1. Packages
  2. AWS
  3. API Docs
  4. ec2
  5. VpnConnection
AWS v6.55.0 published on Monday, Oct 7, 2024 by Pulumi

aws.ec2.VpnConnection

Explore with Pulumi AI

aws logo
AWS v6.55.0 published on Monday, Oct 7, 2024 by Pulumi

    Manages a Site-to-Site VPN connection. A Site-to-Site VPN connection is an Internet Protocol security (IPsec) VPN connection between a VPC and an on-premises network. Any new Site-to-Site VPN connection that you create is an AWS VPN connection.

    Note: The CIDR blocks in the arguments tunnel1_inside_cidr and tunnel2_inside_cidr must have a prefix of /30 and be a part of a specific range. Read more about this in the AWS documentation.

    Example Usage

    EC2 Transit Gateway

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const example = new aws.ec2transitgateway.TransitGateway("example", {});
    const exampleCustomerGateway = new aws.ec2.CustomerGateway("example", {
        bgpAsn: "65000",
        ipAddress: "172.0.0.1",
        type: "ipsec.1",
    });
    const exampleVpnConnection = new aws.ec2.VpnConnection("example", {
        customerGatewayId: exampleCustomerGateway.id,
        transitGatewayId: example.id,
        type: exampleCustomerGateway.type,
    });
    
    import pulumi
    import pulumi_aws as aws
    
    example = aws.ec2transitgateway.TransitGateway("example")
    example_customer_gateway = aws.ec2.CustomerGateway("example",
        bgp_asn="65000",
        ip_address="172.0.0.1",
        type="ipsec.1")
    example_vpn_connection = aws.ec2.VpnConnection("example",
        customer_gateway_id=example_customer_gateway.id,
        transit_gateway_id=example.id,
        type=example_customer_gateway.type)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2transitgateway"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		example, err := ec2transitgateway.NewTransitGateway(ctx, "example", nil)
    		if err != nil {
    			return err
    		}
    		exampleCustomerGateway, err := ec2.NewCustomerGateway(ctx, "example", &ec2.CustomerGatewayArgs{
    			BgpAsn:    pulumi.String("65000"),
    			IpAddress: pulumi.String("172.0.0.1"),
    			Type:      pulumi.String("ipsec.1"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = ec2.NewVpnConnection(ctx, "example", &ec2.VpnConnectionArgs{
    			CustomerGatewayId: exampleCustomerGateway.ID(),
    			TransitGatewayId:  example.ID(),
    			Type:              exampleCustomerGateway.Type,
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Aws.Ec2TransitGateway.TransitGateway("example");
    
        var exampleCustomerGateway = new Aws.Ec2.CustomerGateway("example", new()
        {
            BgpAsn = "65000",
            IpAddress = "172.0.0.1",
            Type = "ipsec.1",
        });
    
        var exampleVpnConnection = new Aws.Ec2.VpnConnection("example", new()
        {
            CustomerGatewayId = exampleCustomerGateway.Id,
            TransitGatewayId = example.Id,
            Type = exampleCustomerGateway.Type,
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.ec2transitgateway.TransitGateway;
    import com.pulumi.aws.ec2.CustomerGateway;
    import com.pulumi.aws.ec2.CustomerGatewayArgs;
    import com.pulumi.aws.ec2.VpnConnection;
    import com.pulumi.aws.ec2.VpnConnectionArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new TransitGateway("example");
    
            var exampleCustomerGateway = new CustomerGateway("exampleCustomerGateway", CustomerGatewayArgs.builder()
                .bgpAsn(65000)
                .ipAddress("172.0.0.1")
                .type("ipsec.1")
                .build());
    
            var exampleVpnConnection = new VpnConnection("exampleVpnConnection", VpnConnectionArgs.builder()
                .customerGatewayId(exampleCustomerGateway.id())
                .transitGatewayId(example.id())
                .type(exampleCustomerGateway.type())
                .build());
    
        }
    }
    
    resources:
      example:
        type: aws:ec2transitgateway:TransitGateway
      exampleCustomerGateway:
        type: aws:ec2:CustomerGateway
        name: example
        properties:
          bgpAsn: 65000
          ipAddress: 172.0.0.1
          type: ipsec.1
      exampleVpnConnection:
        type: aws:ec2:VpnConnection
        name: example
        properties:
          customerGatewayId: ${exampleCustomerGateway.id}
          transitGatewayId: ${example.id}
          type: ${exampleCustomerGateway.type}
    

    Virtual Private Gateway

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const vpc = new aws.ec2.Vpc("vpc", {cidrBlock: "10.0.0.0/16"});
    const vpnGateway = new aws.ec2.VpnGateway("vpn_gateway", {vpcId: vpc.id});
    const customerGateway = new aws.ec2.CustomerGateway("customer_gateway", {
        bgpAsn: "65000",
        ipAddress: "172.0.0.1",
        type: "ipsec.1",
    });
    const main = new aws.ec2.VpnConnection("main", {
        vpnGatewayId: vpnGateway.id,
        customerGatewayId: customerGateway.id,
        type: "ipsec.1",
        staticRoutesOnly: true,
    });
    
    import pulumi
    import pulumi_aws as aws
    
    vpc = aws.ec2.Vpc("vpc", cidr_block="10.0.0.0/16")
    vpn_gateway = aws.ec2.VpnGateway("vpn_gateway", vpc_id=vpc.id)
    customer_gateway = aws.ec2.CustomerGateway("customer_gateway",
        bgp_asn="65000",
        ip_address="172.0.0.1",
        type="ipsec.1")
    main = aws.ec2.VpnConnection("main",
        vpn_gateway_id=vpn_gateway.id,
        customer_gateway_id=customer_gateway.id,
        type="ipsec.1",
        static_routes_only=True)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		vpc, err := ec2.NewVpc(ctx, "vpc", &ec2.VpcArgs{
    			CidrBlock: pulumi.String("10.0.0.0/16"),
    		})
    		if err != nil {
    			return err
    		}
    		vpnGateway, err := ec2.NewVpnGateway(ctx, "vpn_gateway", &ec2.VpnGatewayArgs{
    			VpcId: vpc.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		customerGateway, err := ec2.NewCustomerGateway(ctx, "customer_gateway", &ec2.CustomerGatewayArgs{
    			BgpAsn:    pulumi.String("65000"),
    			IpAddress: pulumi.String("172.0.0.1"),
    			Type:      pulumi.String("ipsec.1"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = ec2.NewVpnConnection(ctx, "main", &ec2.VpnConnectionArgs{
    			VpnGatewayId:      vpnGateway.ID(),
    			CustomerGatewayId: customerGateway.ID(),
    			Type:              pulumi.String("ipsec.1"),
    			StaticRoutesOnly:  pulumi.Bool(true),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var vpc = new Aws.Ec2.Vpc("vpc", new()
        {
            CidrBlock = "10.0.0.0/16",
        });
    
        var vpnGateway = new Aws.Ec2.VpnGateway("vpn_gateway", new()
        {
            VpcId = vpc.Id,
        });
    
        var customerGateway = new Aws.Ec2.CustomerGateway("customer_gateway", new()
        {
            BgpAsn = "65000",
            IpAddress = "172.0.0.1",
            Type = "ipsec.1",
        });
    
        var main = new Aws.Ec2.VpnConnection("main", new()
        {
            VpnGatewayId = vpnGateway.Id,
            CustomerGatewayId = customerGateway.Id,
            Type = "ipsec.1",
            StaticRoutesOnly = true,
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.ec2.Vpc;
    import com.pulumi.aws.ec2.VpcArgs;
    import com.pulumi.aws.ec2.VpnGateway;
    import com.pulumi.aws.ec2.VpnGatewayArgs;
    import com.pulumi.aws.ec2.CustomerGateway;
    import com.pulumi.aws.ec2.CustomerGatewayArgs;
    import com.pulumi.aws.ec2.VpnConnection;
    import com.pulumi.aws.ec2.VpnConnectionArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var vpc = new Vpc("vpc", VpcArgs.builder()
                .cidrBlock("10.0.0.0/16")
                .build());
    
            var vpnGateway = new VpnGateway("vpnGateway", VpnGatewayArgs.builder()
                .vpcId(vpc.id())
                .build());
    
            var customerGateway = new CustomerGateway("customerGateway", CustomerGatewayArgs.builder()
                .bgpAsn(65000)
                .ipAddress("172.0.0.1")
                .type("ipsec.1")
                .build());
    
            var main = new VpnConnection("main", VpnConnectionArgs.builder()
                .vpnGatewayId(vpnGateway.id())
                .customerGatewayId(customerGateway.id())
                .type("ipsec.1")
                .staticRoutesOnly(true)
                .build());
    
        }
    }
    
    resources:
      vpc:
        type: aws:ec2:Vpc
        properties:
          cidrBlock: 10.0.0.0/16
      vpnGateway:
        type: aws:ec2:VpnGateway
        name: vpn_gateway
        properties:
          vpcId: ${vpc.id}
      customerGateway:
        type: aws:ec2:CustomerGateway
        name: customer_gateway
        properties:
          bgpAsn: 65000
          ipAddress: 172.0.0.1
          type: ipsec.1
      main:
        type: aws:ec2:VpnConnection
        properties:
          vpnGatewayId: ${vpnGateway.id}
          customerGatewayId: ${customerGateway.id}
          type: ipsec.1
          staticRoutesOnly: true
    

    AWS Site to Site Private VPN

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const exampleGateway = new aws.directconnect.Gateway("example", {
        name: "example_ipsec_vpn_example",
        amazonSideAsn: "64512",
    });
    const exampleTransitGateway = new aws.ec2transitgateway.TransitGateway("example", {
        amazonSideAsn: 64513,
        description: "example_ipsec_vpn_example",
        transitGatewayCidrBlocks: ["10.0.0.0/24"],
    });
    const exampleCustomerGateway = new aws.ec2.CustomerGateway("example", {
        bgpAsn: "64514",
        ipAddress: "10.0.0.1",
        type: "ipsec.1",
        tags: {
            Name: "example_ipsec_vpn_example",
        },
    });
    const exampleGatewayAssociation = new aws.directconnect.GatewayAssociation("example", {
        dxGatewayId: exampleGateway.id,
        associatedGatewayId: exampleTransitGateway.id,
        allowedPrefixes: ["10.0.0.0/8"],
    });
    const example = aws.ec2transitgateway.getDirectConnectGatewayAttachmentOutput({
        transitGatewayId: exampleTransitGateway.id,
        dxGatewayId: exampleGateway.id,
    });
    const exampleVpnConnection = new aws.ec2.VpnConnection("example", {
        customerGatewayId: exampleCustomerGateway.id,
        outsideIpAddressType: "PrivateIpv4",
        transitGatewayId: exampleTransitGateway.id,
        transportTransitGatewayAttachmentId: example.apply(example => example.id),
        type: "ipsec.1",
        tags: {
            Name: "example_ipsec_vpn_example",
        },
    });
    
    import pulumi
    import pulumi_aws as aws
    
    example_gateway = aws.directconnect.Gateway("example",
        name="example_ipsec_vpn_example",
        amazon_side_asn="64512")
    example_transit_gateway = aws.ec2transitgateway.TransitGateway("example",
        amazon_side_asn=64513,
        description="example_ipsec_vpn_example",
        transit_gateway_cidr_blocks=["10.0.0.0/24"])
    example_customer_gateway = aws.ec2.CustomerGateway("example",
        bgp_asn="64514",
        ip_address="10.0.0.1",
        type="ipsec.1",
        tags={
            "Name": "example_ipsec_vpn_example",
        })
    example_gateway_association = aws.directconnect.GatewayAssociation("example",
        dx_gateway_id=example_gateway.id,
        associated_gateway_id=example_transit_gateway.id,
        allowed_prefixes=["10.0.0.0/8"])
    example = aws.ec2transitgateway.get_direct_connect_gateway_attachment_output(transit_gateway_id=example_transit_gateway.id,
        dx_gateway_id=example_gateway.id)
    example_vpn_connection = aws.ec2.VpnConnection("example",
        customer_gateway_id=example_customer_gateway.id,
        outside_ip_address_type="PrivateIpv4",
        transit_gateway_id=example_transit_gateway.id,
        transport_transit_gateway_attachment_id=example.id,
        type="ipsec.1",
        tags={
            "Name": "example_ipsec_vpn_example",
        })
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/directconnect"
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2transitgateway"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		exampleGateway, err := directconnect.NewGateway(ctx, "example", &directconnect.GatewayArgs{
    			Name:          pulumi.String("example_ipsec_vpn_example"),
    			AmazonSideAsn: pulumi.String("64512"),
    		})
    		if err != nil {
    			return err
    		}
    		exampleTransitGateway, err := ec2transitgateway.NewTransitGateway(ctx, "example", &ec2transitgateway.TransitGatewayArgs{
    			AmazonSideAsn: pulumi.Int(64513),
    			Description:   pulumi.String("example_ipsec_vpn_example"),
    			TransitGatewayCidrBlocks: pulumi.StringArray{
    				pulumi.String("10.0.0.0/24"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		exampleCustomerGateway, err := ec2.NewCustomerGateway(ctx, "example", &ec2.CustomerGatewayArgs{
    			BgpAsn:    pulumi.String("64514"),
    			IpAddress: pulumi.String("10.0.0.1"),
    			Type:      pulumi.String("ipsec.1"),
    			Tags: pulumi.StringMap{
    				"Name": pulumi.String("example_ipsec_vpn_example"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		_, err = directconnect.NewGatewayAssociation(ctx, "example", &directconnect.GatewayAssociationArgs{
    			DxGatewayId:         exampleGateway.ID(),
    			AssociatedGatewayId: exampleTransitGateway.ID(),
    			AllowedPrefixes: pulumi.StringArray{
    				pulumi.String("10.0.0.0/8"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		example := ec2transitgateway.GetDirectConnectGatewayAttachmentOutput(ctx, ec2transitgateway.GetDirectConnectGatewayAttachmentOutputArgs{
    			TransitGatewayId: exampleTransitGateway.ID(),
    			DxGatewayId:      exampleGateway.ID(),
    		}, nil)
    		_, err = ec2.NewVpnConnection(ctx, "example", &ec2.VpnConnectionArgs{
    			CustomerGatewayId:    exampleCustomerGateway.ID(),
    			OutsideIpAddressType: pulumi.String("PrivateIpv4"),
    			TransitGatewayId:     exampleTransitGateway.ID(),
    			TransportTransitGatewayAttachmentId: pulumi.String(example.ApplyT(func(example ec2transitgateway.GetDirectConnectGatewayAttachmentResult) (*string, error) {
    				return &example.Id, nil
    			}).(pulumi.StringPtrOutput)),
    			Type: pulumi.String("ipsec.1"),
    			Tags: pulumi.StringMap{
    				"Name": pulumi.String("example_ipsec_vpn_example"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var exampleGateway = new Aws.DirectConnect.Gateway("example", new()
        {
            Name = "example_ipsec_vpn_example",
            AmazonSideAsn = "64512",
        });
    
        var exampleTransitGateway = new Aws.Ec2TransitGateway.TransitGateway("example", new()
        {
            AmazonSideAsn = 64513,
            Description = "example_ipsec_vpn_example",
            TransitGatewayCidrBlocks = new[]
            {
                "10.0.0.0/24",
            },
        });
    
        var exampleCustomerGateway = new Aws.Ec2.CustomerGateway("example", new()
        {
            BgpAsn = "64514",
            IpAddress = "10.0.0.1",
            Type = "ipsec.1",
            Tags = 
            {
                { "Name", "example_ipsec_vpn_example" },
            },
        });
    
        var exampleGatewayAssociation = new Aws.DirectConnect.GatewayAssociation("example", new()
        {
            DxGatewayId = exampleGateway.Id,
            AssociatedGatewayId = exampleTransitGateway.Id,
            AllowedPrefixes = new[]
            {
                "10.0.0.0/8",
            },
        });
    
        var example = Aws.Ec2TransitGateway.GetDirectConnectGatewayAttachment.Invoke(new()
        {
            TransitGatewayId = exampleTransitGateway.Id,
            DxGatewayId = exampleGateway.Id,
        });
    
        var exampleVpnConnection = new Aws.Ec2.VpnConnection("example", new()
        {
            CustomerGatewayId = exampleCustomerGateway.Id,
            OutsideIpAddressType = "PrivateIpv4",
            TransitGatewayId = exampleTransitGateway.Id,
            TransportTransitGatewayAttachmentId = example.Apply(getDirectConnectGatewayAttachmentResult => getDirectConnectGatewayAttachmentResult.Id),
            Type = "ipsec.1",
            Tags = 
            {
                { "Name", "example_ipsec_vpn_example" },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.directconnect.Gateway;
    import com.pulumi.aws.directconnect.GatewayArgs;
    import com.pulumi.aws.ec2transitgateway.TransitGateway;
    import com.pulumi.aws.ec2transitgateway.TransitGatewayArgs;
    import com.pulumi.aws.ec2.CustomerGateway;
    import com.pulumi.aws.ec2.CustomerGatewayArgs;
    import com.pulumi.aws.directconnect.GatewayAssociation;
    import com.pulumi.aws.directconnect.GatewayAssociationArgs;
    import com.pulumi.aws.ec2transitgateway.Ec2transitgatewayFunctions;
    import com.pulumi.aws.ec2transitgateway.inputs.GetDirectConnectGatewayAttachmentArgs;
    import com.pulumi.aws.ec2.VpnConnection;
    import com.pulumi.aws.ec2.VpnConnectionArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var exampleGateway = new Gateway("exampleGateway", GatewayArgs.builder()
                .name("example_ipsec_vpn_example")
                .amazonSideAsn("64512")
                .build());
    
            var exampleTransitGateway = new TransitGateway("exampleTransitGateway", TransitGatewayArgs.builder()
                .amazonSideAsn("64513")
                .description("example_ipsec_vpn_example")
                .transitGatewayCidrBlocks("10.0.0.0/24")
                .build());
    
            var exampleCustomerGateway = new CustomerGateway("exampleCustomerGateway", CustomerGatewayArgs.builder()
                .bgpAsn(64514)
                .ipAddress("10.0.0.1")
                .type("ipsec.1")
                .tags(Map.of("Name", "example_ipsec_vpn_example"))
                .build());
    
            var exampleGatewayAssociation = new GatewayAssociation("exampleGatewayAssociation", GatewayAssociationArgs.builder()
                .dxGatewayId(exampleGateway.id())
                .associatedGatewayId(exampleTransitGateway.id())
                .allowedPrefixes("10.0.0.0/8")
                .build());
    
            final var example = Ec2transitgatewayFunctions.getDirectConnectGatewayAttachment(GetDirectConnectGatewayAttachmentArgs.builder()
                .transitGatewayId(exampleTransitGateway.id())
                .dxGatewayId(exampleGateway.id())
                .build());
    
            var exampleVpnConnection = new VpnConnection("exampleVpnConnection", VpnConnectionArgs.builder()
                .customerGatewayId(exampleCustomerGateway.id())
                .outsideIpAddressType("PrivateIpv4")
                .transitGatewayId(exampleTransitGateway.id())
                .transportTransitGatewayAttachmentId(example.applyValue(getDirectConnectGatewayAttachmentResult -> getDirectConnectGatewayAttachmentResult).applyValue(example -> example.applyValue(getDirectConnectGatewayAttachmentResult -> getDirectConnectGatewayAttachmentResult.id())))
                .type("ipsec.1")
                .tags(Map.of("Name", "example_ipsec_vpn_example"))
                .build());
    
