. Valid values: true, false. Default value: false.

customer_managed_keys str

Customer managed key ID.

customized_spoke_vpc_routes str

A list of comma-separated CIDRs to be customized for the spoke VPC routes. When configured, it will replace all learned routes in VPC routing tables, including RFC1918 and non-RFC1918 CIDRs. It applies to all spoke gateways attached to this transit gateway. Example: "10.0.0.0/16,10.2.0.0/16".

customized_transit_vpc_routes Sequence[str]

A list of CIDRs to be customized for the transit VPC routes. When configured, it will replace all learned routes in VPC routing tables, including RFC1918 and non-RFC1918 CIDRs. To be effective, enable_advertise_transit_cidr or firewall management access for a Transit FireNet gateway must be enabled. Example: ["10.0.0.0/16", "10.2.0.0/16"].

eip str

Required when allocate_new_eip is false. It uses the specified EIP for this gateway. Available in Controller version 4.7+. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.

enable_active_standby bool

Enables Active-Standby Mode. Available only with HA enabled. Valid values: true, false. Default value: false. Available in provider version R2.17.1+.

enable_active_standby_preemptive bool

Enables Preemptive Mode for Active-Standby. Available only with BGP enabled, HA enabled and Active-Standby enabled. Valid values: true, false. Default value: false.

enable_advertise_transit_cidr bool

Switch to enable/disable advertise transit VPC network CIDR for a VGW connection. Available as of R2.6. NOTE: If previously enabled through vgw_conn resource prior to provider version R2.6, please see notes here.

enable_bgp_over_lan bool

Pre-allocate a network interface(eth4) for "BGP over LAN" functionality. Must be enabled to create a BGP over LAN aviatrix.AviatrixTransitExternalDeviceConn resource with this Transit Gateway. Only valid for GCP (4), Azure (8), AzureGov (32) or AzureChina (2048). Valid values: true or false. Default value: false. Available as of provider version R2.18+.

enable_egress_transit_firenet bool

Enable Egress Transit FireNet. Valid values: true, false. Default value: false. Available in provider version R2.16.3+.

enable_encrypt_volume bool

Enable EBS volume encryption for Gateway. Only supports AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret. Valid values: true, false. Default value: false.

enable_firenet bool

Set to true to use gateway for legacy AWS TGW-based FireNet connection. Valid values: true, false. Default value: false. NOTE: If previously using an older provider version R2.5 where attribute name was enable_firenet_interfaces, please see notes here.

enable_gateway_load_balancer bool

Enable FireNet interfaces with AWS Gateway Load Balancer. Only valid when enable_firenet or enable_transit_firenet are set to true and cloud_type = 1 (AWS). Currently, AWS Gateway Load Balancer is only supported in AWS regions: us-west-2, us-east-1, eu-west-1, ap-southeast-2 and sa-east-1. Valid values: true or false. Default value: false. Available as of provider version R2.18+.

enable_hybrid_connection bool

Sign of readiness for AWS TGW connection. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret. Example: false.

enable_jumbo_frame bool

Enable jumbo frames for this transit gateway. Default value is true.

enable_learned_cidrs_approval bool

Switch to enable/disable encrypted transit approval for transit gateway. Valid values: true, false. Default value: false.

enable_monitor_gateway_subnets bool

If set to true, the Monitor Gateway Subnets feature is enabled. Default value is false. Available in provider version R2.18+.

enable_multi_tier_transit bool

Enable Multi-tier Transit mode on transit gateway. When enabled, transit gateway will propagate routes it receives from its transit peering peer to other transit peering peers. local_as_number is required. Default value: false. Available as of provider version R2.19+.

enable_preserve_as_path bool

Enable preserve as_path when advertising manual summary cidrs on transit gateway. Valid values: true, false. Default value: false. Available as of provider version R.2.22.1+ },

enable_private_oob bool

Enable Private OOB feature. Only available for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret. Valid values: true, false. Default value: false.

enable_s2c_rx_balancing bool

Enable S2C receive packet CPU re-balancing on transit gateway. Valid values: true, false. Default value: false. Available in provider version R2.21.2+.

