aws-native.ec2.getVpnConnection

AWS Cloud Control v1.57.0, Mar 9 26

We recommend new projects start with resources from the AWS provider.

Viewing docs for AWS Cloud Control v1.57.0
published on Monday, Mar 9, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-aws-native

We recommend new projects start with resources from the AWS provider.

Viewing docs for AWS Cloud Control v1.57.0
published on Monday, Mar 9, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-aws-native

Specifies a VPN connection between a virtual private gateway and a VPN customer gateway or a transit gateway and a VPN customer gateway. To specify a VPN connection between a transit gateway and customer gateway, use the TransitGatewayId and CustomerGatewayId properties. To specify a VPN connection between a virtual private gateway and customer gateway, use the VpnGatewayId and CustomerGatewayId properties. For more information, see in the User Guide.

Using getVpnConnection

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getVpnConnection(args: GetVpnConnectionArgs, opts?: InvokeOptions): Promise<GetVpnConnectionResult>
function getVpnConnectionOutput(args: GetVpnConnectionOutputArgs, opts?: InvokeOptions): Output<GetVpnConnectionResult>

def get_vpn_connection(vpn_connection_id: Optional[str] = None,
                       opts: Optional[InvokeOptions] = None) -> GetVpnConnectionResult
def get_vpn_connection_output(vpn_connection_id: Optional[pulumi.Input[str]] = None,
                       opts: Optional[InvokeOptions] = None) -> Output[GetVpnConnectionResult]

func LookupVpnConnection(ctx *Context, args *LookupVpnConnectionArgs, opts ...InvokeOption) (*LookupVpnConnectionResult, error)
func LookupVpnConnectionOutput(ctx *Context, args *LookupVpnConnectionOutputArgs, opts ...InvokeOption) LookupVpnConnectionResultOutput

> Note: This function is named LookupVpnConnection in the Go SDK.

public static class GetVpnConnection 
{
    public static Task<GetVpnConnectionResult> InvokeAsync(GetVpnConnectionArgs args, InvokeOptions? opts = null)
    public static Output<GetVpnConnectionResult> Invoke(GetVpnConnectionInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetVpnConnectionResult> getVpnConnection(GetVpnConnectionArgs args, InvokeOptions options)
public static Output<GetVpnConnectionResult> getVpnConnection(GetVpnConnectionArgs args, InvokeOptions options)

fn::invoke:
  function: aws-native:ec2:getVpnConnection
  arguments:
    # arguments dictionary

The following arguments are supported:

VpnConnectionId string: The ID of the VPN connection.

VpnConnectionId string: The ID of the VPN connection.

vpnConnectionId String: The ID of the VPN connection.

vpnConnectionId string: The ID of the VPN connection.

vpn_connection_id str: The ID of the VPN connection.

vpnConnectionId String: The ID of the VPN connection.

getVpnConnection Result

The following output properties are available:

CustomerGatewayId string: The ID of the customer gateway at your end of the VPN connection.
Tags List<Pulumi.AwsNative.Outputs.Tag>: Any tags assigned to the VPN connection.
TransitGatewayId string: The ID of the transit gateway associated with the VPN connection. You must specify either TransitGatewayId or VpnGatewayId, but not both.
VpnConnectionId string: The ID of the VPN connection.
VpnGatewayId string: The ID of the virtual private gateway at the AWS side of the VPN connection. You must specify either TransitGatewayId or VpnGatewayId, but not both.
VpnTunnelOptionsSpecifications List<Pulumi.AwsNative.Ec2.Outputs.VpnConnectionVpnTunnelOptionsSpecification>: The tunnel options for the VPN connection.

CustomerGatewayId string: The ID of the customer gateway at your end of the VPN connection.
Tags Tag: Any tags assigned to the VPN connection.
TransitGatewayId string: The ID of the transit gateway associated with the VPN connection. You must specify either TransitGatewayId or VpnGatewayId, but not both.
VpnConnectionId string: The ID of the VPN connection.
VpnGatewayId string: The ID of the virtual private gateway at the AWS side of the VPN connection. You must specify either TransitGatewayId or VpnGatewayId, but not both.
VpnTunnelOptionsSpecifications []VpnConnectionVpnTunnelOptionsSpecification: The tunnel options for the VPN connection.