        }
    }
    
    resources:
      exampleGateway:
        type: aws:directconnect:Gateway
        name: example
        properties:
          name: example_ipsec_vpn_example
          amazonSideAsn: '64512'
      exampleTransitGateway:
        type: aws:ec2transitgateway:TransitGateway
        name: example
        properties:
          amazonSideAsn: '64513'
          description: example_ipsec_vpn_example
          transitGatewayCidrBlocks:
            - 10.0.0.0/24
      exampleCustomerGateway:
        type: aws:ec2:CustomerGateway
        name: example
        properties:
          bgpAsn: 64514
          ipAddress: 10.0.0.1
          type: ipsec.1
          tags:
            Name: example_ipsec_vpn_example
      exampleGatewayAssociation:
        type: aws:directconnect:GatewayAssociation
        name: example
        properties:
          dxGatewayId: ${exampleGateway.id}
          associatedGatewayId: ${exampleTransitGateway.id}
          allowedPrefixes:
            - 10.0.0.0/8
      exampleVpnConnection:
        type: aws:ec2:VpnConnection
        name: example
        properties:
          customerGatewayId: ${exampleCustomerGateway.id}
          outsideIpAddressType: PrivateIpv4
          transitGatewayId: ${exampleTransitGateway.id}
          transportTransitGatewayAttachmentId: ${example.id}
          type: ipsec.1
          tags:
            Name: example_ipsec_vpn_example
    variables:
      example:
        fn::invoke:
          Function: aws:ec2transitgateway:getDirectConnectGatewayAttachment
          Arguments:
            transitGatewayId: ${exampleTransitGateway.id}
            dxGatewayId: ${exampleGateway.id}
    

    Create VpnConnection Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new VpnConnection(name: string, args: VpnConnectionArgs, opts?: CustomResourceOptions);
    @overload
    def VpnConnection(resource_name: str,
                      args: VpnConnectionArgs,
                      opts: Optional[ResourceOptions] = None)
    
    @overload
    def VpnConnection(resource_name: str,
                      opts: Optional[ResourceOptions] = None,
                      customer_gateway_id: Optional[str] = None,
                      type: Optional[str] = None,
                      enable_acceleration: Optional[bool] = None,
                      local_ipv4_network_cidr: Optional[str] = None,
                      local_ipv6_network_cidr: Optional[str] = None,
                      outside_ip_address_type: Optional[str] = None,
                      remote_ipv4_network_cidr: Optional[str] = None,
                      remote_ipv6_network_cidr: Optional[str] = None,
                      static_routes_only: Optional[bool] = None,
                      tags: Optional[Mapping[str, str]] = None,
                      transit_gateway_id: Optional[str] = None,
                      transport_transit_gateway_attachment_id: Optional[str] = None,
                      tunnel1_dpd_timeout_action: Optional[str] = None,
                      tunnel1_dpd_timeout_seconds: Optional[int] = None,
                      tunnel1_enable_tunnel_lifecycle_control: Optional[bool] = None,
                      tunnel1_ike_versions: Optional[Sequence[str]] = None,
                      tunnel1_inside_cidr: Optional[str] = None,
                      tunnel1_inside_ipv6_cidr: Optional[str] = None,
                      tunnel1_log_options: Optional[VpnConnectionTunnel1LogOptionsArgs] = None,
                      tunnel1_phase1_dh_group_numbers: Optional[Sequence[int]] = None,
                      tunnel1_phase1_encryption_algorithms: Optional[Sequence[str]] = None,
                      tunnel1_phase1_integrity_algorithms: Optional[Sequence[str]] = None,
                      tunnel1_phase1_lifetime_seconds: Optional[int] = None,
                      tunnel1_phase2_dh_group_numbers: Optional[Sequence[int]] = None,
                      tunnel1_phase2_encryption_algorithms: Optional[Sequence[str]] = None,
                      tunnel1_phase2_integrity_algorithms: Optional[Sequence[str]] = None,
                      tunnel1_phase2_lifetime_seconds: Optional[int] = None,
                      tunnel1_preshared_key: Optional[str] = None,
                      tunnel1_rekey_fuzz_percentage: Optional[int] = None,
                      tunnel1_rekey_margin_time_seconds: Optional[int] = None,
                      tunnel1_replay_window_size: Optional[int] = None,
                      tunnel1_startup_action: Optional[str] = None,
                      tunnel2_dpd_timeout_action: Optional[str] = None,
                      tunnel2_dpd_timeout_seconds: Optional[int] = None,
                      tunnel2_enable_tunnel_lifecycle_control: Optional[bool] = None,
                      tunnel2_ike_versions: Optional[Sequence[str]] = None,
                      tunnel2_inside_cidr: Optional[str] = None,
                      tunnel2_inside_ipv6_cidr: Optional[str] = None,
                      tunnel2_log_options: Optional[VpnConnectionTunnel2LogOptionsArgs] = None,
                      tunnel2_phase1_dh_group_numbers: Optional[Sequence[int]] = None,
                      tunnel2_phase1_encryption_algorithms: Optional[Sequence[str]] = None,
                      tunnel2_phase1_integrity_algorithms: Optional[Sequence[str]] = None,
                      tunnel2_phase1_lifetime_seconds: Optional[int] = None,
                      tunnel2_phase2_dh_group_numbers: Optional[Sequence[int]] = None,
                      tunnel2_phase2_encryption_algorithms: Optional[Sequence[str]] = None,
                      tunnel2_phase2_integrity_algorithms: Optional[Sequence[str]] = None,
                      tunnel2_phase2_lifetime_seconds: Optional[int] = None,
                      tunnel2_preshared_key: Optional[str] = None,
                      tunnel2_rekey_fuzz_percentage: Optional[int] = None,
                      tunnel2_rekey_margin_time_seconds: Optional[int] = None,
                      tunnel2_replay_window_size: Optional[int] = None,
                      tunnel2_startup_action: Optional[str] = None,
                      tunnel_inside_ip_version: Optional[str] = None,
                      vpn_gateway_id: Optional[str] = None)
    func NewVpnConnection(ctx *Context, name string, args VpnConnectionArgs, opts ...ResourceOption) (*VpnConnection, error)
    public VpnConnection(string name, VpnConnectionArgs args, CustomResourceOptions? opts = null)
    public VpnConnection(String name, VpnConnectionArgs args)
    public VpnConnection(String name, VpnConnectionArgs args, CustomResourceOptions options)
    
    type: aws:ec2:VpnConnection
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args VpnConnectionArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args VpnConnectionArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args VpnConnectionArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args VpnConnectionArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args VpnConnectionArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var vpnConnectionResource = new Aws.Ec2.VpnConnection("vpnConnectionResource", new()
    {
        CustomerGatewayId = "string",
        Type = "string",
        EnableAcceleration = false,
        LocalIpv4NetworkCidr = "string",
        LocalIpv6NetworkCidr = "string",
        OutsideIpAddressType = "string",
        RemoteIpv4NetworkCidr = "string",
        RemoteIpv6NetworkCidr = "string",
        StaticRoutesOnly = false,
        Tags = 
        {
            { "string", "string" },
        },
        TransitGatewayId = "string",
        TransportTransitGatewayAttachmentId = "string",
        Tunnel1DpdTimeoutAction = "string",
        Tunnel1DpdTimeoutSeconds = 0,
        Tunnel1EnableTunnelLifecycleControl = false,
        Tunnel1IkeVersions = new[]
        {
            "string",
        },
        Tunnel1InsideCidr = "string",
        Tunnel1InsideIpv6Cidr = "string",
        Tunnel1LogOptions = new Aws.Ec2.Inputs.VpnConnectionTunnel1LogOptionsArgs
        {
            CloudwatchLogOptions = new Aws.Ec2.Inputs.VpnConnectionTunnel1LogOptionsCloudwatchLogOptionsArgs
            {
                LogEnabled = false,
                LogGroupArn = "string",
                LogOutputFormat = "string",
            },
        },
        Tunnel1Phase1DhGroupNumbers = new[]
        {
            0,
        },
        Tunnel1Phase1EncryptionAlgorithms = new[]
        {
            "string",
        },
        Tunnel1Phase1IntegrityAlgorithms = new[]
        {
            "string",
        },
        Tunnel1Phase1LifetimeSeconds = 0,
        Tunnel1Phase2DhGroupNumbers = new[]
        {
            0,
        },
        Tunnel1Phase2EncryptionAlgorithms = new[]
        {
            "string",
        },
        Tunnel1Phase2IntegrityAlgorithms = new[]
        {
            "string",
        },
        Tunnel1Phase2LifetimeSeconds = 0,
        Tunnel1PresharedKey = "string",
        Tunnel1RekeyFuzzPercentage = 0,
        Tunnel1RekeyMarginTimeSeconds = 0,
        Tunnel1ReplayWindowSize = 0,
        Tunnel1StartupAction = "string",
        Tunnel2DpdTimeoutAction = "string",
        Tunnel2DpdTimeoutSeconds = 0,
        Tunnel2EnableTunnelLifecycleControl = false,
        Tunnel2IkeVersions = new[]
        {
            "string",
        },
        Tunnel2InsideCidr = "string",
        Tunnel2InsideIpv6Cidr = "string",
        Tunnel2LogOptions = new Aws.Ec2.Inputs.VpnConnectionTunnel2LogOptionsArgs
        {
            CloudwatchLogOptions = new Aws.Ec2.Inputs.VpnConnectionTunnel2LogOptionsCloudwatchLogOptionsArgs
            {
                LogEnabled = false,
                LogGroupArn = "string",
                LogOutputFormat = "string",
            },
        },
        Tunnel2Phase1DhGroupNumbers = new[]
        {
            0,
        },
        Tunnel2Phase1EncryptionAlgorithms = new[]
        {
            "string",
        },
        Tunnel2Phase1IntegrityAlgorithms = new[]
        {
            "string",
        },
        Tunnel2Phase1LifetimeSeconds = 0,
        Tunnel2Phase2DhGroupNumbers = new[]
        {
            0,
        },
        Tunnel2Phase2EncryptionAlgorithms = new[]
        {
            "string",
        },
        Tunnel2Phase2IntegrityAlgorithms = new[]
        {
            "string",
        },
        Tunnel2Phase2LifetimeSeconds = 0,
        Tunnel2PresharedKey = "string",
        Tunnel2RekeyFuzzPercentage = 0,
        Tunnel2RekeyMarginTimeSeconds = 0,
        Tunnel2ReplayWindowSize = 0,
        Tunnel2StartupAction = "string",
        TunnelInsideIpVersion = "string",
        VpnGatewayId = "string",
    });
    
    example, err := ec2.NewVpnConnection(ctx, "vpnConnectionResource", &ec2.VpnConnectionArgs{
    	CustomerGatewayId:     pulumi.String("string"),
    	Type:                  pulumi.String("string"),
    	EnableAcceleration:    pulumi.Bool(false),
    	LocalIpv4NetworkCidr:  pulumi.String("string"),
    	LocalIpv6NetworkCidr:  pulumi.String("string"),
    	OutsideIpAddressType:  pulumi.String("string"),
    	RemoteIpv4NetworkCidr: pulumi.String("string"),
    	RemoteIpv6NetworkCidr: pulumi.String("string"),
    	StaticRoutesOnly:      pulumi.Bool(false),
    	Tags: pulumi.StringMap{
    		"string": pulumi.String("string"),
    	},
    	TransitGatewayId:                    pulumi.String("string"),
    	TransportTransitGatewayAttachmentId: pulumi.String("string"),
    	Tunnel1DpdTimeoutAction:             pulumi.String("string"),
    	Tunnel1DpdTimeoutSeconds:            pulumi.Int(0),
    	Tunnel1EnableTunnelLifecycleControl: pulumi.Bool(false),
    	Tunnel1IkeVersions: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Tunnel1InsideCidr:     pulumi.String("string"),
    	Tunnel1InsideIpv6Cidr: pulumi.String("string"),
    	Tunnel1LogOptions: &ec2.VpnConnectionTunnel1LogOptionsArgs{
    		CloudwatchLogOptions: &ec2.VpnConnectionTunnel1LogOptionsCloudwatchLogOptionsArgs{
    			LogEnabled:      pulumi.Bool(false),
    			LogGroupArn:     pulumi.String("string"),
    			LogOutputFormat: pulumi.String("string"),
    		},
    	},
    	Tunnel1Phase1DhGroupNumbers: pulumi.IntArray{
    		pulumi.Int(0),
    	},
    	Tunnel1Phase1EncryptionAlgorithms: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Tunnel1Phase1IntegrityAlgorithms: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Tunnel1Phase1LifetimeSeconds: pulumi.Int(0),
    	Tunnel1Phase2DhGroupNumbers: pulumi.IntArray{
    		pulumi.Int(0),
    	},
    	Tunnel1Phase2EncryptionAlgorithms: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Tunnel1Phase2IntegrityAlgorithms: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Tunnel1Phase2LifetimeSeconds:        pulumi.Int(0),
    	Tunnel1PresharedKey:                 pulumi.String("string"),
    	Tunnel1RekeyFuzzPercentage:          pulumi.Int(0),
    	Tunnel1RekeyMarginTimeSeconds:       pulumi.Int(0),
    	Tunnel1ReplayWindowSize:             pulumi.Int(0),
    	Tunnel1StartupAction:                pulumi.String("string"),
    	Tunnel2DpdTimeoutAction:             pulumi.String("string"),
    	Tunnel2DpdTimeoutSeconds:            pulumi.Int(0),
    	Tunnel2EnableTunnelLifecycleControl: pulumi.Bool(false),
    	Tunnel2IkeVersions: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Tunnel2InsideCidr:     pulumi.String("string"),
    	Tunnel2InsideIpv6Cidr: pulumi.String("string"),
    	Tunnel2LogOptions: &ec2.VpnConnectionTunnel2LogOptionsArgs{
    		CloudwatchLogOptions: &ec2.VpnConnectionTunnel2LogOptionsCloudwatchLogOptionsArgs{
    			LogEnabled:      pulumi.Bool(false),
    			LogGroupArn:     pulumi.String("string"),
    			LogOutputFormat: pulumi.String("string"),
    		},
    	},
    	Tunnel2Phase1DhGroupNumbers: pulumi.IntArray{
    		pulumi.Int(0),
    	},
    	Tunnel2Phase1EncryptionAlgorithms: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Tunnel2Phase1IntegrityAlgorithms: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Tunnel2Phase1LifetimeSeconds: pulumi.Int(0),
    	Tunnel2Phase2DhGroupNumbers: pulumi.IntArray{
    		pulumi.Int(0),
    	},
    	Tunnel2Phase2EncryptionAlgorithms: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Tunnel2Phase2IntegrityAlgorithms: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Tunnel2Phase2LifetimeSeconds:  pulumi.Int(0),
    	Tunnel2PresharedKey:           pulumi.String("string"),
    	Tunnel2RekeyFuzzPercentage:    pulumi.Int(0),
    	Tunnel2RekeyMarginTimeSeconds: pulumi.Int(0),
    	Tunnel2ReplayWindowSize:       pulumi.Int(0),
    	Tunnel2StartupAction:          pulumi.String("string"),
    	TunnelInsideIpVersion:         pulumi.String("string"),
    	VpnGatewayId:                  pulumi.String("string"),
    })
    