enable_segmentation bool

Enable transit gateway for segmentation. Valid values: true, false. Default: false.

enable_spot_instance bool

Enable spot instance. NOT supported for production deployment.

enable_transit_firenet bool

Set to true to use gateway for Transit FireNet connection. Valid values: true, false. Default value: false. Available in provider version R2.12+.

enable_transit_summarize_cidr_to_tgw bool

Enable summarize CIDR to TGW. Valid values: true, false. Default value: false.

enable_vpc_dns_server bool

Enable VPC DNS Server for Gateway. Currently only supported for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, Alibaba Cloud, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.

excluded_advertised_spoke_routes str

A list of comma-separated CIDRs to be advertised to on-prem as 'Excluded CIDR List'. When configured, it inspects all the advertised CIDRs from its spoke gateways and remove those included in the 'Excluded CIDR List'. Example: "10.4.0.0/16,10.5.0.0/16".

fault_domain str

Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

filtered_spoke_vpc_routes str

A list of comma-separated CIDRs to be filtered from the spoke VPC route table. When configured, filtering CIDR(s) or it’s subnet will be deleted from VPC routing tables as well as from spoke gateway’s routing table. It applies to all spoke gateways attached to this transit gateway. Example: "10.2.0.0/16,10.3.0.0/16".

gw_name str

Name of the gateway which is going to be created.

gw_size str

Size of the gateway instance. Example: AWS: "t2.large", Azure/AzureGov: "Standard_B1s", OCI: "VM.Standard2.2", GCP: "n1-standard-1", AWSGov: "t2.large", AWSChina: "t2.large", AzureChina: "Standard_A0".

ha_availability_domain str

HA gateway availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

ha_azure_eip_name_resource_group str

Name of public IP Address resource and its resource group in Azure to be assigned to the HA Transit Gateway instance. Example: "IP_Name:Resource_Group_Name". Required if ha_eip is set and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.

ha_bgp_lan_interfaces Sequence[AviatrixTransitGatewayHaBgpLanInterfaceArgs]

Interfaces to run BGP protocol on top of the ethernet interface, to connect to the onprem/remote peer. Only available for GCP Transit HA. Each interface has the following attributes:

ha_bgp_lan_ip_lists Sequence[str]

List of available BGP LAN interface IPs for transit external device HA connection creation. Only supports GCP and Azure. Available as of provider version R2.21.0+.

ha_cloud_instance_id str

Cloud instance ID of the HA transit gateway.

ha_eip str

Public IP address that you want to assign to the HA peering instance. If no value is given, a new EIP will automatically be allocated. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.

ha_fault_domain str

HA gateway fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

ha_gw_name str

Aviatrix transit gateway unique name of HA transit gateway.

ha_gw_size str

HA Gateway Size. Mandatory if enabling HA. Example: "t2.micro".

ha_image_version str

The image version of the HA gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired ha_software_version. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.

ha_insane_mode_az str

AZ of subnet being created for Insane Mode Transit HA Gateway. Required for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret if insane_mode is enabled and ha_subnet is set. Example: AWS: "us-west-1a".

ha_lan_interface_cidr str

LAN interface CIDR of the HA transit gateway created (will be used when enabling FQDN Firenet in Azure). Available in provider version R2.18+.

ha_oob_availability_zone str

HA OOB availability zone. Required if enabling Private OOB and HA. Example: "us-west-1b".

ha_oob_management_subnet str

HA OOB management subnet. Required if enabling Private OOB and HA. Example: "11.0.0.48/28".

ha_private_ip str

Private IP address of the HA transit gateway created.

ha_private_mode_subnet_zone str

Availability Zone of the HA subnet. Required when Private Mode is enabled on the Controller and cloud_type is AWS or AWSGov with HA. Available in Provider version R2.23+.

ha_public_ip str

Public IP address of the HA Transit Gateway.

ha_security_group_id str

HA security group used for the transit gateway.

ha_software_version str

The software version of the HA gateway. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the HA gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.