customerGatewayId String: The ID of the customer gateway at your end of the VPN connection.
tags List<Tag>: Any tags assigned to the VPN connection.
transitGatewayId String: The ID of the transit gateway associated with the VPN connection. You must specify either TransitGatewayId or VpnGatewayId, but not both.
vpnConnectionId String: The ID of the VPN connection.
vpnGatewayId String: The ID of the virtual private gateway at the AWS side of the VPN connection. You must specify either TransitGatewayId or VpnGatewayId, but not both.
vpnTunnelOptionsSpecifications List<VpnConnectionVpnTunnelOptionsSpecification>: The tunnel options for the VPN connection.

customerGatewayId string: The ID of the customer gateway at your end of the VPN connection.
tags Tag[]: Any tags assigned to the VPN connection.
transitGatewayId string: The ID of the transit gateway associated with the VPN connection. You must specify either TransitGatewayId or VpnGatewayId, but not both.
vpnConnectionId string: The ID of the VPN connection.
vpnGatewayId string: The ID of the virtual private gateway at the AWS side of the VPN connection. You must specify either TransitGatewayId or VpnGatewayId, but not both.
vpnTunnelOptionsSpecifications VpnConnectionVpnTunnelOptionsSpecification[]: The tunnel options for the VPN connection.

customer_gateway_id str: The ID of the customer gateway at your end of the VPN connection.
tags Sequence[root_Tag]: Any tags assigned to the VPN connection.
transit_gateway_id str: The ID of the transit gateway associated with the VPN connection. You must specify either TransitGatewayId or VpnGatewayId, but not both.
vpn_connection_id str: The ID of the VPN connection.
vpn_gateway_id str: The ID of the virtual private gateway at the AWS side of the VPN connection. You must specify either TransitGatewayId or VpnGatewayId, but not both.
vpn_tunnel_options_specifications Sequence[VpnConnectionVpnTunnelOptionsSpecification]: The tunnel options for the VPN connection.

customerGatewayId String: The ID of the customer gateway at your end of the VPN connection.
tags List<Property Map>: Any tags assigned to the VPN connection.
transitGatewayId String: The ID of the transit gateway associated with the VPN connection. You must specify either TransitGatewayId or VpnGatewayId, but not both.
vpnConnectionId String: The ID of the VPN connection.
vpnGatewayId String: The ID of the virtual private gateway at the AWS side of the VPN connection. You must specify either TransitGatewayId or VpnGatewayId, but not both.
vpnTunnelOptionsSpecifications List<Property Map>: The tunnel options for the VPN connection.

Supporting Types

VpnConnectionCloudwatchLogOptionsSpecification

BgpLogEnabled bool: Specifies whether to enable BGP logging for the VPN connection. Default value is False. Valid values: True | False
BgpLogGroupArn string: The Amazon Resource Name (ARN) of the CloudWatch log group where BGP logs will be sent.
BgpLogOutputFormat Pulumi.AwsNative.Ec2.VpnConnectionCloudwatchLogOptionsSpecificationBgpLogOutputFormat: The desired output format for BGP logs to be sent to CloudWatch. Default format is json. Valid values: json | text
LogEnabled bool: Enable or disable VPN tunnel logging feature. Default value is False. Valid values: True | False
LogGroupArn string: The Amazon Resource Name (ARN) of the CloudWatch log group to send logs to.
LogOutputFormat Pulumi.AwsNative.Ec2.VpnConnectionCloudwatchLogOptionsSpecificationLogOutputFormat: Set log format. Default format is json. Valid values: json | text

BgpLogEnabled bool: Specifies whether to enable BGP logging for the VPN connection. Default value is False. Valid values: True | False
BgpLogGroupArn string: The Amazon Resource Name (ARN) of the CloudWatch log group where BGP logs will be sent.
BgpLogOutputFormat VpnConnectionCloudwatchLogOptionsSpecificationBgpLogOutputFormat: The desired output format for BGP logs to be sent to CloudWatch. Default format is json. Valid values: json | text
LogEnabled bool: Enable or disable VPN tunnel logging feature. Default value is False. Valid values: True | False
LogGroupArn string: The Amazon Resource Name (ARN) of the CloudWatch log group to send logs to.
LogOutputFormat VpnConnectionCloudwatchLogOptionsSpecificationLogOutputFormat: Set log format. Default format is json. Valid values: json | text

bgpLogEnabled Boolean: Specifies whether to enable BGP logging for the VPN connection. Default value is False. Valid values: True | False
bgpLogGroupArn String: The Amazon Resource Name (ARN) of the CloudWatch log group where BGP logs will be sent.
bgpLogOutputFormat VpnConnectionCloudwatchLogOptionsSpecificationBgpLogOutputFormat: The desired output format for BGP logs to be sent to CloudWatch. Default format is json. Valid values: json | text
logEnabled Boolean: Enable or disable VPN tunnel logging feature. Default value is False. Valid values: True | False
logGroupArn String: The Amazon Resource Name (ARN) of the CloudWatch log group to send logs to.
logOutputFormat VpnConnectionCloudwatchLogOptionsSpecificationLogOutputFormat: Set log format. Default format is json. Valid values: json | text