    var vpnConnectionResource = new VpnConnection("vpnConnectionResource", VpnConnectionArgs.builder()
        .customerGatewayId("string")
        .type("string")
        .enableAcceleration(false)
        .localIpv4NetworkCidr("string")
        .localIpv6NetworkCidr("string")
        .outsideIpAddressType("string")
        .remoteIpv4NetworkCidr("string")
        .remoteIpv6NetworkCidr("string")
        .staticRoutesOnly(false)
        .tags(Map.of("string", "string"))
        .transitGatewayId("string")
        .transportTransitGatewayAttachmentId("string")
        .tunnel1DpdTimeoutAction("string")
        .tunnel1DpdTimeoutSeconds(0)
        .tunnel1EnableTunnelLifecycleControl(false)
        .tunnel1IkeVersions("string")
        .tunnel1InsideCidr("string")
        .tunnel1InsideIpv6Cidr("string")
        .tunnel1LogOptions(VpnConnectionTunnel1LogOptionsArgs.builder()
            .cloudwatchLogOptions(VpnConnectionTunnel1LogOptionsCloudwatchLogOptionsArgs.builder()
                .logEnabled(false)
                .logGroupArn("string")
                .logOutputFormat("string")
                .build())
            .build())
        .tunnel1Phase1DhGroupNumbers(0)
        .tunnel1Phase1EncryptionAlgorithms("string")
        .tunnel1Phase1IntegrityAlgorithms("string")
        .tunnel1Phase1LifetimeSeconds(0)
        .tunnel1Phase2DhGroupNumbers(0)
        .tunnel1Phase2EncryptionAlgorithms("string")
        .tunnel1Phase2IntegrityAlgorithms("string")
        .tunnel1Phase2LifetimeSeconds(0)
        .tunnel1PresharedKey("string")
        .tunnel1RekeyFuzzPercentage(0)
        .tunnel1RekeyMarginTimeSeconds(0)
        .tunnel1ReplayWindowSize(0)
        .tunnel1StartupAction("string")
        .tunnel2DpdTimeoutAction("string")
        .tunnel2DpdTimeoutSeconds(0)
        .tunnel2EnableTunnelLifecycleControl(false)
        .tunnel2IkeVersions("string")
        .tunnel2InsideCidr("string")
        .tunnel2InsideIpv6Cidr("string")
        .tunnel2LogOptions(VpnConnectionTunnel2LogOptionsArgs.builder()
            .cloudwatchLogOptions(VpnConnectionTunnel2LogOptionsCloudwatchLogOptionsArgs.builder()
                .logEnabled(false)
                .logGroupArn("string")
                .logOutputFormat("string")
                .build())
            .build())
        .tunnel2Phase1DhGroupNumbers(0)
        .tunnel2Phase1EncryptionAlgorithms("string")
        .tunnel2Phase1IntegrityAlgorithms("string")
        .tunnel2Phase1LifetimeSeconds(0)
        .tunnel2Phase2DhGroupNumbers(0)
        .tunnel2Phase2EncryptionAlgorithms("string")
        .tunnel2Phase2IntegrityAlgorithms("string")
        .tunnel2Phase2LifetimeSeconds(0)
        .tunnel2PresharedKey("string")
        .tunnel2RekeyFuzzPercentage(0)
        .tunnel2RekeyMarginTimeSeconds(0)
        .tunnel2ReplayWindowSize(0)
        .tunnel2StartupAction("string")
        .tunnelInsideIpVersion("string")
        .vpnGatewayId("string")
        .build());
    
    vpn_connection_resource = aws.ec2.VpnConnection("vpnConnectionResource",
        customer_gateway_id="string",
        type="string",
        enable_acceleration=False,
        local_ipv4_network_cidr="string",
        local_ipv6_network_cidr="string",
        outside_ip_address_type="string",
        remote_ipv4_network_cidr="string",
        remote_ipv6_network_cidr="string",
        static_routes_only=False,
        tags={
            "string": "string",
        },
        transit_gateway_id="string",
        transport_transit_gateway_attachment_id="string",
        tunnel1_dpd_timeout_action="string",
        tunnel1_dpd_timeout_seconds=0,
        tunnel1_enable_tunnel_lifecycle_control=False,
        tunnel1_ike_versions=["string"],
        tunnel1_inside_cidr="string",
        tunnel1_inside_ipv6_cidr="string",
        tunnel1_log_options={
            "cloudwatchLogOptions": {
                "logEnabled": False,
                "logGroupArn": "string",
                "logOutputFormat": "string",
            },
        },
        tunnel1_phase1_dh_group_numbers=[0],
        tunnel1_phase1_encryption_algorithms=["string"],
        tunnel1_phase1_integrity_algorithms=["string"],
        tunnel1_phase1_lifetime_seconds=0,
        tunnel1_phase2_dh_group_numbers=[0],
        tunnel1_phase2_encryption_algorithms=["string"],
        tunnel1_phase2_integrity_algorithms=["string"],
        tunnel1_phase2_lifetime_seconds=0,
        tunnel1_preshared_key="string",
        tunnel1_rekey_fuzz_percentage=0,
        tunnel1_rekey_margin_time_seconds=0,
        tunnel1_replay_window_size=0,
        tunnel1_startup_action="string",
        tunnel2_dpd_timeout_action="string",
        tunnel2_dpd_timeout_seconds=0,
        tunnel2_enable_tunnel_lifecycle_control=False,
        tunnel2_ike_versions=["string"],
        tunnel2_inside_cidr="string",
        tunnel2_inside_ipv6_cidr="string",
        tunnel2_log_options={
            "cloudwatchLogOptions": {
                "logEnabled": False,
                "logGroupArn": "string",
                "logOutputFormat": "string",
            },
        },
        tunnel2_phase1_dh_group_numbers=[0],
        tunnel2_phase1_encryption_algorithms=["string"],
        tunnel2_phase1_integrity_algorithms=["string"],
        tunnel2_phase1_lifetime_seconds=0,
        tunnel2_phase2_dh_group_numbers=[0],
        tunnel2_phase2_encryption_algorithms=["string"],
        tunnel2_phase2_integrity_algorithms=["string"],
        tunnel2_phase2_lifetime_seconds=0,
        tunnel2_preshared_key="string",
        tunnel2_rekey_fuzz_percentage=0,
        tunnel2_rekey_margin_time_seconds=0,
        tunnel2_replay_window_size=0,
        tunnel2_startup_action="string",
        tunnel_inside_ip_version="string",
        vpn_gateway_id="string")
    
    const vpnConnectionResource = new aws.ec2.VpnConnection("vpnConnectionResource", {
        customerGatewayId: "string",
        type: "string",
        enableAcceleration: false,
        localIpv4NetworkCidr: "string",
        localIpv6NetworkCidr: "string",
        outsideIpAddressType: "string",
        remoteIpv4NetworkCidr: "string",
        remoteIpv6NetworkCidr: "string",
        staticRoutesOnly: false,
        tags: {
            string: "string",
        },
        transitGatewayId: "string",
        transportTransitGatewayAttachmentId: "string",
        tunnel1DpdTimeoutAction: "string",
        tunnel1DpdTimeoutSeconds: 0,
        tunnel1EnableTunnelLifecycleControl: false,
        tunnel1IkeVersions: ["string"],
        tunnel1InsideCidr: "string",
        tunnel1InsideIpv6Cidr: "string",
        tunnel1LogOptions: {
            cloudwatchLogOptions: {
                logEnabled: false,
                logGroupArn: "string",
                logOutputFormat: "string",
            },
        },
        tunnel1Phase1DhGroupNumbers: [0],
        tunnel1Phase1EncryptionAlgorithms: ["string"],
        tunnel1Phase1IntegrityAlgorithms: ["string"],
        tunnel1Phase1LifetimeSeconds: 0,
        tunnel1Phase2DhGroupNumbers: [0],
        tunnel1Phase2EncryptionAlgorithms: ["string"],
        tunnel1Phase2IntegrityAlgorithms: ["string"],
        tunnel1Phase2LifetimeSeconds: 0,
        tunnel1PresharedKey: "string",
        tunnel1RekeyFuzzPercentage: 0,
        tunnel1RekeyMarginTimeSeconds: 0,
        tunnel1ReplayWindowSize: 0,
        tunnel1StartupAction: "string",
        tunnel2DpdTimeoutAction: "string",
        tunnel2DpdTimeoutSeconds: 0,
        tunnel2EnableTunnelLifecycleControl: false,
        tunnel2IkeVersions: ["string"],
        tunnel2InsideCidr: "string",
        tunnel2InsideIpv6Cidr: "string",
        tunnel2LogOptions: {
            cloudwatchLogOptions: {
                logEnabled: false,
                logGroupArn: "string",
                logOutputFormat: "string",
            },
        },
        tunnel2Phase1DhGroupNumbers: [0],
        tunnel2Phase1EncryptionAlgorithms: ["string"],
        tunnel2Phase1IntegrityAlgorithms: ["string"],
        tunnel2Phase1LifetimeSeconds: 0,
        tunnel2Phase2DhGroupNumbers: [0],
        tunnel2Phase2EncryptionAlgorithms: ["string"],
        tunnel2Phase2IntegrityAlgorithms: ["string"],
        tunnel2Phase2LifetimeSeconds: 0,
        tunnel2PresharedKey: "string",
        tunnel2RekeyFuzzPercentage: 0,
        tunnel2RekeyMarginTimeSeconds: 0,
        tunnel2ReplayWindowSize: 0,
        tunnel2StartupAction: "string",
        tunnelInsideIpVersion: "string",
        vpnGatewayId: "string",
    });
    
    type: aws:ec2:VpnConnection
    properties:
        customerGatewayId: string
        enableAcceleration: false
        localIpv4NetworkCidr: string
        localIpv6NetworkCidr: string
        outsideIpAddressType: string
        remoteIpv4NetworkCidr: string
        remoteIpv6NetworkCidr: string
        staticRoutesOnly: false
        tags:
            string: string
        transitGatewayId: string
        transportTransitGatewayAttachmentId: string
        tunnel1DpdTimeoutAction: string
        tunnel1DpdTimeoutSeconds: 0
        tunnel1EnableTunnelLifecycleControl: false
        tunnel1IkeVersions:
            - string
        tunnel1InsideCidr: string
        tunnel1InsideIpv6Cidr: string
        tunnel1LogOptions:
            cloudwatchLogOptions:
                logEnabled: false
                logGroupArn: string
                logOutputFormat: string
        tunnel1Phase1DhGroupNumbers:
            - 0
        tunnel1Phase1EncryptionAlgorithms:
            - string
        tunnel1Phase1IntegrityAlgorithms:
            - string
        tunnel1Phase1LifetimeSeconds: 0
        tunnel1Phase2DhGroupNumbers:
            - 0
        tunnel1Phase2EncryptionAlgorithms:
            - string
        tunnel1Phase2IntegrityAlgorithms:
            - string
        tunnel1Phase2LifetimeSeconds: 0
        tunnel1PresharedKey: string
        tunnel1RekeyFuzzPercentage: 0
        tunnel1RekeyMarginTimeSeconds: 0
        tunnel1ReplayWindowSize: 0
        tunnel1StartupAction: string
        tunnel2DpdTimeoutAction: string
        tunnel2DpdTimeoutSeconds: 0
        tunnel2EnableTunnelLifecycleControl: false
        tunnel2IkeVersions:
            - string
        tunnel2InsideCidr: string
        tunnel2InsideIpv6Cidr: string
        tunnel2LogOptions:
            cloudwatchLogOptions:
                logEnabled: false
                logGroupArn: string
                logOutputFormat: string
        tunnel2Phase1DhGroupNumbers:
            - 0
        tunnel2Phase1EncryptionAlgorithms:
            - string
        tunnel2Phase1IntegrityAlgorithms:
            - string
        tunnel2Phase1LifetimeSeconds: 0
        tunnel2Phase2DhGroupNumbers:
            - 0
        tunnel2Phase2EncryptionAlgorithms:
            - string
        tunnel2Phase2IntegrityAlgorithms:
            - string
        tunnel2Phase2LifetimeSeconds: 0
        tunnel2PresharedKey: string
        tunnel2RekeyFuzzPercentage: 0
        tunnel2RekeyMarginTimeSeconds: 0
        tunnel2ReplayWindowSize: 0
        tunnel2StartupAction: string
        tunnelInsideIpVersion: string
        type: string
        vpnGatewayId: string
    

    VpnConnection Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The VpnConnection resource accepts the following input properties:

    CustomerGatewayId string
    The ID of the customer gateway.
    Type string
    The type of VPN connection. The only type AWS supports at this time is "ipsec.1".
    EnableAcceleration bool
    Indicate whether to enable acceleration for the VPN connection. Supports only EC2 Transit Gateway.
    LocalIpv4NetworkCidr string
    The IPv4 CIDR on the customer gateway (on-premises) side of the VPN connection.
    LocalIpv6NetworkCidr string
    The IPv6 CIDR on the customer gateway (on-premises) side of the VPN connection.
    OutsideIpAddressType string
    Indicates if a Public S2S VPN or Private S2S VPN over AWS Direct Connect. Valid values are PublicIpv4 | PrivateIpv4
    RemoteIpv4NetworkCidr string
    The IPv4 CIDR on the AWS side of the VPN connection.
    RemoteIpv6NetworkCidr string
    The IPv6 CIDR on the AWS side of the VPN connection.
    StaticRoutesOnly bool
    Whether the VPN connection uses static routes exclusively. Static routes must be used for devices that don't support BGP.
    Tags Dictionary<string, string>
    Tags to apply to the connection. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    TransitGatewayId string
    The ID of the EC2 Transit Gateway.
    TransportTransitGatewayAttachmentId string
    . The attachment ID of the Transit Gateway attachment to Direct Connect Gateway. The ID is obtained through a data source only.
    Tunnel1DpdTimeoutAction string
    The action to take after DPD timeout occurs for the first VPN tunnel. Specify restart to restart the IKE initiation. Specify clear to end the IKE session. Valid values are clear | none | restart.
    Tunnel1DpdTimeoutSeconds int
    The number of seconds after which a DPD timeout occurs for the first VPN tunnel. Valid value is equal or higher than 30.
    Tunnel1EnableTunnelLifecycleControl bool
    Turn on or off tunnel endpoint lifecycle control feature for the first VPN tunnel. Valid values are true | false.
    Tunnel1IkeVersions List<string>
    The IKE versions that are permitted for the first VPN tunnel. Valid values are ikev1 | ikev2.
    Tunnel1InsideCidr string
    The CIDR block of the inside IP addresses for the first VPN tunnel. Valid value is a size /30 CIDR block from the 169.254.0.0/16 range.
    Tunnel1InsideIpv6Cidr string
    The range of inside IPv6 addresses for the first VPN tunnel. Supports only EC2 Transit Gateway. Valid value is a size /126 CIDR block from the local fd00::/8 range.
    Tunnel1LogOptions VpnConnectionTunnel1LogOptions
    Options for logging VPN tunnel activity. See Log Options below for more details.
    Tunnel1Phase1DhGroupNumbers List<int>
    List of one or more Diffie-Hellman group numbers that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are 2 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24.
    Tunnel1Phase1EncryptionAlgorithms List<string>
    List of one or more encryption algorithms that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16.
    Tunnel1Phase1IntegrityAlgorithms List<string>
    One or more integrity algorithms that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are SHA1 | SHA2-256 | SHA2-384 | SHA2-512.
    Tunnel1Phase1LifetimeSeconds int
    The lifetime for phase 1 of the IKE negotiation for the first VPN tunnel, in seconds. Valid value is between 900 and 28800.
    Tunnel1Phase2DhGroupNumbers List<int>
    List of one or more Diffie-Hellman group numbers that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are 2 | 5 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24.
    Tunnel1Phase2EncryptionAlgorithms List<string>
    List of one or more encryption algorithms that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16.
    Tunnel1Phase2IntegrityAlgorithms List<string>
    List of one or more integrity algorithms that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are SHA1 | SHA2-256 | SHA2-384 | SHA2-512.
    Tunnel1Phase2LifetimeSeconds int
    The lifetime for phase 2 of the IKE negotiation for the first VPN tunnel, in seconds. Valid value is between 900 and 3600.
    Tunnel1PresharedKey string
    The preshared key of the first VPN tunnel. The preshared key must be between 8 and 64 characters in length and cannot start with zero(0). Allowed characters are alphanumeric characters, periods(.) and underscores(_).
    Tunnel1RekeyFuzzPercentage int
    The percentage of the rekey window for the first VPN tunnel (determined by tunnel1_rekey_margin_time_seconds) during which the rekey time is randomly selected. Valid value is between 0 and 100.
    Tunnel1RekeyMarginTimeSeconds int
    The margin time, in seconds, before the phase 2 lifetime expires, during which the AWS side of the first VPN connection performs an IKE rekey. The exact time of the rekey is randomly selected based on the value for tunnel1_rekey_fuzz_percentage. Valid value is between 60 and half of tunnel1_phase2_lifetime_seconds.
    Tunnel1ReplayWindowSize int
    The number of packets in an IKE replay window for the first VPN tunnel. Valid value is between 64 and 2048.
    Tunnel1StartupAction string
    The action to take when the establishing the tunnel for the first VPN connection. By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specify start for AWS to initiate the IKE negotiation. Valid values are add | start.
    Tunnel2DpdTimeoutAction string
    The action to take after DPD timeout occurs for the second VPN tunnel. Specify restart to restart the IKE initiation. Specify clear to end the IKE session. Valid values are clear | none | restart.
    Tunnel2DpdTimeoutSeconds int
    The number of seconds after which a DPD timeout occurs for the second VPN tunnel. Valid value is equal or higher than 30.
    Tunnel2EnableTunnelLifecycleControl bool
    Turn on or off tunnel endpoint lifecycle control feature for the second VPN tunnel. Valid values are true | false.
    Tunnel2IkeVersions List<string>
    The IKE versions that are permitted for the second VPN tunnel. Valid values are ikev1 | ikev2.
    Tunnel2InsideCidr string
    The CIDR block of the inside IP addresses for the second VPN tunnel. Valid value is a size /30 CIDR block from the 169.254.0.0/16 range.
    Tunnel2InsideIpv6Cidr string
    The range of inside IPv6 addresses for the second VPN tunnel. Supports only EC2 Transit Gateway. Valid value is a size /126 CIDR block from the local fd00::/8 range.
    Tunnel2LogOptions VpnConnectionTunnel2LogOptions
    Options for logging VPN tunnel activity. See Log Options below for more details.
    Tunnel2Phase1DhGroupNumbers List<int>
    List of one or more Diffie-Hellman group numbers that are permitted for the second VPN tunnel for phase 1 IKE negotiations. Valid values are 2 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24.
    Tunnel2Phase1EncryptionAlgorithms List<string>
    List of one or more encryption algorithms that are permitted for the second VPN tunnel for phase 1 IKE negotiations. Valid values are AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16.
    Tunnel2Phase1IntegrityAlgorithms List<string>
    One or more integrity algorithms that are permitted for the second VPN tunnel for phase 1 IKE negotiations. Valid values are SHA1 | SHA2-256 | SHA2-384 | SHA2-512.
    Tunnel2Phase1LifetimeSeconds int
    The lifetime for phase 1 of the IKE negotiation for the second VPN tunnel, in seconds. Valid value is between 900 and 28800.
    Tunnel2Phase2DhGroupNumbers List<int>
    List of one or more Diffie-Hellman group numbers that are permitted for the second VPN tunnel for phase 2 IKE negotiations. Valid values are 2 | 5 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24.
    Tunnel2Phase2EncryptionAlgorithms List<string>
    List of one or more encryption algorithms that are permitted for the second VPN tunnel for phase 2 IKE negotiations. Valid values are AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16.
    Tunnel2Phase2IntegrityAlgorithms List<string>
    List of one or more integrity algorithms that are permitted for the second VPN tunnel for phase 2 IKE negotiations. Valid values are SHA1 | SHA2-256 | SHA2-384 | SHA2-512.
    Tunnel2Phase2LifetimeSeconds int
    The lifetime for phase 2 of the IKE negotiation for the second VPN tunnel, in seconds. Valid value is between 900 and 3600.
    Tunnel2PresharedKey string
    The preshared key of the second VPN tunnel. The preshared key must be between 8 and 64 characters in length and cannot start with zero(0). Allowed characters are alphanumeric characters, periods(.) and underscores(_).
    Tunnel2RekeyFuzzPercentage int
    The percentage of the rekey window for the second VPN tunnel (determined by tunnel2_rekey_margin_time_seconds) during which the rekey time is randomly selected. Valid value is between 0 and 100.
    Tunnel2RekeyMarginTimeSeconds int
    The margin time, in seconds, before the phase 2 lifetime expires, during which the AWS side of the second VPN connection performs an IKE rekey. The exact time of the rekey is randomly selected based on the value for tunnel2_rekey_fuzz_percentage. Valid value is between 60 and half of tunnel2_phase2_lifetime_seconds.
    Tunnel2ReplayWindowSize int
    The number of packets in an IKE replay window for the second VPN tunnel. Valid value is between 64 and 2048.
    Tunnel2StartupAction string
    The action to take when the establishing the tunnel for the second VPN connection. By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specify start for AWS to initiate the IKE negotiation. Valid values are add | start.
    TunnelInsideIpVersion string
    Indicate whether the VPN tunnels process IPv4 or IPv6 traffic. Valid values are ipv4 | ipv6. ipv6 Supports only EC2 Transit Gateway.
    VpnGatewayId string
    The ID of the Virtual Private Gateway.
    CustomerGatewayId string
    The ID of the customer gateway.
    Type string
    The type of VPN connection. The only type AWS supports at this time is "ipsec.1".
    EnableAcceleration bool
    Indicate whether to enable acceleration for the VPN connection. Supports only EC2 Transit Gateway.
    LocalIpv4NetworkCidr string
    The IPv4 CIDR on the customer gateway (on-premises) side of the VPN connection.
    LocalIpv6NetworkCidr string
    The IPv6 CIDR on the customer gateway (on-premises) side of the VPN connection.
    OutsideIpAddressType string
    Indicates if a Public S2S VPN or Private S2S VPN over AWS Direct Connect. Valid values are PublicIpv4 | PrivateIpv4
    RemoteIpv4NetworkCidr string
    The IPv4 CIDR on the AWS side of the VPN connection.
    RemoteIpv6NetworkCidr string
    The IPv6 CIDR on the AWS side of the VPN connection.
    StaticRoutesOnly bool
    Whether the VPN connection uses static routes exclusively. Static routes must be used for devices that don't support BGP.
    Tags map[string]string
    Tags to apply to the connection. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    TransitGatewayId string
    The ID of the EC2 Transit Gateway.
    TransportTransitGatewayAttachmentId string
    . The attachment ID of the Transit Gateway attachment to Direct Connect Gateway. The ID is obtained through a data source only.
    Tunnel1DpdTimeoutAction string
    The action to take after DPD timeout occurs for the first VPN tunnel. Specify restart to restart the IKE initiation. Specify clear to end the IKE session. Valid values are clear | none | restart.
    Tunnel1DpdTimeoutSeconds int
    The number of seconds after which a DPD timeout occurs for the first VPN tunnel. Valid value is equal or higher than 30.
    Tunnel1EnableTunnelLifecycleControl bool
    Turn on or off tunnel endpoint lifecycle control feature for the first VPN tunnel. Valid values are true | false.
    Tunnel1IkeVersions []string
    The IKE versions that are permitted for the first VPN tunnel. Valid values are ikev1 | ikev2.
    Tunnel1InsideCidr string
    The CIDR block of the inside IP addresses for the first VPN tunnel. Valid value is a size /30 CIDR block from the 169.254.0.0/16 range.
    Tunnel1InsideIpv6Cidr string
    The range of inside IPv6 addresses for the first VPN tunnel. Supports only EC2 Transit Gateway. Valid value is a size /126 CIDR block from the local fd00::/8 range.
    Tunnel1LogOptions VpnConnectionTunnel1LogOptionsArgs
    Options for logging VPN tunnel activity. See Log Options below for more details.
    Tunnel1Phase1DhGroupNumbers []int
    List of one or more Diffie-Hellman group numbers that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are 2 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24.
    Tunnel1Phase1EncryptionAlgorithms []string
    List of one or more encryption algorithms that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16.
    Tunnel1Phase1IntegrityAlgorithms []string
    One or more integrity algorithms that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are SHA1 | SHA2-256 | SHA2-384 | SHA2-512.
    Tunnel1Phase1LifetimeSeconds int
    The lifetime for phase 1 of the IKE negotiation for the first VPN tunnel, in seconds. Valid value is between 900 and 28800.
    Tunnel1Phase2DhGroupNumbers []int
    List of one or more Diffie-Hellman group numbers that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are 2 | 5 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24.
    Tunnel1Phase2EncryptionAlgorithms []string
    List of one or more encryption algorithms that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16.
    Tunnel1Phase2IntegrityAlgorithms []string
    List of one or more integrity algorithms that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are SHA1 | SHA2-256 | SHA2-384 | SHA2-512.
    Tunnel1Phase2LifetimeSeconds int
    The lifetime for phase 2 of the IKE negotiation for the first VPN tunnel, in seconds. Valid value is between 900 and 3600.
    Tunnel1PresharedKey string
    The preshared key of the first VPN tunnel. The preshared key must be between 8 and 64 characters in length and cannot start with zero(0). Allowed characters are alphanumeric characters, periods(.) and underscores(_).
    Tunnel1RekeyFuzzPercentage int
    The percentage of the rekey window for the first VPN tunnel (determined by tunnel1_rekey_margin_time_seconds) during which the rekey time is randomly selected. Valid value is between 0 and 100.
    Tunnel1RekeyMarginTimeSeconds int
    The margin time, in seconds, before the phase 2 lifetime expires, during which the AWS side of the first VPN connection performs an IKE rekey. The exact time of the rekey is randomly selected based on the value for tunnel1_rekey_fuzz_percentage. Valid value is between 60 and half of tunnel1_phase2_lifetime_seconds.
    Tunnel1ReplayWindowSize int
    The number of packets in an IKE replay window for the first VPN tunnel. Valid value is between 64 and 2048.
    Tunnel1StartupAction string
    The action to take when the establishing the tunnel for the first VPN connection. By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specify start for AWS to initiate the IKE negotiation. Valid values are add | start.
    Tunnel2DpdTimeoutAction string
    The action to take after DPD timeout occurs for the second VPN tunnel. Specify restart to restart the IKE initiation. Specify clear to end the IKE session. Valid values are clear | none | restart.
    Tunnel2DpdTimeoutSeconds int
    The number of seconds after which a DPD timeout occurs for the second VPN tunnel. Valid value is equal or higher than 30.
    Tunnel2EnableTunnelLifecycleControl bool
    Turn on or off tunnel endpoint lifecycle control feature for the second VPN tunnel. Valid values are true | false.
    Tunnel2IkeVersions []string
    The IKE versions that are permitted for the second VPN tunnel. Valid values are ikev1 | ikev2.
    Tunnel2InsideCidr string
    The CIDR block of the inside IP addresses for the second VPN tunnel. Valid value is a size /30 CIDR block from the 169.254.0.0/16 range.
    Tunnel2InsideIpv6Cidr string
    The range of inside IPv6 addresses for the second VPN tunnel. Supports only EC2 Transit Gateway. Valid value is a size /126 CIDR block from the local fd00::/8 range.
    Tunnel2LogOptions VpnConnectionTunnel2LogOptionsArgs
    Options for logging VPN tunnel activity. See Log Options below for more details.
    Tunnel2Phase1DhGroupNumbers []int
    List of one or more Diffie-Hellman group numbers that are permitted for the second VPN tunnel for phase 1 IKE negotiations. Valid values are 2 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24.
    Tunnel2Phase1EncryptionAlgorithms []string
    List of one or more encryption algorithms that are permitted for the second VPN tunnel for phase 1 IKE negotiations. Valid values are AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16.
    Tunnel2Phase1IntegrityAlgorithms []string
    One or more integrity algorithms that are permitted for the second VPN tunnel for phase 1 IKE negotiations. Valid values are SHA1 | SHA2-256 | SHA2-384 | SHA2-512.
    Tunnel2Phase1LifetimeSeconds int
    The lifetime for phase 1 of the IKE negotiation for the second VPN tunnel, in seconds. Valid value is between 900 and 28800.
    Tunnel2Phase2DhGroupNumbers []int
    List of one or more Diffie-Hellman group numbers that are permitted for the second VPN tunnel for phase 2 IKE negotiations. Valid values are 2 | 5 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24.
    Tunnel2Phase2EncryptionAlgorithms []string
    List of one or more encryption algorithms that are permitted for the second VPN tunnel for phase 2 IKE negotiations. Valid values are AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16.
    Tunnel2Phase2IntegrityAlgorithms []string
    List of one or more integrity algorithms that are permitted for the second VPN tunnel for phase 2 IKE negotiations. Valid values are SHA1 | SHA2-256 | SHA2-384 | SHA2-512.
    Tunnel2Phase2LifetimeSeconds int
    The lifetime for phase 2 of the IKE negotiation for the second VPN tunnel, in seconds. Valid value is between 900 and 3600.
    Tunnel2PresharedKey string
    The preshared key of the second VPN tunnel. The preshared key must be between 8 and 64 characters in length and cannot start with zero(0). Allowed characters are alphanumeric characters, periods(.) and underscores(_).
    Tunnel2RekeyFuzzPercentage int
    The percentage of the rekey window for the second VPN tunnel (determined by tunnel2_rekey_margin_time_seconds) during which the rekey time is randomly selected. Valid value is between 0 and 100.
    Tunnel2RekeyMarginTimeSeconds int
    The margin time, in seconds, before the phase 2 lifetime expires, during which the AWS side of the second VPN connection performs an IKE rekey. The exact time of the rekey is randomly selected based on the value for tunnel2_rekey_fuzz_percentage. Valid value is between 60 and half of tunnel2_phase2_lifetime_seconds.
    Tunnel2ReplayWindowSize int
    The number of packets in an IKE replay window for the second VPN tunnel. Valid value is between 64 and 2048.
    Tunnel2StartupAction string
    The action to take when the establishing the tunnel for the second VPN connection. By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specify start for AWS to initiate the IKE negotiation. Valid values are add | start.
    TunnelInsideIpVersion string
    Indicate whether the VPN tunnels process IPv4 or IPv6 traffic. Valid values are ipv4 | ipv6. ipv6 Supports only EC2 Transit Gateway.
    VpnGatewayId string
    The ID of the Virtual Private Gateway.
    customerGatewayId String
    The ID of the customer gateway.
    type String
    The type of VPN connection. The only type AWS supports at this time is "ipsec.1".