ha_subnet str

HA Subnet CIDR. Required only if enabling HA for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, OCI, Alibaba Cloud, AWS Top Secret or AWS Secret gateways. Optional for GCP. Setting to empty/unsetting will disable HA. Setting to a valid subnet CIDR will create an HA gateway on the subnet. Example: "10.12.0.0/24".

ha_zone str

HA Zone. Required if enabling HA for GCP gateway. Optional if enabling HA for Azure gateway. For GCP, setting to empty/unsetting will disable HA and setting to a valid zone will create an HA gateway in the zone. Example: "us-west1-c". For Azure, this is an optional parameter to place the HA gateway in a specific availability zone. Valid values for Azure gateways are in the form "az-n". Example: "az-2". Available for Azure as of provider version R2.17+.

image_version str

The image version of the gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired software_version. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.

insane_mode bool

Specify true for Insane Mode high performance gateway. Insane Mode gateway size must be at least c5 size (AWS, AWSGov, AWS China, AWS Top Secret and AWS Secret) or Standard_D3_v2 (Azure and AzureGov); for GCP only four size are supported: "n1-highcpu-4", "n1-highcpu-8", "n1-highcpu-16" and "n1-highcpu-32". If enabled, you must specify a valid /26 CIDR segment of the VPC to create a new subnet for AWS, Azure, AzureGov, AWSGov, AWS Top Secret and AWS Secret. Only available for AWS, GCP/OCI, Azure, AzureGov, AzureChina, AWSGov, AWS Top Secret and AWS Secret. Valid values: true, false. Default value: false.

insane_mode_az str

AZ of subnet being created for Insane Mode Transit Gateway. Required for AWS, AWSGov, AWS China, AWS Top Secret or AWS Secret if insane_mode is enabled. Example: AWS: "us-west-1a".

lan_interface_cidr str

LAN interface CIDR of the transit gateway created (will be used when enabling FQDN Firenet in Azure). Available in provider version R2.17.1+.

lan_private_subnet str

LAN Private Subnet. Only valid when enabling Transit FireNet on GCP. Available as of provider version R2.18.1+.

lan_vpc_id str

LAN VPC ID. Only valid when enabling Transit FireNet on GCP. Available as of provider version R2.18.1+.

learned_cidrs_approval_mode str

Learned CIDRs approval mode. Either "gateway" (approval on a per gateway basis) or "connection" (approval on a per connection basis). Default value: "gateway". Available as of provider version R2.18+.

local_as_number str

Changes the Aviatrix Transit Gateway ASN number before you setup Aviatrix Transit Gateway connection configurations.

monitor_exclude_lists Sequence[str]

Set of monitored instance ids. Only valid when 'enable_monitor_gateway_subnets' = true. Available in provider version R2.18+.

oob_availability_zone str

OOB availability zone. Required if enabling Private OOB. Example: "us-west-1a".

oob_management_subnet str

OOB management subnet. Required if enabling Private OOB. Example: "11.0.2.0/24".

prepend_as_paths Sequence[str]

List of AS numbers to populate BGP AP_PATH field when it advertises to VGW or peer devices.

private_ip str

Private IP address of the transit gateway created.

private_mode_lb_vpc_id str

VPC ID of Private Mode load balancer. Required when Private Mode is enabled on the Controller. Available in Provider version R2.23+.

private_mode_subnet_zone str

Availability Zone of the subnet. Required when Private Mode is enabled on the Controller and cloud_type is AWS or AWSGov. Available in Provider version R2.23+.

public_ip str

Public IP address of the Transit Gateway created.

rx_queue_size str

Gateway ethernet interface RX queue size. Once set, can't be deleted or disabled. Available for AWS as of provider version R2.22+.

security_group_id str

Security group used for the transit gateway.

single_az_ha bool

Set to true if this feature is desired. Valid values: true, false.

single_ip_snat bool

Enable "single_ip" mode Source NAT for this container. Valid values: true, false. NOTE: Please see notes here in regards to changes to this argument in R2.10.

software_version str

The software version of the gateway. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.

spot_price str

Price for spot instance. NOT supported for production deployment.

subnet str

A VPC Network address range selected from one of the available network ranges.

tag_lists Sequence[str]

(Optional) Instance tag of cloud provider. Only supported for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina. Example: ["key1:value1","key2:value2"].