bgpLogEnabled boolean: Specifies whether to enable BGP logging for the VPN connection. Default value is False. Valid values: True | False
bgpLogGroupArn string: The Amazon Resource Name (ARN) of the CloudWatch log group where BGP logs will be sent.
bgpLogOutputFormat VpnConnectionCloudwatchLogOptionsSpecificationBgpLogOutputFormat: The desired output format for BGP logs to be sent to CloudWatch. Default format is json. Valid values: json | text
logEnabled boolean: Enable or disable VPN tunnel logging feature. Default value is False. Valid values: True | False
logGroupArn string: The Amazon Resource Name (ARN) of the CloudWatch log group to send logs to.
logOutputFormat VpnConnectionCloudwatchLogOptionsSpecificationLogOutputFormat: Set log format. Default format is json. Valid values: json | text

bgp_log_enabled bool: Specifies whether to enable BGP logging for the VPN connection. Default value is False. Valid values: True | False
bgp_log_group_arn str: The Amazon Resource Name (ARN) of the CloudWatch log group where BGP logs will be sent.
bgp_log_output_format VpnConnectionCloudwatchLogOptionsSpecificationBgpLogOutputFormat: The desired output format for BGP logs to be sent to CloudWatch. Default format is json. Valid values: json | text
log_enabled bool: Enable or disable VPN tunnel logging feature. Default value is False. Valid values: True | False
log_group_arn str: The Amazon Resource Name (ARN) of the CloudWatch log group to send logs to.
log_output_format VpnConnectionCloudwatchLogOptionsSpecificationLogOutputFormat: Set log format. Default format is json. Valid values: json | text

bgpLogEnabled Boolean: Specifies whether to enable BGP logging for the VPN connection. Default value is False. Valid values: True | False
bgpLogGroupArn String: The Amazon Resource Name (ARN) of the CloudWatch log group where BGP logs will be sent.
bgpLogOutputFormat "json" | "text": The desired output format for BGP logs to be sent to CloudWatch. Default format is json. Valid values: json | text
logEnabled Boolean: Enable or disable VPN tunnel logging feature. Default value is False. Valid values: True | False
logGroupArn String: The Amazon Resource Name (ARN) of the CloudWatch log group to send logs to.
logOutputFormat "json" | "text": Set log format. Default format is json. Valid values: json | text

VpnConnectionCloudwatchLogOptionsSpecificationBgpLogOutputFormat

VpnConnectionCloudwatchLogOptionsSpecificationLogOutputFormat

VpnConnectionIkeVersionsRequestListValue

Value Pulumi.AwsNative.Ec2.VpnConnectionIkeVersionsRequestListValueValue: The IKE version.

Value VpnConnectionIkeVersionsRequestListValueValue: The IKE version.

value VpnConnectionIkeVersionsRequestListValueValue: The IKE version.

value VpnConnectionIkeVersionsRequestListValueValue: The IKE version.

value VpnConnectionIkeVersionsRequestListValueValue: The IKE version.

value "ikev1" | "ikev2": The IKE version.

VpnConnectionIkeVersionsRequestListValueValue

VpnConnectionPhase1EncryptionAlgorithmsRequestListValue

Value Pulumi.AwsNative.Ec2.VpnConnectionPhase1EncryptionAlgorithmsRequestListValueValue: The value for the encryption algorithm.

Value VpnConnectionPhase1EncryptionAlgorithmsRequestListValueValue: The value for the encryption algorithm.

value VpnConnectionPhase1EncryptionAlgorithmsRequestListValueValue: The value for the encryption algorithm.

value VpnConnectionPhase1EncryptionAlgorithmsRequestListValueValue: The value for the encryption algorithm.

value VpnConnectionPhase1EncryptionAlgorithmsRequestListValueValue: The value for the encryption algorithm.

value "AES128" | "AES256" | "AES128-GCM-16" | "AES256-GCM-16": The value for the encryption algorithm.

VpnConnectionPhase1EncryptionAlgorithmsRequestListValueValue

VpnConnectionPhase1IntegrityAlgorithmsRequestListValue

Value Pulumi.AwsNative.Ec2.VpnConnectionPhase1IntegrityAlgorithmsRequestListValueValue: The value for the integrity algorithm.