    enableAcceleration Boolean
    Indicate whether to enable acceleration for the VPN connection. Supports only EC2 Transit Gateway.
    localIpv4NetworkCidr String
    The IPv4 CIDR on the customer gateway (on-premises) side of the VPN connection.
    localIpv6NetworkCidr String
    The IPv6 CIDR on the customer gateway (on-premises) side of the VPN connection.
    outsideIpAddressType String
    Indicates if a Public S2S VPN or Private S2S VPN over AWS Direct Connect. Valid values are PublicIpv4 | PrivateIpv4
    remoteIpv4NetworkCidr String
    The IPv4 CIDR on the AWS side of the VPN connection.
    remoteIpv6NetworkCidr String
    The IPv6 CIDR on the AWS side of the VPN connection.
    staticRoutesOnly Boolean
    Whether the VPN connection uses static routes exclusively. Static routes must be used for devices that don't support BGP.
    tags Map<String,String>
    Tags to apply to the connection. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    transitGatewayId String
    The ID of the EC2 Transit Gateway.
    transportTransitGatewayAttachmentId String
    . The attachment ID of the Transit Gateway attachment to Direct Connect Gateway. The ID is obtained through a data source only.
    tunnel1DpdTimeoutAction String
    The action to take after DPD timeout occurs for the first VPN tunnel. Specify restart to restart the IKE initiation. Specify clear to end the IKE session. Valid values are clear | none | restart.
    tunnel1DpdTimeoutSeconds Integer
    The number of seconds after which a DPD timeout occurs for the first VPN tunnel. Valid value is equal or higher than 30.
    tunnel1EnableTunnelLifecycleControl Boolean
    Turn on or off tunnel endpoint lifecycle control feature for the first VPN tunnel. Valid values are true | false.
    tunnel1IkeVersions List<String>
    The IKE versions that are permitted for the first VPN tunnel. Valid values are ikev1 | ikev2.
    tunnel1InsideCidr String
    The CIDR block of the inside IP addresses for the first VPN tunnel. Valid value is a size /30 CIDR block from the 169.254.0.0/16 range.
    tunnel1InsideIpv6Cidr String
    The range of inside IPv6 addresses for the first VPN tunnel. Supports only EC2 Transit Gateway. Valid value is a size /126 CIDR block from the local fd00::/8 range.
    tunnel1LogOptions VpnConnectionTunnel1LogOptions
    Options for logging VPN tunnel activity. See Log Options below for more details.
    tunnel1Phase1DhGroupNumbers List<Integer>
    List of one or more Diffie-Hellman group numbers that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are 2 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24.
    tunnel1Phase1EncryptionAlgorithms List<String>
    List of one or more encryption algorithms that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16.
    tunnel1Phase1IntegrityAlgorithms List<String>
    One or more integrity algorithms that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are SHA1 | SHA2-256 | SHA2-384 | SHA2-512.
    tunnel1Phase1LifetimeSeconds Integer
    The lifetime for phase 1 of the IKE negotiation for the first VPN tunnel, in seconds. Valid value is between 900 and 28800.
    tunnel1Phase2DhGroupNumbers List<Integer>
    List of one or more Diffie-Hellman group numbers that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are 2 | 5 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24.
    tunnel1Phase2EncryptionAlgorithms List<String>
    List of one or more encryption algorithms that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16.
    tunnel1Phase2IntegrityAlgorithms List<String>
    List of one or more integrity algorithms that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are SHA1 | SHA2-256 | SHA2-384 | SHA2-512.
    tunnel1Phase2LifetimeSeconds Integer
    The lifetime for phase 2 of the IKE negotiation for the first VPN tunnel, in seconds. Valid value is between 900 and 3600.
    tunnel1PresharedKey String
    The preshared key of the first VPN tunnel. The preshared key must be between 8 and 64 characters in length and cannot start with zero(0). Allowed characters are alphanumeric characters, periods(.) and underscores(_).
    tunnel1RekeyFuzzPercentage Integer
    The percentage of the rekey window for the first VPN tunnel (determined by tunnel1_rekey_margin_time_seconds) during which the rekey time is randomly selected. Valid value is between 0 and 100.
    tunnel1RekeyMarginTimeSeconds Integer
    The margin time, in seconds, before the phase 2 lifetime expires, during which the AWS side of the first VPN connection performs an IKE rekey. The exact time of the rekey is randomly selected based on the value for tunnel1_rekey_fuzz_percentage. Valid value is between 60 and half of tunnel1_phase2_lifetime_seconds.
    tunnel1ReplayWindowSize Integer
    The number of packets in an IKE replay window for the first VPN tunnel. Valid value is between 64 and 2048.
    tunnel1StartupAction String
    The action to take when the establishing the tunnel for the first VPN connection. By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specify start for AWS to initiate the IKE negotiation. Valid values are add | start.
    tunnel2DpdTimeoutAction String
    The action to take after DPD timeout occurs for the second VPN tunnel. Specify restart to restart the IKE initiation. Specify clear to end the IKE session. Valid values are clear | none | restart.
    tunnel2DpdTimeoutSeconds Integer
    The number of seconds after which a DPD timeout occurs for the second VPN tunnel. Valid value is equal or higher than 30.
    tunnel2EnableTunnelLifecycleControl Boolean
    Turn on or off tunnel endpoint lifecycle control feature for the second VPN tunnel. Valid values are true | false.
    tunnel2IkeVersions List<String>
    The IKE versions that are permitted for the second VPN tunnel. Valid values are ikev1 | ikev2.
    tunnel2InsideCidr String
    The CIDR block of the inside IP addresses for the second VPN tunnel. Valid value is a size /30 CIDR block from the 169.254.0.0/16 range.
    tunnel2InsideIpv6Cidr String
    The range of inside IPv6 addresses for the second VPN tunnel. Supports only EC2 Transit Gateway. Valid value is a size /126 CIDR block from the local fd00::/8 range.
    tunnel2LogOptions VpnConnectionTunnel2LogOptions
    Options for logging VPN tunnel activity. See Log Options below for more details.
    tunnel2Phase1DhGroupNumbers List<Integer>
    List of one or more Diffie-Hellman group numbers that are permitted for the second VPN tunnel for phase 1 IKE negotiations. Valid values are 2 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24.
    tunnel2Phase1EncryptionAlgorithms List<String>
    List of one or more encryption algorithms that are permitted for the second VPN tunnel for phase 1 IKE negotiations. Valid values are AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16.
    tunnel2Phase1IntegrityAlgorithms List<String>
    One or more integrity algorithms that are permitted for the second VPN tunnel for phase 1 IKE negotiations. Valid values are SHA1 | SHA2-256 | SHA2-384 | SHA2-512.
    tunnel2Phase1LifetimeSeconds Integer
    The lifetime for phase 1 of the IKE negotiation for the second VPN tunnel, in seconds. Valid value is between 900 and 28800.
    tunnel2Phase2DhGroupNumbers List<Integer>
    List of one or more Diffie-Hellman group numbers that are permitted for the second VPN tunnel for phase 2 IKE negotiations. Valid values are 2 | 5 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24.
    tunnel2Phase2EncryptionAlgorithms List<String>
    List of one or more encryption algorithms that are permitted for the second VPN tunnel for phase 2 IKE negotiations. Valid values are AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16.
    tunnel2Phase2IntegrityAlgorithms List<String>
    List of one or more integrity algorithms that are permitted for the second VPN tunnel for phase 2 IKE negotiations. Valid values are SHA1 | SHA2-256 | SHA2-384 | SHA2-512.
    tunnel2Phase2LifetimeSeconds Integer
    The lifetime for phase 2 of the IKE negotiation for the second VPN tunnel, in seconds. Valid value is between 900 and 3600.
    tunnel2PresharedKey String
    The preshared key of the second VPN tunnel. The preshared key must be between 8 and 64 characters in length and cannot start with zero(0). Allowed characters are alphanumeric characters, periods(.) and underscores(_).
    tunnel2RekeyFuzzPercentage Integer
    The percentage of the rekey window for the second VPN tunnel (determined by tunnel2_rekey_margin_time_seconds) during which the rekey time is randomly selected. Valid value is between 0 and 100.
    tunnel2RekeyMarginTimeSeconds Integer
    The margin time, in seconds, before the phase 2 lifetime expires, during which the AWS side of the second VPN connection performs an IKE rekey. The exact time of the rekey is randomly selected based on the value for tunnel2_rekey_fuzz_percentage. Valid value is between 60 and half of tunnel2_phase2_lifetime_seconds.
    tunnel2ReplayWindowSize Integer
    The number of packets in an IKE replay window for the second VPN tunnel. Valid value is between 64 and 2048.
    tunnel2StartupAction String
    The action to take when the establishing the tunnel for the second VPN connection. By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specify start for AWS to initiate the IKE negotiation. Valid values are add | start.
    tunnelInsideIpVersion String
    Indicate whether the VPN tunnels process IPv4 or IPv6 traffic. Valid values are ipv4 | ipv6. ipv6 Supports only EC2 Transit Gateway.
    vpnGatewayId String
    The ID of the Virtual Private Gateway.
    customerGatewayId string
    The ID of the customer gateway.
    type string
    The type of VPN connection. The only type AWS supports at this time is "ipsec.1".
    enableAcceleration boolean
    Indicate whether to enable acceleration for the VPN connection. Supports only EC2 Transit Gateway.
    localIpv4NetworkCidr string
    The IPv4 CIDR on the customer gateway (on-premises) side of the VPN connection.
    localIpv6NetworkCidr string
    The IPv6 CIDR on the customer gateway (on-premises) side of the VPN connection.
    outsideIpAddressType string
    Indicates if a Public S2S VPN or Private S2S VPN over AWS Direct Connect. Valid values are PublicIpv4 | PrivateIpv4
    remoteIpv4NetworkCidr string
    The IPv4 CIDR on the AWS side of the VPN connection.
    remoteIpv6NetworkCidr string
    The IPv6 CIDR on the AWS side of the VPN connection.
    staticRoutesOnly boolean
    Whether the VPN connection uses static routes exclusively. Static routes must be used for devices that don't support BGP.
    tags {[key: string]: string}
    Tags to apply to the connection. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    transitGatewayId string
    The ID of the EC2 Transit Gateway.
    transportTransitGatewayAttachmentId string
    . The attachment ID of the Transit Gateway attachment to Direct Connect Gateway. The ID is obtained through a data source only.
    tunnel1DpdTimeoutAction string
    The action to take after DPD timeout occurs for the first VPN tunnel. Specify restart to restart the IKE initiation. Specify clear to end the IKE session. Valid values are clear | none | restart.
    tunnel1DpdTimeoutSeconds number
    The number of seconds after which a DPD timeout occurs for the first VPN tunnel. Valid value is equal or higher than 30.
    tunnel1EnableTunnelLifecycleControl boolean
    Turn on or off tunnel endpoint lifecycle control feature for the first VPN tunnel. Valid values are true | false.
    tunnel1IkeVersions string[]
    The IKE versions that are permitted for the first VPN tunnel. Valid values are ikev1 | ikev2.
    tunnel1InsideCidr string
    The CIDR block of the inside IP addresses for the first VPN tunnel. Valid value is a size /30 CIDR block from the 169.254.0.0/16 range.
    tunnel1InsideIpv6Cidr string
    The range of inside IPv6 addresses for the first VPN tunnel. Supports only EC2 Transit Gateway. Valid value is a size /126 CIDR block from the local fd00::/8 range.
    tunnel1LogOptions VpnConnectionTunnel1LogOptions
    Options for logging VPN tunnel activity. See Log Options below for more details.
    tunnel1Phase1DhGroupNumbers number[]
    List of one or more Diffie-Hellman group numbers that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are 2 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24.
    tunnel1Phase1EncryptionAlgorithms string[]
    List of one or more encryption algorithms that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16.
    tunnel1Phase1IntegrityAlgorithms string[]
    One or more integrity algorithms that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are SHA1 | SHA2-256 | SHA2-384 | SHA2-512.
    tunnel1Phase1LifetimeSeconds number
    The lifetime for phase 1 of the IKE negotiation for the first VPN tunnel, in seconds. Valid value is between 900 and 28800.
    tunnel1Phase2DhGroupNumbers number[]
    List of one or more Diffie-Hellman group numbers that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are 2 | 5 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24.
    tunnel1Phase2EncryptionAlgorithms string[]
    List of one or more encryption algorithms that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16.
    tunnel1Phase2IntegrityAlgorithms string[]
    List of one or more integrity algorithms that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are SHA1 | SHA2-256 | SHA2-384 | SHA2-512.
    tunnel1Phase2LifetimeSeconds number
    The lifetime for phase 2 of the IKE negotiation for the first VPN tunnel, in seconds. Valid value is between 900 and 3600.
    tunnel1PresharedKey string
    The preshared key of the first VPN tunnel. The preshared key must be between 8 and 64 characters in length and cannot start with zero(0). Allowed characters are alphanumeric characters, periods(.) and underscores(_).
    tunnel1RekeyFuzzPercentage number
    The percentage of the rekey window for the first VPN tunnel (determined by tunnel1_rekey_margin_time_seconds) during which the rekey time is randomly selected. Valid value is between 0 and 100.
    tunnel1RekeyMarginTimeSeconds number
    The margin time, in seconds, before the phase 2 lifetime expires, during which the AWS side of the first VPN connection performs an IKE rekey. The exact time of the rekey is randomly selected based on the value for tunnel1_rekey_fuzz_percentage. Valid value is between 60 and half of tunnel1_phase2_lifetime_seconds.
    tunnel1ReplayWindowSize number
    The number of packets in an IKE replay window for the first VPN tunnel. Valid value is between 64 and 2048.
    tunnel1StartupAction string
    The action to take when the establishing the tunnel for the first VPN connection. By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specify start for AWS to initiate the IKE negotiation. Valid values are add | start.
    tunnel2DpdTimeoutAction string
    The action to take after DPD timeout occurs for the second VPN tunnel. Specify restart to restart the IKE initiation. Specify clear to end the IKE session. Valid values are clear | none | restart.
    tunnel2DpdTimeoutSeconds number
    The number of seconds after which a DPD timeout occurs for the second VPN tunnel. Valid value is equal or higher than 30.
    tunnel2EnableTunnelLifecycleControl boolean
    Turn on or off tunnel endpoint lifecycle control feature for the second VPN tunnel. Valid values are true | false.
    tunnel2IkeVersions string[]
    The IKE versions that are permitted for the second VPN tunnel. Valid values are ikev1 | ikev2.
    tunnel2InsideCidr string
    The CIDR block of the inside IP addresses for the second VPN tunnel. Valid value is a size /30 CIDR block from the 169.254.0.0/16 range.
    tunnel2InsideIpv6Cidr string
    The range of inside IPv6 addresses for the second VPN tunnel. Supports only EC2 Transit Gateway. Valid value is a size /126 CIDR block from the local fd00::/8 range.
    tunnel2LogOptions VpnConnectionTunnel2LogOptions
    Options for logging VPN tunnel activity. See Log Options below for more details.
    tunnel2Phase1DhGroupNumbers number[]
    List of one or more Diffie-Hellman group numbers that are permitted for the second VPN tunnel for phase 1 IKE negotiations. Valid values are 2 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24.
    tunnel2Phase1EncryptionAlgorithms string[]
    List of one or more encryption algorithms that are permitted for the second VPN tunnel for phase 1 IKE negotiations. Valid values are AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16.
    tunnel2Phase1IntegrityAlgorithms string[]
    One or more integrity algorithms that are permitted for the second VPN tunnel for phase 1 IKE negotiations. Valid values are SHA1 | SHA2-256 | SHA2-384 | SHA2-512.
    tunnel2Phase1LifetimeSeconds number
    The lifetime for phase 1 of the IKE negotiation for the second VPN tunnel, in seconds. Valid value is between 900 and 28800.
    tunnel2Phase2DhGroupNumbers number[]
    List of one or more Diffie-Hellman group numbers that are permitted for the second VPN tunnel for phase 2 IKE negotiations. Valid values are 2 | 5 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24.
    tunnel2Phase2EncryptionAlgorithms string[]
    List of one or more encryption algorithms that are permitted for the second VPN tunnel for phase 2 IKE negotiations. Valid values are AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16.
    tunnel2Phase2IntegrityAlgorithms string[]
    List of one or more integrity algorithms that are permitted for the second VPN tunnel for phase 2 IKE negotiations. Valid values are SHA1 | SHA2-256 | SHA2-384 | SHA2-512.
    tunnel2Phase2LifetimeSeconds number
    The lifetime for phase 2 of the IKE negotiation for the second VPN tunnel, in seconds. Valid value is between 900 and 3600.
    tunnel2PresharedKey string
    The preshared key of the second VPN tunnel. The preshared key must be between 8 and 64 characters in length and cannot start with zero(0). Allowed characters are alphanumeric characters, periods(.) and underscores(_).
    tunnel2RekeyFuzzPercentage number
    The percentage of the rekey window for the second VPN tunnel (determined by tunnel2_rekey_margin_time_seconds) during which the rekey time is randomly selected. Valid value is between 0 and 100.
    tunnel2RekeyMarginTimeSeconds number
    The margin time, in seconds, before the phase 2 lifetime expires, during which the AWS side of the second VPN connection performs an IKE rekey. The exact time of the rekey is randomly selected based on the value for tunnel2_rekey_fuzz_percentage. Valid value is between 60 and half of tunnel2_phase2_lifetime_seconds.
    tunnel2ReplayWindowSize number
    The number of packets in an IKE replay window for the second VPN tunnel. Valid value is between 64 and 2048.
    tunnel2StartupAction string
    The action to take when the establishing the tunnel for the second VPN connection. By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specify start for AWS to initiate the IKE negotiation. Valid values are add | start.
    tunnelInsideIpVersion string
    Indicate whether the VPN tunnels process IPv4 or IPv6 traffic. Valid values are ipv4 | ipv6. ipv6 Supports only EC2 Transit Gateway.
    vpnGatewayId string
    The ID of the Virtual Private Gateway.
    customer_gateway_id str
    The ID of the customer gateway.
    type str
    The type of VPN connection. The only type AWS supports at this time is "ipsec.1".