Deprecated:

Use tags instead.

tags Mapping[str, str]

Map of tags to assign to the gateway. Only available for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret gateways. Allowed characters vary by cloud type but always include: letters, spaces, and numbers. AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret allow the use of any character. Azure, AzureGov and AzureChina allows the following special characters: + - = . _ : @. Example: {"key1" = "value1", "key2" = "value2"}.

tunnel_detection_time int

The IPSec tunnel down detection time for the transit gateway.

vpc_id str

VPC-ID/VNet-Name of cloud provider.

vpc_reg str

Region of cloud provider. Example: AWS: "us-east-1", GCP: "us-west2-a", Azure: "East US 2", OCI: "us-ashburn-1", AzureGov: "USGov Arizona", AWSGov: "us-gov-west-1", AWSChina: "cn-north-1", AzureChina: "China North", AWS Top Secret: "us-iso-east-1", AWS Secret: "us-isob-east-1".

zone str

Availability Zone. Only available for cloud_type = 8 (Azure). Must be in the form 'az-n', for example, 'az-2'. Available in provider version R2.17+.

accountName String

This parameter represents the name of a Cloud-Account in Aviatrix controller.

allocateNewEip Boolean

When value is false, reuse an idle address in Elastic IP pool for this gateway. Otherwise, allocate a new Elastic IP and use it for this gateway. Available in Controller 4.7+. Valid values: true, false. Default: true.

approvedLearnedCidrs List<String>

A set of approved learned CIDRs. Only valid when enable_learned_cidrs_approval is set to true. Example: ["10.250.0.0/16", "10.251.0.0/16"]. Available as of provider version R2.21+.

availabilityDomain String

Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

azureEipNameResourceGroup String

Name of public IP Address resource and its resource group in Azure to be assigned to the Transit Gateway instance. Example: "IP_Name:Resource_Group_Name". Required if allocate_new_eip is false and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.

bgpEcmp Boolean

Enable Equal Cost Multi Path (ECMP) routing for the next hop. Default value: false.

bgpHoldTime Number

BGP hold time. Unit is in seconds. Valid values are between 12 and 360. Default value: 180.

bgpLanInterfaces List<Property Map>

Interfaces to run BGP protocol on top of the ethernet interface, to connect to the onprem/remote peer. Only available for GCP Transit. Each interface has the following attributes:

bgpLanInterfacesCount Number

Number of interfaces that will be created for BGP over LAN enabled Azure transit. Valid value: 1~5 for FireNet case, 1~7 for Non-FireNet case. Default value: 1. Available as of provider version R2.22+.

bgpLanIpLists List<String>

List of available BGP LAN interface IPs for transit external device connection creation. Only supports GCP and Azure. Available as of provider version R2.21.0+.

bgpManualSpokeAdvertiseCidrs String

Intended CIDR list to be advertised to external BGP router. Example: "10.2.0.0/16,10.4.0.0/16". Available as of R2.6. NOTE: If previously enabled through vgw_conn resource prior to provider version R2.6, please see notes here.

bgpPollingTime String

BGP route polling time. Unit is in seconds. Valid values are between 10 and 50. Default value: "50".

cloudInstanceId String

Cloud instance ID of the transit gateway.

cloudType Number

Type of cloud service provider, requires an integer value. Currently only AWS(1), GCP(4), Azure(8), OCI(16), AzureGov(32), AWSGov(256), AWSChina(1024), AzureChina(2048), Alibaba Cloud(8192), AWS Top Secret(16384) and AWS Secret (32768) are supported.

connectedTransit Boolean

Specify Connected Transit status. If enabled, it allows spokes to run traffics to other spokes via transit gateway. Valid values: true, false. Default value: false.

customerManagedKeys String

Customer managed key ID.