Value VpnConnectionPhase1IntegrityAlgorithmsRequestListValueValue: The value for the integrity algorithm.

value VpnConnectionPhase1IntegrityAlgorithmsRequestListValueValue: The value for the integrity algorithm.

value VpnConnectionPhase1IntegrityAlgorithmsRequestListValueValue: The value for the integrity algorithm.

value VpnConnectionPhase1IntegrityAlgorithmsRequestListValueValue: The value for the integrity algorithm.

value "SHA1" | "SHA2-256" | "SHA2-384" | "SHA2-512": The value for the integrity algorithm.

VpnConnectionPhase1IntegrityAlgorithmsRequestListValueValue

VpnConnectionPhase1dhGroupNumbersRequestListValue

Value int: The Diffie-Hellmann group number.

Value int: The Diffie-Hellmann group number.

value Integer: The Diffie-Hellmann group number.

value number: The Diffie-Hellmann group number.

value int: The Diffie-Hellmann group number.

value Number: The Diffie-Hellmann group number.

VpnConnectionPhase2EncryptionAlgorithmsRequestListValue

Value Pulumi.AwsNative.Ec2.VpnConnectionPhase2EncryptionAlgorithmsRequestListValueValue: The encryption algorithm.

Value VpnConnectionPhase2EncryptionAlgorithmsRequestListValueValue: The encryption algorithm.

value VpnConnectionPhase2EncryptionAlgorithmsRequestListValueValue: The encryption algorithm.

value VpnConnectionPhase2EncryptionAlgorithmsRequestListValueValue: The encryption algorithm.

value VpnConnectionPhase2EncryptionAlgorithmsRequestListValueValue: The encryption algorithm.

value "AES128" | "AES256" | "AES128-GCM-16" | "AES256-GCM-16": The encryption algorithm.

VpnConnectionPhase2EncryptionAlgorithmsRequestListValueValue

VpnConnectionPhase2IntegrityAlgorithmsRequestListValue

Value Pulumi.AwsNative.Ec2.VpnConnectionPhase2IntegrityAlgorithmsRequestListValueValue: The integrity algorithm.

Value VpnConnectionPhase2IntegrityAlgorithmsRequestListValueValue: The integrity algorithm.

value VpnConnectionPhase2IntegrityAlgorithmsRequestListValueValue: The integrity algorithm.

value VpnConnectionPhase2IntegrityAlgorithmsRequestListValueValue: The integrity algorithm.

value VpnConnectionPhase2IntegrityAlgorithmsRequestListValueValue: The integrity algorithm.

value "SHA1" | "SHA2-256" | "SHA2-384" | "SHA2-512": The integrity algorithm.

VpnConnectionPhase2IntegrityAlgorithmsRequestListValueValue

VpnConnectionPhase2dhGroupNumbersRequestListValue

Value int: The Diffie-Hellmann group number.

Value int: The Diffie-Hellmann group number.

value Integer: The Diffie-Hellmann group number.

value number: The Diffie-Hellmann group number.

value int: The Diffie-Hellmann group number.

value Number: The Diffie-Hellmann group number.

VpnConnectionVpnTunnelLogOptionsSpecification

CloudwatchLogOptions Pulumi.AwsNative.Ec2.Inputs.VpnConnectionCloudwatchLogOptionsSpecification: Options for sending VPN tunnel logs to CloudWatch.

CloudwatchLogOptions VpnConnectionCloudwatchLogOptionsSpecification: Options for sending VPN tunnel logs to CloudWatch.

cloudwatchLogOptions VpnConnectionCloudwatchLogOptionsSpecification: Options for sending VPN tunnel logs to CloudWatch.

cloudwatchLogOptions VpnConnectionCloudwatchLogOptionsSpecification: Options for sending VPN tunnel logs to CloudWatch.

cloudwatch_log_options VpnConnectionCloudwatchLogOptionsSpecification: Options for sending VPN tunnel logs to CloudWatch.

cloudwatchLogOptions Property Map: Options for sending VPN tunnel logs to CloudWatch.

VpnConnectionVpnTunnelOptionsSpecification

DpdTimeoutAction Pulumi.AwsNative.Ec2.VpnConnectionVpnTunnelOptionsSpecificationDpdTimeoutAction

The action to take after DPD timeout occurs. Specify restart to restart the IKE initiation. Specify clear to end the IKE session. Valid Values: clear | none | restart Default: clear

DpdTimeoutSeconds int

The number of seconds after which a DPD timeout occurs. Constraints: A value greater than or equal to 30. Default: 30

EnableTunnelLifecycleControl bool

Turn on or off tunnel endpoint lifecycle control feature.