    enable_acceleration bool
    Indicate whether to enable acceleration for the VPN connection. Supports only EC2 Transit Gateway.
    local_ipv4_network_cidr str
    The IPv4 CIDR on the customer gateway (on-premises) side of the VPN connection.
    local_ipv6_network_cidr str
    The IPv6 CIDR on the customer gateway (on-premises) side of the VPN connection.
    outside_ip_address_type str
    Indicates if a Public S2S VPN or Private S2S VPN over AWS Direct Connect. Valid values are PublicIpv4 | PrivateIpv4
    remote_ipv4_network_cidr str
    The IPv4 CIDR on the AWS side of the VPN connection.
    remote_ipv6_network_cidr str
    The IPv6 CIDR on the AWS side of the VPN connection.
    static_routes_only bool
    Whether the VPN connection uses static routes exclusively. Static routes must be used for devices that don't support BGP.
    tags Mapping[str, str]
    Tags to apply to the connection. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    transit_gateway_id str
    The ID of the EC2 Transit Gateway.
    transport_transit_gateway_attachment_id str
    . The attachment ID of the Transit Gateway attachment to Direct Connect Gateway. The ID is obtained through a data source only.
    tunnel1_dpd_timeout_action str
    The action to take after DPD timeout occurs for the first VPN tunnel. Specify restart to restart the IKE initiation. Specify clear to end the IKE session. Valid values are clear | none | restart.
    tunnel1_dpd_timeout_seconds int
    The number of seconds after which a DPD timeout occurs for the first VPN tunnel. Valid value is equal or higher than 30.
    tunnel1_enable_tunnel_lifecycle_control bool
    Turn on or off tunnel endpoint lifecycle control feature for the first VPN tunnel. Valid values are true | false.
    tunnel1_ike_versions Sequence[str]
    The IKE versions that are permitted for the first VPN tunnel. Valid values are ikev1 | ikev2.
    tunnel1_inside_cidr str
    The CIDR block of the inside IP addresses for the first VPN tunnel. Valid value is a size /30 CIDR block from the 169.254.0.0/16 range.
    tunnel1_inside_ipv6_cidr str
    The range of inside IPv6 addresses for the first VPN tunnel. Supports only EC2 Transit Gateway. Valid value is a size /126 CIDR block from the local fd00::/8 range.
    tunnel1_log_options VpnConnectionTunnel1LogOptionsArgs
    Options for logging VPN tunnel activity. See Log Options below for more details.
    tunnel1_phase1_dh_group_numbers Sequence[int]
    List of one or more Diffie-Hellman group numbers that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are 2 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24.
    tunnel1_phase1_encryption_algorithms Sequence[str]
    List of one or more encryption algorithms that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16.
    tunnel1_phase1_integrity_algorithms Sequence[str]
    One or more integrity algorithms that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are SHA1 | SHA2-256 | SHA2-384 | SHA2-512.
    tunnel1_phase1_lifetime_seconds int
    The lifetime for phase 1 of the IKE negotiation for the first VPN tunnel, in seconds. Valid value is between 900 and 28800.
    tunnel1_phase2_dh_group_numbers Sequence[int]
    List of one or more Diffie-Hellman group numbers that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are 2 | 5 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24.
    tunnel1_phase2_encryption_algorithms Sequence[str]
    List of one or more encryption algorithms that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16.
    tunnel1_phase2_integrity_algorithms Sequence[str]
    List of one or more integrity algorithms that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are SHA1 | SHA2-256 | SHA2-384 | SHA2-512.
    tunnel1_phase2_lifetime_seconds int
    The lifetime for phase 2 of the IKE negotiation for the first VPN tunnel, in seconds. Valid value is between 900 and 3600.
    tunnel1_preshared_key str
    The preshared key of the first VPN tunnel. The preshared key must be between 8 and 64 characters in length and cannot start with zero(0). Allowed characters are alphanumeric characters, periods(.) and underscores(_).
    tunnel1_rekey_fuzz_percentage int
    The percentage of the rekey window for the first VPN tunnel (determined by tunnel1_rekey_margin_time_seconds) during which the rekey time is randomly selected. Valid value is between 0 and 100.
    tunnel1_rekey_margin_time_seconds int
    The margin time, in seconds, before the phase 2 lifetime expires, during which the AWS side of the first VPN connection performs an IKE rekey. The exact time of the rekey is randomly selected based on the value for tunnel1_rekey_fuzz_percentage. Valid value is between 60 and half of tunnel1_phase2_lifetime_seconds.
    tunnel1_replay_window_size int
    The number of packets in an IKE replay window for the first VPN tunnel. Valid value is between 64 and 2048.
    tunnel1_startup_action str
    The action to take when the establishing the tunnel for the first VPN connection. By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specify start for AWS to initiate the IKE negotiation. Valid values are add | start.
    tunnel2_dpd_timeout_action str
    The action to take after DPD timeout occurs for the second VPN tunnel. Specify restart to restart the IKE initiation. Specify clear to end the IKE session. Valid values are clear | none | restart.
    tunnel2_dpd_timeout_seconds int
    The number of seconds after which a DPD timeout occurs for the second VPN tunnel. Valid value is equal or higher than 30.
    tunnel2_enable_tunnel_lifecycle_control bool
    Turn on or off tunnel endpoint lifecycle control feature for the second VPN tunnel. Valid values are true | false.
    tunnel2_ike_versions Sequence[str]
    The IKE versions that are permitted for the second VPN tunnel. Valid values are ikev1 | ikev2.
    tunnel2_inside_cidr str
    The CIDR block of the inside IP addresses for the second VPN tunnel. Valid value is a size /30 CIDR block from the 169.254.0.0/16 range.
    tunnel2_inside_ipv6_cidr str
    The range of inside IPv6 addresses for the second VPN tunnel. Supports only EC2 Transit Gateway. Valid value is a size /126 CIDR block from the local fd00::/8 range.
    tunnel2_log_options VpnConnectionTunnel2LogOptionsArgs
    Options for logging VPN tunnel activity. See Log Options below for more details.
    tunnel2_phase1_dh_group_numbers Sequence[int]
    List of one or more Diffie-Hellman group numbers that are permitted for the second VPN tunnel for phase 1 IKE negotiations. Valid values are 2 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24.
    tunnel2_phase1_encryption_algorithms Sequence[str]
    List of one or more encryption algorithms that are permitted for the second VPN tunnel for phase 1 IKE negotiations. Valid values are AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16.
    tunnel2_phase1_integrity_algorithms Sequence[str]
    One or more integrity algorithms that are permitted for the second VPN tunnel for phase 1 IKE negotiations. Valid values are SHA1 | SHA2-256 | SHA2-384 | SHA2-512.
    tunnel2_phase1_lifetime_seconds int
    The lifetime for phase 1 of the IKE negotiation for the second VPN tunnel, in seconds. Valid value is between 900 and 28800.
    tunnel2_phase2_dh_group_numbers Sequence[int]
    List of one or more Diffie-Hellman group numbers that are permitted for the second VPN tunnel for phase 2 IKE negotiations. Valid values are 2 | 5 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24.
    tunnel2_phase2_encryption_algorithms Sequence[str]
    List of one or more encryption algorithms that are permitted for the second VPN tunnel for phase 2 IKE negotiations. Valid values are AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16.
    tunnel2_phase2_integrity_algorithms Sequence[str]
    List of one or more integrity algorithms that are permitted for the second VPN tunnel for phase 2 IKE negotiations. Valid values are SHA1 | SHA2-256 | SHA2-384 | SHA2-512.
    tunnel2_phase2_lifetime_seconds int
    The lifetime for phase 2 of the IKE negotiation for the second VPN tunnel, in seconds. Valid value is between 900 and 3600.
    tunnel2_preshared_key str
    The preshared key of the second VPN tunnel. The preshared key must be between 8 and 64 characters in length and cannot start with zero(0). Allowed characters are alphanumeric characters, periods(.) and underscores(_).
    tunnel2_rekey_fuzz_percentage int
    The percentage of the rekey window for the second VPN tunnel (determined by tunnel2_rekey_margin_time_seconds) during which the rekey time is randomly selected. Valid value is between 0 and 100.
    tunnel2_rekey_margin_time_seconds int
    The margin time, in seconds, before the phase 2 lifetime expires, during which the AWS side of the second VPN connection performs an IKE rekey. The exact time of the rekey is randomly selected based on the value for tunnel2_rekey_fuzz_percentage. Valid value is between 60 and half of tunnel2_phase2_lifetime_seconds.
    tunnel2_replay_window_size int
    The number of packets in an IKE replay window for the second VPN tunnel. Valid value is between 64 and 2048.
    tunnel2_startup_action str
    The action to take when the establishing the tunnel for the second VPN connection. By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specify start for AWS to initiate the IKE negotiation. Valid values are add | start.
    tunnel_inside_ip_version str
    Indicate whether the VPN tunnels process IPv4 or IPv6 traffic. Valid values are ipv4 | ipv6. ipv6 Supports only EC2 Transit Gateway.
    vpn_gateway_id str
    The ID of the Virtual Private Gateway.
    customerGatewayId String
    The ID of the customer gateway.
    type String
    The type of VPN connection. The only type AWS supports at this time is "ipsec.1".
    enableAcceleration Boolean
    Indicate whether to enable acceleration for the VPN connection. Supports only EC2 Transit Gateway.
    localIpv4NetworkCidr String
    The IPv4 CIDR on the customer gateway (on-premises) side of the VPN connection.
    localIpv6NetworkCidr String
    The IPv6 CIDR on the customer gateway (on-premises) side of the VPN connection.
    outsideIpAddressType String
    Indicates if a Public S2S VPN or Private S2S VPN over AWS Direct Connect. Valid values are PublicIpv4 | PrivateIpv4
    remoteIpv4NetworkCidr String
    The IPv4 CIDR on the AWS side of the VPN connection.
    remoteIpv6NetworkCidr String
    The IPv6 CIDR on the AWS side of the VPN connection.
    staticRoutesOnly Boolean
    Whether the VPN connection uses static routes exclusively. Static routes must be used for devices that don't support BGP.
    tags Map<String>
    Tags to apply to the connection. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    transitGatewayId String
    The ID of the EC2 Transit Gateway.
    transportTransitGatewayAttachmentId String
    . The attachment ID of the Transit Gateway attachment to Direct Connect Gateway. The ID is obtained through a data source only.
    tunnel1DpdTimeoutAction String
    The action to take after DPD timeout occurs for the first VPN tunnel. Specify restart to restart the IKE initiation. Specify clear to end the IKE session. Valid values are clear | none | restart.
    tunnel1DpdTimeoutSeconds Number
    The number of seconds after which a DPD timeout occurs for the first VPN tunnel. Valid value is equal or higher than 30.
    tunnel1EnableTunnelLifecycleControl Boolean
    Turn on or off tunnel endpoint lifecycle control feature for the first VPN tunnel. Valid values are true | false.
    tunnel1IkeVersions List<String>
    The IKE versions that are permitted for the first VPN tunnel. Valid values are ikev1 | ikev2.
    tunnel1InsideCidr String
    The CIDR block of the inside IP addresses for the first VPN tunnel. Valid value is a size /30 CIDR block from the 169.254.0.0/16 range.
    tunnel1InsideIpv6Cidr String
    The range of inside IPv6 addresses for the first VPN tunnel. Supports only EC2 Transit Gateway. Valid value is a size /126 CIDR block from the local fd00::/8 range.
    tunnel1LogOptions Property Map
    Options for logging VPN tunnel activity. See Log Options below for more details.
    tunnel1Phase1DhGroupNumbers List<Number>
    List of one or more Diffie-Hellman group numbers that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are 2 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24.
    tunnel1Phase1EncryptionAlgorithms List<String>
    List of one or more encryption algorithms that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16.
    tunnel1Phase1IntegrityAlgorithms List<String>
    One or more integrity algorithms that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are SHA1 | SHA2-256 | SHA2-384 | SHA2-512.
    tunnel1Phase1LifetimeSeconds Number
    The lifetime for phase 1 of the IKE negotiation for the first VPN tunnel, in seconds. Valid value is between 900 and 28800.
    tunnel1Phase2DhGroupNumbers List<Number>
    List of one or more Diffie-Hellman group numbers that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are 2 | 5 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24.
    tunnel1Phase2EncryptionAlgorithms List<String>
    List of one or more encryption algorithms that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16.
    tunnel1Phase2IntegrityAlgorithms List<String>
    List of one or more integrity algorithms that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are SHA1 | SHA2-256 | SHA2-384 | SHA2-512.
    tunnel1Phase2LifetimeSeconds Number
    The lifetime for phase 2 of the IKE negotiation for the first VPN tunnel, in seconds. Valid value is between 900 and 3600.
    tunnel1PresharedKey String
    The preshared key of the first VPN tunnel. The preshared key must be between 8 and 64 characters in length and cannot start with zero(0). Allowed characters are alphanumeric characters, periods(.) and underscores(_).
    tunnel1RekeyFuzzPercentage Number
    The percentage of the rekey window for the first VPN tunnel (determined by tunnel1_rekey_margin_time_seconds) during which the rekey time is randomly selected. Valid value is between 0 and 100.
    tunnel1RekeyMarginTimeSeconds Number
    The margin time, in seconds, before the phase 2 lifetime expires, during which the AWS side of the first VPN connection performs an IKE rekey. The exact time of the rekey is randomly selected based on the value for tunnel1_rekey_fuzz_percentage. Valid value is between 60 and half of tunnel1_phase2_lifetime_seconds.
    tunnel1ReplayWindowSize Number
    The number of packets in an IKE replay window for the first VPN tunnel. Valid value is between 64 and 2048.
    tunnel1StartupAction String
    The action to take when the establishing the tunnel for the first VPN connection. By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specify start for AWS to initiate the IKE negotiation. Valid values are add | start.
    tunnel2DpdTimeoutAction String
    The action to take after DPD timeout occurs for the second VPN tunnel. Specify restart to restart the IKE initiation. Specify clear to end the IKE session. Valid values are clear | none | restart.
    tunnel2DpdTimeoutSeconds Number
    The number of seconds after which a DPD timeout occurs for the second VPN tunnel. Valid value is equal or higher than 30.
    tunnel2EnableTunnelLifecycleControl Boolean
    Turn on or off tunnel endpoint lifecycle control feature for the second VPN tunnel. Valid values are true | false.
    tunnel2IkeVersions List<String>
    The IKE versions that are permitted for the second VPN tunnel. Valid values are ikev1 | ikev2.
    tunnel2InsideCidr String
    The CIDR block of the inside IP addresses for the second VPN tunnel. Valid value is a size /30 CIDR block from the 169.254.0.0/16 range.
    tunnel2InsideIpv6Cidr String
    The range of inside IPv6 addresses for the second VPN tunnel. Supports only EC2 Transit Gateway. Valid value is a size /126 CIDR block from the local fd00::/8 range.
    tunnel2LogOptions Property Map
    Options for logging VPN tunnel activity. See Log Options below for more details.
    tunnel2Phase1DhGroupNumbers List<Number>
    List of one or more Diffie-Hellman group numbers that are permitted for the second VPN tunnel for phase 1 IKE negotiations. Valid values are 2 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24.
    tunnel2Phase1EncryptionAlgorithms List<String>
    List of one or more encryption algorithms that are permitted for the second VPN tunnel for phase 1 IKE negotiations. Valid values are AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16.
    tunnel2Phase1IntegrityAlgorithms List<String>
    One or more integrity algorithms that are permitted for the second VPN tunnel for phase 1 IKE negotiations. Valid values are SHA1 | SHA2-256 | SHA2-384 | SHA2-512.
    tunnel2Phase1LifetimeSeconds Number
    The lifetime for phase 1 of the IKE negotiation for the second VPN tunnel, in seconds. Valid value is between 900 and 28800.
    tunnel2Phase2DhGroupNumbers List<Number>
    List of one or more Diffie-Hellman group numbers that are permitted for the second VPN tunnel for phase 2 IKE negotiations. Valid values are 2 | 5 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24.
    tunnel2Phase2EncryptionAlgorithms List<String>
    List of one or more encryption algorithms that are permitted for the second VPN tunnel for phase 2 IKE negotiations. Valid values are AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16.
    tunnel2Phase2IntegrityAlgorithms List<String>
    List of one or more integrity algorithms that are permitted for the second VPN tunnel for phase 2 IKE negotiations. Valid values are SHA1 | SHA2-256 | SHA2-384 | SHA2-512.
    tunnel2Phase2LifetimeSeconds Number
    The lifetime for phase 2 of the IKE negotiation for the second VPN tunnel, in seconds. Valid value is between 900 and 3600.
    tunnel2PresharedKey String
    The preshared key of the second VPN tunnel. The preshared key must be between 8 and 64 characters in length and cannot start with zero(0). Allowed characters are alphanumeric characters, periods(.) and underscores(_).
    tunnel2RekeyFuzzPercentage Number
    The percentage of the rekey window for the second VPN tunnel (determined by tunnel2_rekey_margin_time_seconds) during which the rekey time is randomly selected. Valid value is between 0 and 100.
    tunnel2RekeyMarginTimeSeconds Number
    The margin time, in seconds, before the phase 2 lifetime expires, during which the AWS side of the second VPN connection performs an IKE rekey. The exact time of the rekey is randomly selected based on the value for tunnel2_rekey_fuzz_percentage. Valid value is between 60 and half of tunnel2_phase2_lifetime_seconds.
    tunnel2ReplayWindowSize Number
    The number of packets in an IKE replay window for the second VPN tunnel. Valid value is between 64 and 2048.
    tunnel2StartupAction String
    The action to take when the establishing the tunnel for the second VPN connection. By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specify start for AWS to initiate the IKE negotiation. Valid values are add | start.
    tunnelInsideIpVersion String
    Indicate whether the VPN tunnels process IPv4 or IPv6 traffic. Valid values are ipv4 | ipv6. ipv6 Supports only EC2 Transit Gateway.
    vpnGatewayId String
    The ID of the Virtual Private Gateway.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the VpnConnection resource produces the following output properties:

    Arn string
    Amazon Resource Name (ARN) of the VPN Connection.
    CoreNetworkArn string
    The ARN of the core network.
    CoreNetworkAttachmentArn string
    The ARN of the core network attachment.
    CustomerGatewayConfiguration string
    The configuration information for the VPN connection's customer gateway (in the native XML format).
    Id string
    The provider-assigned unique ID for this managed resource.
    Routes List<VpnConnectionRoute>
    The static routes associated with the VPN connection. Detailed below.
    TagsAll Dictionary<string, string>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    TransitGatewayAttachmentId string
    When associated with an EC2 Transit Gateway (transit_gateway_id argument), the attachment ID. See also the aws.ec2.Tag resource for tagging the EC2 Transit Gateway VPN Attachment.
    Tunnel1Address string
    The public IP address of the first VPN tunnel.
    Tunnel1BgpAsn string
    The bgp asn number of the first VPN tunnel.
    Tunnel1BgpHoldtime int
    The bgp holdtime of the first VPN tunnel.
    Tunnel1CgwInsideAddress string
    The RFC 6890 link-local address of the first VPN tunnel (Customer Gateway Side).
    Tunnel1VgwInsideAddress string
    The RFC 6890 link-local address of the first VPN tunnel (VPN Gateway Side).
    Tunnel2Address string
    The public IP address of the second VPN tunnel.
    Tunnel2BgpAsn string
    The bgp asn number of the second VPN tunnel.
    Tunnel2BgpHoldtime int
    The bgp holdtime of the second VPN tunnel.
    Tunnel2CgwInsideAddress string
    The RFC 6890 link-local address of the second VPN tunnel (Customer Gateway Side).
    Tunnel2VgwInsideAddress string
    The RFC 6890 link-local address of the second VPN tunnel (VPN Gateway Side).
    VgwTelemetries List<VpnConnectionVgwTelemetry>
    Telemetry for the VPN tunnels. Detailed below.
    Arn string
    Amazon Resource Name (ARN) of the VPN Connection.
    CoreNetworkArn string
    The ARN of the core network.
    CoreNetworkAttachmentArn string
    The ARN of the core network attachment.
    CustomerGatewayConfiguration string
    The configuration information for the VPN connection's customer gateway (in the native XML format).
    Id string
    The provider-assigned unique ID for this managed resource.
    Routes []VpnConnectionRouteType
    The static routes associated with the VPN connection. Detailed below.
    TagsAll map[string]string
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    TransitGatewayAttachmentId string
    When associated with an EC2 Transit Gateway (transit_gateway_id argument), the attachment ID. See also the aws.ec2.Tag resource for tagging the EC2 Transit Gateway VPN Attachment.
    Tunnel1Address string
    The public IP address of the first VPN tunnel.
    Tunnel1BgpAsn string
    The bgp asn number of the first VPN tunnel.
    Tunnel1BgpHoldtime int
    The bgp holdtime of the first VPN tunnel.
    Tunnel1CgwInsideAddress string
    The RFC 6890 link-local address of the first VPN tunnel (Customer Gateway Side).
    Tunnel1VgwInsideAddress string
    The RFC 6890 link-local address of the first VPN tunnel (VPN Gateway Side).
    Tunnel2Address string
    The public IP address of the second VPN tunnel.
    Tunnel2BgpAsn string
    The bgp asn number of the second VPN tunnel.
    Tunnel2BgpHoldtime int
    The bgp holdtime of the second VPN tunnel.
    Tunnel2CgwInsideAddress string
    The RFC 6890 link-local address of the second VPN tunnel (Customer Gateway Side).
    Tunnel2VgwInsideAddress string
    The RFC 6890 link-local address of the second VPN tunnel (VPN Gateway Side).
    VgwTelemetries []VpnConnectionVgwTelemetry
    Telemetry for the VPN tunnels. Detailed below.
    arn String
    Amazon Resource Name (ARN) of the VPN Connection.
    coreNetworkArn String
    The ARN of the core network.
    coreNetworkAttachmentArn String
    The ARN of the core network attachment.
    customerGatewayConfiguration String
    The configuration information for the VPN connection's customer gateway (in the native XML format).
    id String
    The provider-assigned unique ID for this managed resource.
    routes List<VpnConnectionRoute>
    The static routes associated with the VPN connection. Detailed below.
    tagsAll Map<String,String>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    transitGatewayAttachmentId String
    When associated with an EC2 Transit Gateway (transit_gateway_id argument), the attachment ID. See also the aws.ec2.Tag resource for tagging the EC2 Transit Gateway VPN Attachment.
    tunnel1Address String
    The public IP address of the first VPN tunnel.
    tunnel1BgpAsn String
    The bgp asn number of the first VPN tunnel.
    tunnel1BgpHoldtime Integer
    The bgp holdtime of the first VPN tunnel.
    tunnel1CgwInsideAddress String
    The RFC 6890 link-local address of the first VPN tunnel (Customer Gateway Side).
    tunnel1VgwInsideAddress String
    The RFC 6890 link-local address of the first VPN tunnel (VPN Gateway Side).
    tunnel2Address String
    The public IP address of the second VPN tunnel.
    tunnel2BgpAsn String
    The bgp asn number of the second VPN tunnel.
    tunnel2BgpHoldtime Integer
    The bgp holdtime of the second VPN tunnel.
    tunnel2CgwInsideAddress String
    The RFC 6890 link-local address of the second VPN tunnel (Customer Gateway Side).
    tunnel2VgwInsideAddress String
    The RFC 6890 link-local address of the second VPN tunnel (VPN Gateway Side).
    vgwTelemetries List<VpnConnectionVgwTelemetry>
    Telemetry for the VPN tunnels. Detailed below.
    arn string
    Amazon Resource Name (ARN) of the VPN Connection.
    coreNetworkArn string
    The ARN of the core network.
    coreNetworkAttachmentArn string
    The ARN of the core network attachment.
    customerGatewayConfiguration string
    The configuration information for the VPN connection's customer gateway (in the native XML format).
    id string
    The provider-assigned unique ID for this managed resource.
    routes VpnConnectionRoute[]
    The static routes associated with the VPN connection. Detailed below.
    tagsAll {[key: string]: string}
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    transitGatewayAttachmentId string
    When associated with an EC2 Transit Gateway (transit_gateway_id argument), the attachment ID. See also the aws.ec2.Tag resource for tagging the EC2 Transit Gateway VPN Attachment.
    tunnel1Address string
    The public IP address of the first VPN tunnel.
    tunnel1BgpAsn string
    The bgp asn number of the first VPN tunnel.
    tunnel1BgpHoldtime number
    The bgp holdtime of the first VPN tunnel.
    tunnel1CgwInsideAddress string
    The RFC 6890 link-local address of the first VPN tunnel (Customer Gateway Side).
    tunnel1VgwInsideAddress string
    The RFC 6890 link-local address of the first VPN tunnel (VPN Gateway Side).
    tunnel2Address string
    The public IP address of the second VPN tunnel.
    tunnel2BgpAsn string
    The bgp asn number of the second VPN tunnel.
    tunnel2BgpHoldtime number
    The bgp holdtime of the second VPN tunnel.
    tunnel2CgwInsideAddress string
    The RFC 6890 link-local address of the second VPN tunnel (Customer Gateway Side).
    tunnel2VgwInsideAddress string
    The RFC 6890 link-local address of the second VPN tunnel (VPN Gateway Side).
    vgwTelemetries VpnConnectionVgwTelemetry[]
    Telemetry for the VPN tunnels. Detailed below.
    arn str
    Amazon Resource Name (ARN) of the VPN Connection.
    core_network_arn str
    The ARN of the core network.
    core_network_attachment_arn str
    The ARN of the core network attachment.
    customer_gateway_configuration str
    The configuration information for the VPN connection's customer gateway (in the native XML format).
    id str
    The provider-assigned unique ID for this managed resource.
    routes Sequence[VpnConnectionRoute]
    The static routes associated with the VPN connection. Detailed below.
    tags_all Mapping[str, str]
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    transit_gateway_attachment_id str
    When associated with an EC2 Transit Gateway (transit_gateway_id argument), the attachment ID. See also the aws.ec2.Tag resource for tagging the EC2 Transit Gateway VPN Attachment.
    tunnel1_address str
    The public IP address of the first VPN tunnel.
    tunnel1_bgp_asn str
    The bgp asn number of the first VPN tunnel.
    tunnel1_bgp_holdtime int
    The bgp holdtime of the first VPN tunnel.
    tunnel1_cgw_inside_address str
    The RFC 6890 link-local address of the first VPN tunnel (Customer Gateway Side).
    tunnel1_vgw_inside_address str
    The RFC 6890 link-local address of the first VPN tunnel (VPN Gateway Side).
    tunnel2_address str
    The public IP address of the second VPN tunnel.
    tunnel2_bgp_asn str
    The bgp asn number of the second VPN tunnel.
    tunnel2_bgp_holdtime int
    The bgp holdtime of the second VPN tunnel.
    tunnel2_cgw_inside_address str
    The RFC 6890 link-local address of the second VPN tunnel (Customer Gateway Side).
    tunnel2_vgw_inside_address str
    The RFC 6890 link-local address of the second VPN tunnel (VPN Gateway Side).
    vgw_telemetries Sequence[VpnConnectionVgwTelemetry]
    Telemetry for the VPN tunnels. Detailed below.
    arn String
    Amazon Resource Name (ARN) of the VPN Connection.
    coreNetworkArn String
    The ARN of the core network.
    coreNetworkAttachmentArn String
    The ARN of the core network attachment.
    customerGatewayConfiguration String
    The configuration information for the VPN connection's customer gateway (in the native XML format).
    id String
    The provider-assigned unique ID for this managed resource.
    routes List<Property Map>
    The static routes associated with the VPN connection. Detailed below.
    tagsAll Map<String>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    transitGatewayAttachmentId String
    When associated with an EC2 Transit Gateway (transit_gateway_id argument), the attachment ID. See also the aws.ec2.Tag resource for tagging the EC2 Transit Gateway VPN Attachment.
    tunnel1Address String
    The public IP address of the first VPN tunnel.
    tunnel1BgpAsn String
    The bgp asn number of the first VPN tunnel.
    tunnel1BgpHoldtime Number
    The bgp holdtime of the first VPN tunnel.
    tunnel1CgwInsideAddress String
    The RFC 6890 link-local address of the first VPN tunnel (Customer Gateway Side).
    tunnel1VgwInsideAddress String
    The RFC 6890 link-local address of the first VPN tunnel (VPN Gateway Side).
    tunnel2Address String
    The public IP address of the second VPN tunnel.
    tunnel2BgpAsn String
    The bgp asn number of the second VPN tunnel.
    tunnel2BgpHoldtime Number
    The bgp holdtime of the second VPN tunnel.
    tunnel2CgwInsideAddress String
    The RFC 6890 link-local address of the second VPN tunnel (Customer Gateway Side).
    tunnel2VgwInsideAddress String
    The RFC 6890 link-local address of the second VPN tunnel (VPN Gateway Side).
    vgwTelemetries List<Property Map>
    Telemetry for the VPN tunnels. Detailed below.