customizedSpokeVpcRoutes String

A list of comma-separated CIDRs to be customized for the spoke VPC routes. When configured, it will replace all learned routes in VPC routing tables, including RFC1918 and non-RFC1918 CIDRs. It applies to all spoke gateways attached to this transit gateway. Example: "10.0.0.0/16,10.2.0.0/16".

customizedTransitVpcRoutes List<String>

A list of CIDRs to be customized for the transit VPC routes. When configured, it will replace all learned routes in VPC routing tables, including RFC1918 and non-RFC1918 CIDRs. To be effective, enable_advertise_transit_cidr or firewall management access for a Transit FireNet gateway must be enabled. Example: ["10.0.0.0/16", "10.2.0.0/16"].

eip String

Required when allocate_new_eip is false. It uses the specified EIP for this gateway. Available in Controller version 4.7+. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.

enableActiveStandby Boolean

Enables Active-Standby Mode. Available only with HA enabled. Valid values: true, false. Default value: false. Available in provider version R2.17.1+.

enableActiveStandbyPreemptive Boolean

Enables Preemptive Mode for Active-Standby. Available only with BGP enabled, HA enabled and Active-Standby enabled. Valid values: true, false. Default value: false.

enableAdvertiseTransitCidr Boolean

Switch to enable/disable advertise transit VPC network CIDR for a VGW connection. Available as of R2.6. NOTE: If previously enabled through vgw_conn resource prior to provider version R2.6, please see notes here.

enableBgpOverLan Boolean

Pre-allocate a network interface(eth4) for "BGP over LAN" functionality. Must be enabled to create a BGP over LAN aviatrix.AviatrixTransitExternalDeviceConn resource with this Transit Gateway. Only valid for GCP (4), Azure (8), AzureGov (32) or AzureChina (2048). Valid values: true or false. Default value: false. Available as of provider version R2.18+.

enableEgressTransitFirenet Boolean

Enable Egress Transit FireNet. Valid values: true, false. Default value: false. Available in provider version R2.16.3+.

enableEncryptVolume Boolean

Enable EBS volume encryption for Gateway. Only supports AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret. Valid values: true, false. Default value: false.

enableFirenet Boolean

Set to true to use gateway for legacy AWS TGW-based FireNet connection. Valid values: true, false. Default value: false. NOTE: If previously using an older provider version R2.5 where attribute name was enable_firenet_interfaces, please see notes here.

enableGatewayLoadBalancer Boolean

Enable FireNet interfaces with AWS Gateway Load Balancer. Only valid when enable_firenet or enable_transit_firenet are set to true and cloud_type = 1 (AWS). Currently, AWS Gateway Load Balancer is only supported in AWS regions: us-west-2, us-east-1, eu-west-1, ap-southeast-2 and sa-east-1. Valid values: true or false. Default value: false. Available as of provider version R2.18+.

enableHybridConnection Boolean

Sign of readiness for AWS TGW connection. Only supported for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret. Example: false.

enableJumboFrame Boolean

Enable jumbo frames for this transit gateway. Default value is true.

enableLearnedCidrsApproval Boolean

Switch to enable/disable encrypted transit approval for transit gateway. Valid values: true, false. Default value: false.

enableMonitorGatewaySubnets Boolean

If set to true, the Monitor Gateway Subnets feature is enabled. Default value is false. Available in provider version R2.18+.

enableMultiTierTransit Boolean

Enable Multi-tier Transit mode on transit gateway. When enabled, transit gateway will propagate routes it receives from its transit peering peer to other transit peering peers. local_as_number is required. Default value: false. Available as of provider version R2.19+.

enablePreserveAsPath Boolean

Enable preserve as_path when advertising manual summary cidrs on transit gateway. Valid values: true, false. Default value: false. Available as of provider version R.2.22.1+ },

enablePrivateOob Boolean

Enable Private OOB feature. Only available for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret. Valid values: true, false. Default value: false.

enableS2cRxBalancing Boolean

Enable S2C receive packet CPU re-balancing on transit gateway. Valid values: true, false. Default value: false. Available in provider version R2.21.2+.