IkeVersions List<Pulumi.AwsNative.Ec2.Inputs.VpnConnectionIkeVersionsRequestListValue>

The IKE versions that are permitted for the VPN tunnel. Valid values: ikev1 | ikev2

LogOptions Pulumi.AwsNative.Ec2.Inputs.VpnConnectionVpnTunnelLogOptionsSpecification

Options for logging VPN tunnel activity.

Phase1EncryptionAlgorithms List<Pulumi.AwsNative.Ec2.Inputs.VpnConnectionPhase1EncryptionAlgorithmsRequestListValue>

One or more encryption algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations. Valid values: AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16

Phase1IntegrityAlgorithms List<Pulumi.AwsNative.Ec2.Inputs.VpnConnectionPhase1IntegrityAlgorithmsRequestListValue>

One or more integrity algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations. Valid values: SHA1 | SHA2-256 | SHA2-384 | SHA2-512

Phase1LifetimeSeconds int

The lifetime for phase 1 of the IKE negotiation, in seconds. Constraints: A value between 900 and 28,800. Default: 28800

Phase1dhGroupNumbers List<Pulumi.AwsNative.Ec2.Inputs.VpnConnectionPhase1dhGroupNumbersRequestListValue>

One or more Diffie-Hellman group numbers that are permitted for the VPN tunnel for phase 1 IKE negotiations. Valid values: 2 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24

Phase2EncryptionAlgorithms List<Pulumi.AwsNative.Ec2.Inputs.VpnConnectionPhase2EncryptionAlgorithmsRequestListValue>

One or more encryption algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations. Valid values: AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16

Phase2IntegrityAlgorithms List<Pulumi.AwsNative.Ec2.Inputs.VpnConnectionPhase2IntegrityAlgorithmsRequestListValue>

One or more integrity algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations. Valid values: SHA1 | SHA2-256 | SHA2-384 | SHA2-512

Phase2LifetimeSeconds int

The lifetime for phase 2 of the IKE negotiation, in seconds. Constraints: A value between 900 and 3,600. The value must be less than the value for Phase1LifetimeSeconds. Default: 3600

Phase2dhGroupNumbers List<Pulumi.AwsNative.Ec2.Inputs.VpnConnectionPhase2dhGroupNumbersRequestListValue>

One or more Diffie-Hellman group numbers that are permitted for the VPN tunnel for phase 2 IKE negotiations. Valid values: 2 | 5 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24

PreSharedKey string

The pre-shared key (PSK) to establish initial authentication between the virtual private gateway and customer gateway. Constraints: Allowed characters are alphanumeric characters, periods (.), and underscores (_). Must be between 8 and 64 characters in length and cannot start with zero (0).

RekeyFuzzPercentage int

The percentage of the rekey window (determined by RekeyMarginTimeSeconds) during which the rekey time is randomly selected. Constraints: A value between 0 and 100. Default: 100

RekeyMarginTimeSeconds int

The margin time, in seconds, before the phase 2 lifetime expires, during which the AWS side of the VPN connection performs an IKE rekey. The exact time of the rekey is randomly selected based on the value for RekeyFuzzPercentage. Constraints: A value between 60 and half of Phase2LifetimeSeconds. Default: 270

ReplayWindowSize int

The number of packets in an IKE replay window. Constraints: A value between 64 and 2048. Default: 1024

StartupAction Pulumi.AwsNative.Ec2.VpnConnectionVpnTunnelOptionsSpecificationStartupAction

The action to take when the establishing the tunnel for the VPN connection. By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specify start for AWS to initiate the IKE negotiation. Valid Values: add | start Default: add

TunnelInsideCidr string

The range of inside IP addresses for the tunnel. Any specified CIDR blocks must be unique across all VPN connections that use the same virtual private gateway. Constraints: A size /30 CIDR block from the 169.254.0.0/16 range. The following CIDR blocks are reserved and cannot be used:

169.254.0.0/30
169.254.1.0/30
169.254.2.0/30
169.254.3.0/30
169.254.4.0/30
169.254.5.0/30
169.254.169.252/30

TunnelInsideIpv6Cidr string

The range of inside IPv6 addresses for the tunnel. Any specified CIDR blocks must be unique across all VPN connections that use the same transit gateway. Constraints: A size /126 CIDR block from the local fd00::/8 range.

DpdTimeoutAction VpnConnectionVpnTunnelOptionsSpecificationDpdTimeoutAction

The action to take after DPD timeout occurs. Specify restart to restart the IKE initiation. Specify clear to end the IKE session. Valid Values: clear | none | restart Default: clear

DpdTimeoutSeconds int

The number of seconds after which a DPD timeout occurs. Constraints: A value greater than or equal to 30. Default: 30

EnableTunnelLifecycleControl bool

Turn on or off tunnel endpoint lifecycle control feature.

IkeVersions []VpnConnectionIkeVersionsRequestListValue

The IKE versions that are permitted for the VPN tunnel. Valid values: ikev1 | ikev2

LogOptions VpnConnectionVpnTunnelLogOptionsSpecification

Options for logging VPN tunnel activity.

Phase1EncryptionAlgorithms []VpnConnectionPhase1EncryptionAlgorithmsRequestListValue

One or more encryption algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations. Valid values: AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16

Phase1IntegrityAlgorithms []VpnConnectionPhase1IntegrityAlgorithmsRequestListValue

One or more integrity algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations. Valid values: SHA1 | SHA2-256 | SHA2-384 | SHA2-512

Phase1LifetimeSeconds int

The lifetime for phase 1 of the IKE negotiation, in seconds. Constraints: A value between 900 and 28,800. Default: 28800

Phase1dhGroupNumbers []VpnConnectionPhase1dhGroupNumbersRequestListValue

Phase2EncryptionAlgorithms []VpnConnectionPhase2EncryptionAlgorithmsRequestListValue

One or more encryption algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations. Valid values: AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16

Phase2IntegrityAlgorithms []VpnConnectionPhase2IntegrityAlgorithmsRequestListValue

One or more integrity algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations. Valid values: SHA1 | SHA2-256 | SHA2-384 | SHA2-512

Phase2LifetimeSeconds int

The lifetime for phase 2 of the IKE negotiation, in seconds. Constraints: A value between 900 and 3,600. The value must be less than the value for Phase1LifetimeSeconds. Default: 3600

Phase2dhGroupNumbers []VpnConnectionPhase2dhGroupNumbersRequestListValue

PreSharedKey string

RekeyFuzzPercentage int

The percentage of the rekey window (determined by RekeyMarginTimeSeconds) during which the rekey time is randomly selected. Constraints: A value between 0 and 100. Default: 100

RekeyMarginTimeSeconds int

ReplayWindowSize int

The number of packets in an IKE replay window. Constraints: A value between 64 and 2048. Default: 1024

StartupAction VpnConnectionVpnTunnelOptionsSpecificationStartupAction

TunnelInsideCidr string

169.254.0.0/30
169.254.1.0/30
169.254.2.0/30
169.254.3.0/30
169.254.4.0/30
169.254.5.0/30
169.254.169.252/30

TunnelInsideIpv6Cidr string

dpdTimeoutAction VpnConnectionVpnTunnelOptionsSpecificationDpdTimeoutAction

The action to take after DPD timeout occurs. Specify restart to restart the IKE initiation. Specify clear to end the IKE session. Valid Values: clear | none | restart Default: clear

dpdTimeoutSeconds Integer

The number of seconds after which a DPD timeout occurs. Constraints: A value greater than or equal to 30. Default: 30

enableTunnelLifecycleControl Boolean

Turn on or off tunnel endpoint lifecycle control feature.

ikeVersions List<VpnConnectionIkeVersionsRequestListValue>

The IKE versions that are permitted for the VPN tunnel. Valid values: ikev1 | ikev2

logOptions VpnConnectionVpnTunnelLogOptionsSpecification

Options for logging VPN tunnel activity.

phase1EncryptionAlgorithms List<VpnConnectionPhase1EncryptionAlgorithmsRequestListValue>

One or more encryption algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations. Valid values: AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16

phase1IntegrityAlgorithms List<VpnConnectionPhase1IntegrityAlgorithmsRequestListValue>

One or more integrity algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations. Valid values: SHA1 | SHA2-256 | SHA2-384 | SHA2-512

phase1LifetimeSeconds Integer

The lifetime for phase 1 of the IKE negotiation, in seconds. Constraints: A value between 900 and 28,800. Default: 28800

phase1dhGroupNumbers List<VpnConnectionPhase1dhGroupNumbersRequestListValue>

phase2EncryptionAlgorithms List<VpnConnectionPhase2EncryptionAlgorithmsRequestListValue>