enableSegmentation Boolean

Enable transit gateway for segmentation. Valid values: true, false. Default: false.

enableSpotInstance Boolean

Enable spot instance. NOT supported for production deployment.

enableTransitFirenet Boolean

Set to true to use gateway for Transit FireNet connection. Valid values: true, false. Default value: false. Available in provider version R2.12+.

enableTransitSummarizeCidrToTgw Boolean

Enable summarize CIDR to TGW. Valid values: true, false. Default value: false.

enableVpcDnsServer Boolean

Enable VPC DNS Server for Gateway. Currently only supported for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, Alibaba Cloud, AWS Top Secret and AWS Secret gateways. Valid values: true, false. Default value: false.

excludedAdvertisedSpokeRoutes String

A list of comma-separated CIDRs to be advertised to on-prem as 'Excluded CIDR List'. When configured, it inspects all the advertised CIDRs from its spoke gateways and remove those included in the 'Excluded CIDR List'. Example: "10.4.0.0/16,10.5.0.0/16".

faultDomain String

Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

filteredSpokeVpcRoutes String

A list of comma-separated CIDRs to be filtered from the spoke VPC route table. When configured, filtering CIDR(s) or it’s subnet will be deleted from VPC routing tables as well as from spoke gateway’s routing table. It applies to all spoke gateways attached to this transit gateway. Example: "10.2.0.0/16,10.3.0.0/16".

gwName String

Name of the gateway which is going to be created.

gwSize String

Size of the gateway instance. Example: AWS: "t2.large", Azure/AzureGov: "Standard_B1s", OCI: "VM.Standard2.2", GCP: "n1-standard-1", AWSGov: "t2.large", AWSChina: "t2.large", AzureChina: "Standard_A0".

haAvailabilityDomain String

HA gateway availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

haAzureEipNameResourceGroup String

Name of public IP Address resource and its resource group in Azure to be assigned to the HA Transit Gateway instance. Example: "IP_Name:Resource_Group_Name". Required if ha_eip is set and cloud_type is Azure, AzureGov or AzureChina. Available as of provider version 2.20+.

haBgpLanInterfaces List<Property Map>

Interfaces to run BGP protocol on top of the ethernet interface, to connect to the onprem/remote peer. Only available for GCP Transit HA. Each interface has the following attributes:

haBgpLanIpLists List<String>

List of available BGP LAN interface IPs for transit external device HA connection creation. Only supports GCP and Azure. Available as of provider version R2.21.0+.

haCloudInstanceId String

Cloud instance ID of the HA transit gateway.

haEip String

Public IP address that you want to assign to the HA peering instance. If no value is given, a new EIP will automatically be allocated. Only available for AWS, GCP, Azure, OCI, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret.

haFaultDomain String

HA gateway fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

haGwName String

Aviatrix transit gateway unique name of HA transit gateway.

haGwSize String

HA Gateway Size. Mandatory if enabling HA. Example: "t2.micro".

haImageVersion String

The image version of the HA gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired ha_software_version. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.

haInsaneModeAz String

AZ of subnet being created for Insane Mode Transit HA Gateway. Required for AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret if insane_mode is enabled and ha_subnet is set. Example: AWS: "us-west-1a".

haLanInterfaceCidr String

LAN interface CIDR of the HA transit gateway created (will be used when enabling FQDN Firenet in Azure). Available in provider version R2.18+.

haOobAvailabilityZone String

HA OOB availability zone. Required if enabling Private OOB and HA. Example: "us-west-1b".

haOobManagementSubnet String

HA OOB management subnet. Required if enabling Private OOB and HA. Example: "11.0.0.48/28".

haPrivateIp String

Private IP address of the HA transit gateway created.

haPrivateModeSubnetZone String

Availability Zone of the HA subnet. Required when Private Mode is enabled on the Controller and cloud_type is AWS or AWSGov with HA. Available in Provider version R2.23+.

haPublicIp String

Public IP address of the HA Transit Gateway.

haSecurityGroupId String

HA security group used for the transit gateway.