One or more encryption algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations. Valid values: AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16

phase2IntegrityAlgorithms List<VpnConnectionPhase2IntegrityAlgorithmsRequestListValue>

One or more integrity algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations. Valid values: SHA1 | SHA2-256 | SHA2-384 | SHA2-512

phase2LifetimeSeconds Integer

The lifetime for phase 2 of the IKE negotiation, in seconds. Constraints: A value between 900 and 3,600. The value must be less than the value for Phase1LifetimeSeconds. Default: 3600

phase2dhGroupNumbers List<VpnConnectionPhase2dhGroupNumbersRequestListValue>

preSharedKey String

rekeyFuzzPercentage Integer

The percentage of the rekey window (determined by RekeyMarginTimeSeconds) during which the rekey time is randomly selected. Constraints: A value between 0 and 100. Default: 100

rekeyMarginTimeSeconds Integer

replayWindowSize Integer

The number of packets in an IKE replay window. Constraints: A value between 64 and 2048. Default: 1024

startupAction VpnConnectionVpnTunnelOptionsSpecificationStartupAction

tunnelInsideCidr String

169.254.0.0/30
169.254.1.0/30
169.254.2.0/30
169.254.3.0/30
169.254.4.0/30
169.254.5.0/30
169.254.169.252/30

tunnelInsideIpv6Cidr String

dpdTimeoutAction VpnConnectionVpnTunnelOptionsSpecificationDpdTimeoutAction

The action to take after DPD timeout occurs. Specify restart to restart the IKE initiation. Specify clear to end the IKE session. Valid Values: clear | none | restart Default: clear

dpdTimeoutSeconds number

The number of seconds after which a DPD timeout occurs. Constraints: A value greater than or equal to 30. Default: 30

enableTunnelLifecycleControl boolean

Turn on or off tunnel endpoint lifecycle control feature.

ikeVersions VpnConnectionIkeVersionsRequestListValue[]

The IKE versions that are permitted for the VPN tunnel. Valid values: ikev1 | ikev2

logOptions VpnConnectionVpnTunnelLogOptionsSpecification

Options for logging VPN tunnel activity.

phase1EncryptionAlgorithms VpnConnectionPhase1EncryptionAlgorithmsRequestListValue[]

One or more encryption algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations. Valid values: AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16

phase1IntegrityAlgorithms VpnConnectionPhase1IntegrityAlgorithmsRequestListValue[]

One or more integrity algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations. Valid values: SHA1 | SHA2-256 | SHA2-384 | SHA2-512

phase1LifetimeSeconds number

The lifetime for phase 1 of the IKE negotiation, in seconds. Constraints: A value between 900 and 28,800. Default: 28800

phase1dhGroupNumbers VpnConnectionPhase1dhGroupNumbersRequestListValue[]

phase2EncryptionAlgorithms VpnConnectionPhase2EncryptionAlgorithmsRequestListValue[]

One or more encryption algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations. Valid values: AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16

phase2IntegrityAlgorithms VpnConnectionPhase2IntegrityAlgorithmsRequestListValue[]

One or more integrity algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations. Valid values: SHA1 | SHA2-256 | SHA2-384 | SHA2-512

phase2LifetimeSeconds number

The lifetime for phase 2 of the IKE negotiation, in seconds. Constraints: A value between 900 and 3,600. The value must be less than the value for Phase1LifetimeSeconds. Default: 3600

phase2dhGroupNumbers VpnConnectionPhase2dhGroupNumbersRequestListValue[]

preSharedKey string

rekeyFuzzPercentage number

The percentage of the rekey window (determined by RekeyMarginTimeSeconds) during which the rekey time is randomly selected. Constraints: A value between 0 and 100. Default: 100

rekeyMarginTimeSeconds number

replayWindowSize number

The number of packets in an IKE replay window. Constraints: A value between 64 and 2048. Default: 1024

startupAction VpnConnectionVpnTunnelOptionsSpecificationStartupAction

tunnelInsideCidr string

169.254.0.0/30
169.254.1.0/30
169.254.2.0/30
169.254.3.0/30
169.254.4.0/30
169.254.5.0/30
169.254.169.252/30

tunnelInsideIpv6Cidr string

dpd_timeout_action VpnConnectionVpnTunnelOptionsSpecificationDpdTimeoutAction

The action to take after DPD timeout occurs. Specify restart to restart the IKE initiation. Specify clear to end the IKE session. Valid Values: clear | none | restart Default: clear

dpd_timeout_seconds int

The number of seconds after which a DPD timeout occurs. Constraints: A value greater than or equal to 30. Default: 30

enable_tunnel_lifecycle_control bool

Turn on or off tunnel endpoint lifecycle control feature.

ike_versions Sequence[VpnConnectionIkeVersionsRequestListValue]

The IKE versions that are permitted for the VPN tunnel. Valid values: ikev1 | ikev2

log_options VpnConnectionVpnTunnelLogOptionsSpecification

Options for logging VPN tunnel activity.

phase1_encryption_algorithms Sequence[VpnConnectionPhase1EncryptionAlgorithmsRequestListValue]

One or more encryption algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations. Valid values: AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16

phase1_integrity_algorithms Sequence[VpnConnectionPhase1IntegrityAlgorithmsRequestListValue]

One or more integrity algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations. Valid values: SHA1 | SHA2-256 | SHA2-384 | SHA2-512

phase1_lifetime_seconds int

The lifetime for phase 1 of the IKE negotiation, in seconds. Constraints: A value between 900 and 28,800. Default: 28800

phase1dh_group_numbers Sequence[VpnConnectionPhase1dhGroupNumbersRequestListValue]

phase2_encryption_algorithms Sequence[VpnConnectionPhase2EncryptionAlgorithmsRequestListValue]

One or more encryption algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations. Valid values: AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16

phase2_integrity_algorithms Sequence[VpnConnectionPhase2IntegrityAlgorithmsRequestListValue]

One or more integrity algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations. Valid values: SHA1 | SHA2-256 | SHA2-384 | SHA2-512

phase2_lifetime_seconds int

The lifetime for phase 2 of the IKE negotiation, in seconds. Constraints: A value between 900 and 3,600. The value must be less than the value for Phase1LifetimeSeconds. Default: 3600

phase2dh_group_numbers Sequence[VpnConnectionPhase2dhGroupNumbersRequestListValue]

pre_shared_key str

rekey_fuzz_percentage int

The percentage of the rekey window (determined by RekeyMarginTimeSeconds) during which the rekey time is randomly selected. Constraints: A value between 0 and 100. Default: 100

rekey_margin_time_seconds int

replay_window_size int

The number of packets in an IKE replay window. Constraints: A value between 64 and 2048. Default: 1024

startup_action VpnConnectionVpnTunnelOptionsSpecificationStartupAction

tunnel_inside_cidr str

169.254.0.0/30
169.254.1.0/30
169.254.2.0/30
169.254.3.0/30
169.254.4.0/30
169.254.5.0/30
169.254.169.252/30

tunnel_inside_ipv6_cidr str

dpdTimeoutAction "clear" | "none" | "restart"

The action to take after DPD timeout occurs. Specify restart to restart the IKE initiation. Specify clear to end the IKE session. Valid Values: clear | none | restart Default: clear

dpdTimeoutSeconds Number

The number of seconds after which a DPD timeout occurs. Constraints: A value greater than or equal to 30. Default: 30

enableTunnelLifecycleControl Boolean

Turn on or off tunnel endpoint lifecycle control feature.

ikeVersions List<Property Map>

The IKE versions that are permitted for the VPN tunnel. Valid values: ikev1 | ikev2

logOptions Property Map

Options for logging VPN tunnel activity.

phase1EncryptionAlgorithms List<Property Map>

One or more encryption algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations. Valid values: AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16

phase1IntegrityAlgorithms List<Property Map>

One or more integrity algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations. Valid values: SHA1 | SHA2-256 | SHA2-384 | SHA2-512

phase1LifetimeSeconds Number

The lifetime for phase 1 of the IKE negotiation, in seconds. Constraints: A value between 900 and 28,800. Default: 28800

phase1dhGroupNumbers List<Property Map>

phase2EncryptionAlgorithms List<Property Map>

One or more encryption algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations. Valid values: AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16

phase2IntegrityAlgorithms List<Property Map>

One or more integrity algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations. Valid values: SHA1 | SHA2-256 | SHA2-384 | SHA2-512

phase2LifetimeSeconds Number

The lifetime for phase 2 of the IKE negotiation, in seconds. Constraints: A value between 900 and 3,600. The value must be less than the value for Phase1LifetimeSeconds. Default: 3600

phase2dhGroupNumbers List<Property Map>

preSharedKey String

rekeyFuzzPercentage Number

The percentage of the rekey window (determined by RekeyMarginTimeSeconds) during which the rekey time is randomly selected. Constraints: A value between 0 and 100. Default: 100

rekeyMarginTimeSeconds Number

replayWindowSize Number