haSoftwareVersion String

The software version of the HA gateway. If set, we will attempt to update the HA gateway to the specified version if current version is different. If left blank, the HA gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.

haSubnet String

HA Subnet CIDR. Required only if enabling HA for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, OCI, Alibaba Cloud, AWS Top Secret or AWS Secret gateways. Optional for GCP. Setting to empty/unsetting will disable HA. Setting to a valid subnet CIDR will create an HA gateway on the subnet. Example: "10.12.0.0/24".

haZone String

HA Zone. Required if enabling HA for GCP gateway. Optional if enabling HA for Azure gateway. For GCP, setting to empty/unsetting will disable HA and setting to a valid zone will create an HA gateway in the zone. Example: "us-west1-c". For Azure, this is an optional parameter to place the HA gateway in a specific availability zone. Valid values for Azure gateways are in the form "az-n". Example: "az-2". Available for Azure as of provider version R2.17+.

imageVersion String

The image version of the gateway. Use aviatrix.getAviatrixGatewayImage data source to programmatically retrieve this value for the desired software_version. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrades can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "hvm-cloudx-aws-022021". Available as of provider version R2.20.0.

insaneMode Boolean

Specify true for Insane Mode high performance gateway. Insane Mode gateway size must be at least c5 size (AWS, AWSGov, AWS China, AWS Top Secret and AWS Secret) or Standard_D3_v2 (Azure and AzureGov); for GCP only four size are supported: "n1-highcpu-4", "n1-highcpu-8", "n1-highcpu-16" and "n1-highcpu-32". If enabled, you must specify a valid /26 CIDR segment of the VPC to create a new subnet for AWS, Azure, AzureGov, AWSGov, AWS Top Secret and AWS Secret. Only available for AWS, GCP/OCI, Azure, AzureGov, AzureChina, AWSGov, AWS Top Secret and AWS Secret. Valid values: true, false. Default value: false.

insaneModeAz String

AZ of subnet being created for Insane Mode Transit Gateway. Required for AWS, AWSGov, AWS China, AWS Top Secret or AWS Secret if insane_mode is enabled. Example: AWS: "us-west-1a".

lanInterfaceCidr String

LAN interface CIDR of the transit gateway created (will be used when enabling FQDN Firenet in Azure). Available in provider version R2.17.1+.

lanPrivateSubnet String

LAN Private Subnet. Only valid when enabling Transit FireNet on GCP. Available as of provider version R2.18.1+.

lanVpcId String

LAN VPC ID. Only valid when enabling Transit FireNet on GCP. Available as of provider version R2.18.1+.

learnedCidrsApprovalMode String

Learned CIDRs approval mode. Either "gateway" (approval on a per gateway basis) or "connection" (approval on a per connection basis). Default value: "gateway". Available as of provider version R2.18+.

localAsNumber String

Changes the Aviatrix Transit Gateway ASN number before you setup Aviatrix Transit Gateway connection configurations.

monitorExcludeLists List<String>

Set of monitored instance ids. Only valid when 'enable_monitor_gateway_subnets' = true. Available in provider version R2.18+.

oobAvailabilityZone String

OOB availability zone. Required if enabling Private OOB. Example: "us-west-1a".

oobManagementSubnet String

OOB management subnet. Required if enabling Private OOB. Example: "11.0.2.0/24".

prependAsPaths List<String>

List of AS numbers to populate BGP AP_PATH field when it advertises to VGW or peer devices.

privateIp String

Private IP address of the transit gateway created.

privateModeLbVpcId String

VPC ID of Private Mode load balancer. Required when Private Mode is enabled on the Controller. Available in Provider version R2.23+.

privateModeSubnetZone String

Availability Zone of the subnet. Required when Private Mode is enabled on the Controller and cloud_type is AWS or AWSGov. Available in Provider version R2.23+.

publicIp String

Public IP address of the Transit Gateway created.

rxQueueSize String

Gateway ethernet interface RX queue size. Once set, can't be deleted or disabled. Available for AWS as of provider version R2.22+.

securityGroupId String

Security group used for the transit gateway.

singleAzHa Boolean

Set to true if this feature is desired. Valid values: true, false.

singleIpSnat Boolean

Enable "single_ip" mode Source NAT for this container. Valid values: true, false. NOTE: Please see notes here in regards to changes to this argument in R2.10.

softwareVersion String

The software version of the gateway. If set, we will attempt to update the gateway to the specified version if current version is different. If left blank, the gateway upgrade can be managed with the aviatrix.AviatrixControllerConfig resource. Type: String. Example: "6.5.821". Available as of provider version R2.20.0.

spotPrice String

Price for spot instance. NOT supported for production deployment.

subnet String

A VPC Network address range selected from one of the available network ranges.

tagLists List<String>

(Optional) Instance tag of cloud provider. Only supported for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina. Example: ["key1:value1","key2:value2"].

Deprecated:

Use tags instead.

tags Map<String>

Map of tags to assign to the gateway. Only available for AWS, Azure, AzureGov, AWSGov, AWSChina, AzureChina, AWS Top Secret and AWS Secret gateways. Allowed characters vary by cloud type but always include: letters, spaces, and numbers. AWS, AWSGov, AWSChina, AWS Top Secret and AWS Secret allow the use of any character. Azure, AzureGov and AzureChina allows the following special characters: + - = . _ : @. Example: {"key1" = "value1", "key2" = "value2"}.

tunnelDetectionTime Number

The IPSec tunnel down detection time for the transit gateway.

vpcId String

VPC-ID/VNet-Name of cloud provider.

vpcReg String

Region of cloud provider. Example: AWS: "us-east-1", GCP: "us-west2-a", Azure: "East US 2", OCI: "us-ashburn-1", AzureGov: "USGov Arizona", AWSGov: "us-gov-west-1", AWSChina: "cn-north-1", AzureChina: "China North", AWS Top Secret: "us-iso-east-1", AWS Secret: "us-isob-east-1".

zone String

Availability Zone. Only available for cloud_type = 8 (Azure). Must be in the form 'az-n', for example, 'az-2'. Available in provider version R2.17+.

Supporting Types

AviatrixTransitGatewayBgpLanInterface

Subnet string

A VPC Network address range selected from one of the available network ranges.

VpcId string

VPC-ID/VNet-Name of cloud provider.

Subnet string

A VPC Network address range selected from one of the available network ranges.

VpcId string

VPC-ID/VNet-Name of cloud provider.

subnet String

A VPC Network address range selected from one of the available network ranges.

vpcId String

VPC-ID/VNet-Name of cloud provider.

subnet string

A VPC Network address range selected from one of the available network ranges.

vpcId string

VPC-ID/VNet-Name of cloud provider.

subnet str

A VPC Network address range selected from one of the available network ranges.

vpc_id str

VPC-ID/VNet-Name of cloud provider.

subnet String

A VPC Network address range selected from one of the available network ranges.

vpcId String

VPC-ID/VNet-Name of cloud provider.

AviatrixTransitGatewayHaBgpLanInterface

Subnet string

A VPC Network address range selected from one of the available network ranges.

VpcId string

VPC-ID/VNet-Name of cloud provider.

Subnet string

A VPC Network address range selected from one of the available network ranges.

VpcId string

VPC-ID/VNet-Name of cloud provider.

subnet String

A VPC Network address range selected from one of the available network ranges.

vpcId String

VPC-ID/VNet-Name of cloud provider.

subnet string

A VPC Network address range selected from one of the available network ranges.

vpcId string

VPC-ID/VNet-Name of cloud provider.

subnet str

A VPC Network address range selected from one of the available network ranges.

vpc_id str

VPC-ID/VNet-Name of cloud provider.

subnet String

A VPC Network address range selected from one of the available network ranges.

vpcId String

VPC-ID/VNet-Name of cloud provider.

Package Details

Repository
aviatrix astipkovits/pulumi-aviatrix
License
Apache-2.0
Notes

This Pulumi package is based on the aviatrix Terraform Provider.