    Look up Existing VpnConnection Resource

    Get an existing VpnConnection resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: VpnConnectionState, opts?: CustomResourceOptions): VpnConnection
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            arn: Optional[str] = None,
            core_network_arn: Optional[str] = None,
            core_network_attachment_arn: Optional[str] = None,
            customer_gateway_configuration: Optional[str] = None,
            customer_gateway_id: Optional[str] = None,
            enable_acceleration: Optional[bool] = None,
            local_ipv4_network_cidr: Optional[str] = None,
            local_ipv6_network_cidr: Optional[str] = None,
            outside_ip_address_type: Optional[str] = None,
            remote_ipv4_network_cidr: Optional[str] = None,
            remote_ipv6_network_cidr: Optional[str] = None,
            routes: Optional[Sequence[VpnConnectionRouteArgs]] = None,
            static_routes_only: Optional[bool] = None,
            tags: Optional[Mapping[str, str]] = None,
            tags_all: Optional[Mapping[str, str]] = None,
            transit_gateway_attachment_id: Optional[str] = None,
            transit_gateway_id: Optional[str] = None,
            transport_transit_gateway_attachment_id: Optional[str] = None,
            tunnel1_address: Optional[str] = None,
            tunnel1_bgp_asn: Optional[str] = None,
            tunnel1_bgp_holdtime: Optional[int] = None,
            tunnel1_cgw_inside_address: Optional[str] = None,
            tunnel1_dpd_timeout_action: Optional[str] = None,
            tunnel1_dpd_timeout_seconds: Optional[int] = None,
            tunnel1_enable_tunnel_lifecycle_control: Optional[bool] = None,
            tunnel1_ike_versions: Optional[Sequence[str]] = None,
            tunnel1_inside_cidr: Optional[str] = None,
            tunnel1_inside_ipv6_cidr: Optional[str] = None,
            tunnel1_log_options: Optional[VpnConnectionTunnel1LogOptionsArgs] = None,
            tunnel1_phase1_dh_group_numbers: Optional[Sequence[int]] = None,
            tunnel1_phase1_encryption_algorithms: Optional[Sequence[str]] = None,
            tunnel1_phase1_integrity_algorithms: Optional[Sequence[str]] = None,
            tunnel1_phase1_lifetime_seconds: Optional[int] = None,
            tunnel1_phase2_dh_group_numbers: Optional[Sequence[int]] = None,
            tunnel1_phase2_encryption_algorithms: Optional[Sequence[str]] = None,
            tunnel1_phase2_integrity_algorithms: Optional[Sequence[str]] = None,
            tunnel1_phase2_lifetime_seconds: Optional[int] = None,
            tunnel1_preshared_key: Optional[str] = None,
            tunnel1_rekey_fuzz_percentage: Optional[int] = None,
            tunnel1_rekey_margin_time_seconds: Optional[int] = None,
            tunnel1_replay_window_size: Optional[int] = None,
            tunnel1_startup_action: Optional[str] = None,
            tunnel1_vgw_inside_address: Optional[str] = None,
            tunnel2_address: Optional[str] = None,
            tunnel2_bgp_asn: Optional[str] = None,
            tunnel2_bgp_holdtime: Optional[int] = None,
            tunnel2_cgw_inside_address: Optional[str] = None,
            tunnel2_dpd_timeout_action: Optional[str] = None,
            tunnel2_dpd_timeout_seconds: Optional[int] = None,
            tunnel2_enable_tunnel_lifecycle_control: Optional[bool] = None,
            tunnel2_ike_versions: Optional[Sequence[str]] = None,
            tunnel2_inside_cidr: Optional[str] = None,
            tunnel2_inside_ipv6_cidr: Optional[str] = None,
            tunnel2_log_options: Optional[VpnConnectionTunnel2LogOptionsArgs] = None,
            tunnel2_phase1_dh_group_numbers: Optional[Sequence[int]] = None,
            tunnel2_phase1_encryption_algorithms: Optional[Sequence[str]] = None,
            tunnel2_phase1_integrity_algorithms: Optional[Sequence[str]] = None,
            tunnel2_phase1_lifetime_seconds: Optional[int] = None,
            tunnel2_phase2_dh_group_numbers: Optional[Sequence[int]] = None,
            tunnel2_phase2_encryption_algorithms: Optional[Sequence[str]] = None,
            tunnel2_phase2_integrity_algorithms: Optional[Sequence[str]] = None,
            tunnel2_phase2_lifetime_seconds: Optional[int] = None,
            tunnel2_preshared_key: Optional[str] = None,
            tunnel2_rekey_fuzz_percentage: Optional[int] = None,
            tunnel2_rekey_margin_time_seconds: Optional[int] = None,
            tunnel2_replay_window_size: Optional[int] = None,
            tunnel2_startup_action: Optional[str] = None,
            tunnel2_vgw_inside_address: Optional[str] = None,
            tunnel_inside_ip_version: Optional[str] = None,
            type: Optional[str] = None,
            vgw_telemetries: Optional[Sequence[VpnConnectionVgwTelemetryArgs]] = None,
            vpn_gateway_id: Optional[str] = None) -> VpnConnection
    func GetVpnConnection(ctx *Context, name string, id IDInput, state *VpnConnectionState, opts ...ResourceOption) (*VpnConnection, error)
    public static VpnConnection Get(string name, Input<string> id, VpnConnectionState? state, CustomResourceOptions? opts = null)
    public static VpnConnection get(String name, Output<String> id, VpnConnectionState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Arn string
    Amazon Resource Name (ARN) of the VPN Connection.
    CoreNetworkArn string
    The ARN of the core network.
    CoreNetworkAttachmentArn string
    The ARN of the core network attachment.
    CustomerGatewayConfiguration string
    The configuration information for the VPN connection's customer gateway (in the native XML format).
    CustomerGatewayId string
    The ID of the customer gateway.
    EnableAcceleration bool
    Indicate whether to enable acceleration for the VPN connection. Supports only EC2 Transit Gateway.
    LocalIpv4NetworkCidr string
    The IPv4 CIDR on the customer gateway (on-premises) side of the VPN connection.
    LocalIpv6NetworkCidr string
    The IPv6 CIDR on the customer gateway (on-premises) side of the VPN connection.
    OutsideIpAddressType string
    Indicates if a Public S2S VPN or Private S2S VPN over AWS Direct Connect. Valid values are PublicIpv4 | PrivateIpv4
    RemoteIpv4NetworkCidr string
    The IPv4 CIDR on the AWS side of the VPN connection.
    RemoteIpv6NetworkCidr string
    The IPv6 CIDR on the AWS side of the VPN connection.
    Routes List<VpnConnectionRoute>
    The static routes associated with the VPN connection. Detailed below.
    StaticRoutesOnly bool
    Whether the VPN connection uses static routes exclusively. Static routes must be used for devices that don't support BGP.
    Tags Dictionary<string, string>
    Tags to apply to the connection. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    TagsAll Dictionary<string, string>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    TransitGatewayAttachmentId string
    When associated with an EC2 Transit Gateway (transit_gateway_id argument), the attachment ID. See also the aws.ec2.Tag resource for tagging the EC2 Transit Gateway VPN Attachment.
    TransitGatewayId string
    The ID of the EC2 Transit Gateway.
    TransportTransitGatewayAttachmentId string
    . The attachment ID of the Transit Gateway attachment to Direct Connect Gateway. The ID is obtained through a data source only.
    Tunnel1Address string
    The public IP address of the first VPN tunnel.
    Tunnel1BgpAsn string
    The bgp asn number of the first VPN tunnel.
    Tunnel1BgpHoldtime int
    The bgp holdtime of the first VPN tunnel.
    Tunnel1CgwInsideAddress string
    The RFC 6890 link-local address of the first VPN tunnel (Customer Gateway Side).
    Tunnel1DpdTimeoutAction string
    The action to take after DPD timeout occurs for the first VPN tunnel. Specify restart to restart the IKE initiation. Specify clear to end the IKE session. Valid values are clear | none | restart.
    Tunnel1DpdTimeoutSeconds int
    The number of seconds after which a DPD timeout occurs for the first VPN tunnel. Valid value is equal or higher than 30.
    Tunnel1EnableTunnelLifecycleControl bool
    Turn on or off tunnel endpoint lifecycle control feature for the first VPN tunnel. Valid values are true | false.
    Tunnel1IkeVersions List<string>
    The IKE versions that are permitted for the first VPN tunnel. Valid values are ikev1 | ikev2.
    Tunnel1InsideCidr string
    The CIDR block of the inside IP addresses for the first VPN tunnel. Valid value is a size /30 CIDR block from the 169.254.0.0/16 range.
    Tunnel1InsideIpv6Cidr string
    The range of inside IPv6 addresses for the first VPN tunnel. Supports only EC2 Transit Gateway. Valid value is a size /126 CIDR block from the local fd00::/8 range.
    Tunnel1LogOptions VpnConnectionTunnel1LogOptions
    Options for logging VPN tunnel activity. See Log Options below for more details.
    Tunnel1Phase1DhGroupNumbers List<int>
    List of one or more Diffie-Hellman group numbers that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are 2 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24.
    Tunnel1Phase1EncryptionAlgorithms List<string>
    List of one or more encryption algorithms that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16.
    Tunnel1Phase1IntegrityAlgorithms List<string>
    One or more integrity algorithms that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are SHA1 | SHA2-256 | SHA2-384 | SHA2-512.
    Tunnel1Phase1LifetimeSeconds int
    The lifetime for phase 1 of the IKE negotiation for the first VPN tunnel, in seconds. Valid value is between 900 and 28800.
    Tunnel1Phase2DhGroupNumbers List<int>
    List of one or more Diffie-Hellman group numbers that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are 2 | 5 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24.
    Tunnel1Phase2EncryptionAlgorithms List<string>
    List of one or more encryption algorithms that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16.
    Tunnel1Phase2IntegrityAlgorithms List<string>
    List of one or more integrity algorithms that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are SHA1 | SHA2-256 | SHA2-384 | SHA2-512.
    Tunnel1Phase2LifetimeSeconds int
    The lifetime for phase 2 of the IKE negotiation for the first VPN tunnel, in seconds. Valid value is between 900 and 3600.
    Tunnel1PresharedKey string
    The preshared key of the first VPN tunnel. The preshared key must be between 8 and 64 characters in length and cannot start with zero(0). Allowed characters are alphanumeric characters, periods(.) and underscores(_).
    Tunnel1RekeyFuzzPercentage int
    The percentage of the rekey window for the first VPN tunnel (determined by tunnel1_rekey_margin_time_seconds) during which the rekey time is randomly selected. Valid value is between 0 and 100.
    Tunnel1RekeyMarginTimeSeconds int
    The margin time, in seconds, before the phase 2 lifetime expires, during which the AWS side of the first VPN connection performs an IKE rekey. The exact time of the rekey is randomly selected based on the value for tunnel1_rekey_fuzz_percentage. Valid value is between 60 and half of tunnel1_phase2_lifetime_seconds.
    Tunnel1ReplayWindowSize int
    The number of packets in an IKE replay window for the first VPN tunnel. Valid value is between 64 and 2048.
    Tunnel1StartupAction string
    The action to take when the establishing the tunnel for the first VPN connection. By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specify start for AWS to initiate the IKE negotiation. Valid values are add | start.
    Tunnel1VgwInsideAddress string
    The RFC 6890 link-local address of the first VPN tunnel (VPN Gateway Side).
    Tunnel2Address string
    The public IP address of the second VPN tunnel.
    Tunnel2BgpAsn string
    The bgp asn number of the second VPN tunnel.
    Tunnel2BgpHoldtime int
    The bgp holdtime of the second VPN tunnel.
    Tunnel2CgwInsideAddress string
    The RFC 6890 link-local address of the second VPN tunnel (Customer Gateway Side).
    Tunnel2DpdTimeoutAction string
    The action to take after DPD timeout occurs for the second VPN tunnel. Specify restart to restart the IKE initiation. Specify clear to end the IKE session. Valid values are clear | none | restart.
    Tunnel2DpdTimeoutSeconds int
    The number of seconds after which a DPD timeout occurs for the second VPN tunnel. Valid value is equal or higher than 30.
    Tunnel2EnableTunnelLifecycleControl bool
    Turn on or off tunnel endpoint lifecycle control feature for the second VPN tunnel. Valid values are true | false.
    Tunnel2IkeVersions List<string>
    The IKE versions that are permitted for the second VPN tunnel. Valid values are ikev1 | ikev2.
    Tunnel2InsideCidr string
    The CIDR block of the inside IP addresses for the second VPN tunnel. Valid value is a size /30 CIDR block from the 169.254.0.0/16 range.
    Tunnel2InsideIpv6Cidr string
    The range of inside IPv6 addresses for the second VPN tunnel. Supports only EC2 Transit Gateway. Valid value is a size /126 CIDR block from the local fd00::/8 range.
    Tunnel2LogOptions VpnConnectionTunnel2LogOptions
    Options for logging VPN tunnel activity. See Log Options below for more details.
    Tunnel2Phase1DhGroupNumbers List<int>
    List of one or more Diffie-Hellman group numbers that are permitted for the second VPN tunnel for phase 1 IKE negotiations. Valid values are 2 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24.
    Tunnel2Phase1EncryptionAlgorithms List<string>
    List of one or more encryption algorithms that are permitted for the second VPN tunnel for phase 1 IKE negotiations. Valid values are AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16.
    Tunnel2Phase1IntegrityAlgorithms List<string>
    One or more integrity algorithms that are permitted for the second VPN tunnel for phase 1 IKE negotiations. Valid values are SHA1 | SHA2-256 | SHA2-384 | SHA2-512.
    Tunnel2Phase1LifetimeSeconds int
    The lifetime for phase 1 of the IKE negotiation for the second VPN tunnel, in seconds. Valid value is between 900 and 28800.
    Tunnel2Phase2DhGroupNumbers List<int>
    List of one or more Diffie-Hellman group numbers that are permitted for the second VPN tunnel for phase 2 IKE negotiations. Valid values are 2 | 5 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24.
    Tunnel2Phase2EncryptionAlgorithms List<string>
    List of one or more encryption algorithms that are permitted for the second VPN tunnel for phase 2 IKE negotiations. Valid values are AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16.
    Tunnel2Phase2IntegrityAlgorithms List<string>
    List of one or more integrity algorithms that are permitted for the second VPN tunnel for phase 2 IKE negotiations. Valid values are SHA1 | SHA2-256 | SHA2-384 | SHA2-512.
    Tunnel2Phase2LifetimeSeconds int
    The lifetime for phase 2 of the IKE negotiation for the second VPN tunnel, in seconds. Valid value is between 900 and 3600.
    Tunnel2PresharedKey string
    The preshared key of the second VPN tunnel. The preshared key must be between 8 and 64 characters in length and cannot start with zero(0). Allowed characters are alphanumeric characters, periods(.) and underscores(_).
    Tunnel2RekeyFuzzPercentage int
    The percentage of the rekey window for the second VPN tunnel (determined by tunnel2_rekey_margin_time_seconds) during which the rekey time is randomly selected. Valid value is between 0 and 100.
    Tunnel2RekeyMarginTimeSeconds int
    The margin time, in seconds, before the phase 2 lifetime expires, during which the AWS side of the second VPN connection performs an IKE rekey. The exact time of the rekey is randomly selected based on the value for tunnel2_rekey_fuzz_percentage. Valid value is between 60 and half of tunnel2_phase2_lifetime_seconds.
    Tunnel2ReplayWindowSize int
    The number of packets in an IKE replay window for the second VPN tunnel. Valid value is between 64 and 2048.
    Tunnel2StartupAction string
    The action to take when the establishing the tunnel for the second VPN connection. By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specify start for AWS to initiate the IKE negotiation. Valid values are add | start.
    Tunnel2VgwInsideAddress string
    The RFC 6890 link-local address of the second VPN tunnel (VPN Gateway Side).
    TunnelInsideIpVersion string
    Indicate whether the VPN tunnels process IPv4 or IPv6 traffic. Valid values are ipv4 | ipv6. ipv6 Supports only EC2 Transit Gateway.
    Type string
    The type of VPN connection. The only type AWS supports at this time is "ipsec.1".
    VgwTelemetries List<VpnConnectionVgwTelemetry>
    Telemetry for the VPN tunnels. Detailed below.
    VpnGatewayId string
    The ID of the Virtual Private Gateway.
    Arn string
    Amazon Resource Name (ARN) of the VPN Connection.
    CoreNetworkArn string
    The ARN of the core network.
    CoreNetworkAttachmentArn string
    The ARN of the core network attachment.
    CustomerGatewayConfiguration string
    The configuration information for the VPN connection's customer gateway (in the native XML format).
    CustomerGatewayId string
    The ID of the customer gateway.
    EnableAcceleration bool
    Indicate whether to enable acceleration for the VPN connection. Supports only EC2 Transit Gateway.
    LocalIpv4NetworkCidr string
    The IPv4 CIDR on the customer gateway (on-premises) side of the VPN connection.
    LocalIpv6NetworkCidr string
    The IPv6 CIDR on the customer gateway (on-premises) side of the VPN connection.
    OutsideIpAddressType string
    Indicates if a Public S2S VPN or Private S2S VPN over AWS Direct Connect. Valid values are PublicIpv4 | PrivateIpv4
    RemoteIpv4NetworkCidr string
    The IPv4 CIDR on the AWS side of the VPN connection.
    RemoteIpv6NetworkCidr string
    The IPv6 CIDR on the AWS side of the VPN connection.
    Routes []VpnConnectionRouteTypeArgs
    The static routes associated with the VPN connection. Detailed below.
    StaticRoutesOnly bool
    Whether the VPN connection uses static routes exclusively. Static routes must be used for devices that don't support BGP.
    Tags map[string]string
    Tags to apply to the connection. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    TagsAll map[string]string
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    TransitGatewayAttachmentId string
    When associated with an EC2 Transit Gateway (transit_gateway_id argument), the attachment ID. See also the aws.ec2.Tag resource for tagging the EC2 Transit Gateway VPN Attachment.
    TransitGatewayId string
    The ID of the EC2 Transit Gateway.
    TransportTransitGatewayAttachmentId string
    . The attachment ID of the Transit Gateway attachment to Direct Connect Gateway. The ID is obtained through a data source only.
    Tunnel1Address string
    The public IP address of the first VPN tunnel.
    Tunnel1BgpAsn string
    The bgp asn number of the first VPN tunnel.
    Tunnel1BgpHoldtime int
    The bgp holdtime of the first VPN tunnel.
    Tunnel1CgwInsideAddress string
    The RFC 6890 link-local address of the first VPN tunnel (Customer Gateway Side).
    Tunnel1DpdTimeoutAction string
    The action to take after DPD timeout occurs for the first VPN tunnel. Specify restart to restart the IKE initiation. Specify clear to end the IKE session. Valid values are clear | none | restart.
    Tunnel1DpdTimeoutSeconds int
    The number of seconds after which a DPD timeout occurs for the first VPN tunnel. Valid value is equal or higher than 30.
    Tunnel1EnableTunnelLifecycleControl bool
    Turn on or off tunnel endpoint lifecycle control feature for the first VPN tunnel. Valid values are true | false.
    Tunnel1IkeVersions []string
    The IKE versions that are permitted for the first VPN tunnel. Valid values are ikev1 | ikev2.
    Tunnel1InsideCidr string
    The CIDR block of the inside IP addresses for the first VPN tunnel. Valid value is a size /30 CIDR block from the 169.254.0.0/16 range.
    Tunnel1InsideIpv6Cidr string
    The range of inside IPv6 addresses for the first VPN tunnel. Supports only EC2 Transit Gateway. Valid value is a size /126 CIDR block from the local fd00::/8 range.
    Tunnel1LogOptions VpnConnectionTunnel1LogOptionsArgs
    Options for logging VPN tunnel activity. See Log Options below for more details.
    Tunnel1Phase1DhGroupNumbers []int
    List of one or more Diffie-Hellman group numbers that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are 2 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24.
    Tunnel1Phase1EncryptionAlgorithms []string
    List of one or more encryption algorithms that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16.
    Tunnel1Phase1IntegrityAlgorithms []string
    One or more integrity algorithms that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are SHA1 | SHA2-256 | SHA2-384 | SHA2-512.
    Tunnel1Phase1LifetimeSeconds int
    The lifetime for phase 1 of the IKE negotiation for the first VPN tunnel, in seconds. Valid value is between 900 and 28800.
    Tunnel1Phase2DhGroupNumbers []int
    List of one or more Diffie-Hellman group numbers that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are 2 | 5 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24.
    Tunnel1Phase2EncryptionAlgorithms []string
    List of one or more encryption algorithms that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16.
    Tunnel1Phase2IntegrityAlgorithms []string
    List of one or more integrity algorithms that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are SHA1 | SHA2-256 | SHA2-384 | SHA2-512.
    Tunnel1Phase2LifetimeSeconds int
    The lifetime for phase 2 of the IKE negotiation for the first VPN tunnel, in seconds. Valid value is between 900 and 3600.
    Tunnel1PresharedKey string
    The preshared key of the first VPN tunnel. The preshared key must be between 8 and 64 characters in length and cannot start with zero(0). Allowed characters are alphanumeric characters, periods(.) and underscores(_).
    Tunnel1RekeyFuzzPercentage int
    The percentage of the rekey window for the first VPN tunnel (determined by tunnel1_rekey_margin_time_seconds) during which the rekey time is randomly selected. Valid value is between 0 and 100.
    Tunnel1RekeyMarginTimeSeconds int
    The margin time, in seconds, before the phase 2 lifetime expires, during which the AWS side of the first VPN connection performs an IKE rekey. The exact time of the rekey is randomly selected based on the value for tunnel1_rekey_fuzz_percentage. Valid value is between 60 and half of tunnel1_phase2_lifetime_seconds.
    Tunnel1ReplayWindowSize int
    The number of packets in an IKE replay window for the first VPN tunnel. Valid value is between 64 and 2048.
    Tunnel1StartupAction string
    The action to take when the establishing the tunnel for the first VPN connection. By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specify start for AWS to initiate the IKE negotiation. Valid values are add | start.
    Tunnel1VgwInsideAddress string
    The RFC 6890 link-local address of the first VPN tunnel (VPN Gateway Side).
    Tunnel2Address string
    The public IP address of the second VPN tunnel.
    Tunnel2BgpAsn string
    The bgp asn number of the second VPN tunnel.
    Tunnel2BgpHoldtime int
    The bgp holdtime of the second VPN tunnel.
    Tunnel2CgwInsideAddress string
    The RFC 6890 link-local address of the second VPN tunnel (Customer Gateway Side).
    Tunnel2DpdTimeoutAction string
    The action to take after DPD timeout occurs for the second VPN tunnel. Specify restart to restart the IKE initiation. Specify clear to end the IKE session. Valid values are clear | none | restart.
    Tunnel2DpdTimeoutSeconds int
    The number of seconds after which a DPD timeout occurs for the second VPN tunnel. Valid value is equal or higher than 30.
    Tunnel2EnableTunnelLifecycleControl bool
    Turn on or off tunnel endpoint lifecycle control feature for the second VPN tunnel. Valid values are true | false.
    Tunnel2IkeVersions []string
    The IKE versions that are permitted for the second VPN tunnel. Valid values are ikev1 | ikev2.
    Tunnel2InsideCidr string
    The CIDR block of the inside IP addresses for the second VPN tunnel. Valid value is a size /30 CIDR block from the 169.254.0.0/16 range.
    Tunnel2InsideIpv6Cidr string
    The range of inside IPv6 addresses for the second VPN tunnel. Supports only EC2 Transit Gateway. Valid value is a size /126 CIDR block from the local fd00::/8 range.
    Tunnel2LogOptions VpnConnectionTunnel2LogOptionsArgs
    Options for logging VPN tunnel activity. See Log Options below for more details.
    Tunnel2Phase1DhGroupNumbers []int
    List of one or more Diffie-Hellman group numbers that are permitted for the second VPN tunnel for phase 1 IKE negotiations. Valid values are 2 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24.
    Tunnel2Phase1EncryptionAlgorithms []string
    List of one or more encryption algorithms that are permitted for the second VPN tunnel for phase 1 IKE negotiations. Valid values are AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16.
    Tunnel2Phase1IntegrityAlgorithms []string
    One or more integrity algorithms that are permitted for the second VPN tunnel for phase 1 IKE negotiations. Valid values are SHA1 | SHA2-256 | SHA2-384 | SHA2-512.
    Tunnel2Phase1LifetimeSeconds int
    The lifetime for phase 1 of the IKE negotiation for the second VPN tunnel, in seconds. Valid value is between 900 and 28800.
    Tunnel2Phase2DhGroupNumbers []int
    List of one or more Diffie-Hellman group numbers that are permitted for the second VPN tunnel for phase 2 IKE negotiations. Valid values are 2 | 5 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24.
    Tunnel2Phase2EncryptionAlgorithms []string
    List of one or more encryption algorithms that are permitted for the second VPN tunnel for phase 2 IKE negotiations. Valid values are AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16.
    Tunnel2Phase2IntegrityAlgorithms []string
    List of one or more integrity algorithms that are permitted for the second VPN tunnel for phase 2 IKE negotiations. Valid values are SHA1 | SHA2-256 | SHA2-384 | SHA2-512.
    Tunnel2Phase2LifetimeSeconds int
    The lifetime for phase 2 of the IKE negotiation for the second VPN tunnel, in seconds. Valid value is between 900 and 3600.
    Tunnel2PresharedKey string
    The preshared key of the second VPN tunnel. The preshared key must be between 8 and 64 characters in length and cannot start with zero(0). Allowed characters are alphanumeric characters, periods(.) and underscores(_).
    Tunnel2RekeyFuzzPercentage int
    The percentage of the rekey window for the second VPN tunnel (determined by tunnel2_rekey_margin_time_seconds) during which the rekey time is randomly selected. Valid value is between 0 and 100.
    Tunnel2RekeyMarginTimeSeconds int
    The margin time, in seconds, before the phase 2 lifetime expires, during which the AWS side of the second VPN connection performs an IKE rekey. The exact time of the rekey is randomly selected based on the value for tunnel2_rekey_fuzz_percentage. Valid value is between 60 and half of tunnel2_phase2_lifetime_seconds.
    Tunnel2ReplayWindowSize int
    The number of packets in an IKE replay window for the second VPN tunnel. Valid value is between 64 and 2048.
    Tunnel2StartupAction string
    The action to take when the establishing the tunnel for the second VPN connection. By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specify start for AWS to initiate the IKE negotiation. Valid values are add | start.
    Tunnel2VgwInsideAddress string
    The RFC 6890 link-local address of the second VPN tunnel (VPN Gateway Side).
    TunnelInsideIpVersion string
    Indicate whether the VPN tunnels process IPv4 or IPv6 traffic. Valid values are ipv4 | ipv6. ipv6 Supports only EC2 Transit Gateway.
    Type string
    The type of VPN connection. The only type AWS supports at this time is "ipsec.1".
    VgwTelemetries []VpnConnectionVgwTelemetryArgs
    Telemetry for the VPN tunnels. Detailed below.
    VpnGatewayId string
    The ID of the Virtual Private Gateway.
    arn String
    Amazon Resource Name (ARN) of the VPN Connection.
    coreNetworkArn String
    The ARN of the core network.
    coreNetworkAttachmentArn String
    The ARN of the core network attachment.
    customerGatewayConfiguration String
    The configuration information for the VPN connection's customer gateway (in the native XML format).
    customerGatewayId String
    The ID of the customer gateway.
    enableAcceleration Boolean
    Indicate whether to enable acceleration for the VPN connection. Supports only EC2 Transit Gateway.
    localIpv4NetworkCidr String
    The IPv4 CIDR on the customer gateway (on-premises) side of the VPN connection.
    localIpv6NetworkCidr String
    The IPv6 CIDR on the customer gateway (on-premises) side of the VPN connection.
    outsideIpAddressType String
    Indicates if a Public S2S VPN or Private S2S VPN over AWS Direct Connect. Valid values are PublicIpv4 | PrivateIpv4
    remoteIpv4NetworkCidr String
    The IPv4 CIDR on the AWS side of the VPN connection.
    remoteIpv6NetworkCidr String
    The IPv6 CIDR on the AWS side of the VPN connection.
    routes List<VpnConnectionRoute>
    The static routes associated with the VPN connection. Detailed below.
    staticRoutesOnly Boolean
    Whether the VPN connection uses static routes exclusively. Static routes must be used for devices that don't support BGP.
    tags Map<String,String>
    Tags to apply to the connection. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tagsAll Map<String,String>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    transitGatewayAttachmentId String
    When associated with an EC2 Transit Gateway (transit_gateway_id argument), the attachment ID. See also the aws.ec2.Tag resource for tagging the EC2 Transit Gateway VPN Attachment.
    transitGatewayId String
    The ID of the EC2 Transit Gateway.
    transportTransitGatewayAttachmentId String
    . The attachment ID of the Transit Gateway attachment to Direct Connect Gateway. The ID is obtained through a data source only.
    tunnel1Address String
    The public IP address of the first VPN tunnel.
    tunnel1BgpAsn String
    The bgp asn number of the first VPN tunnel.
    tunnel1BgpHoldtime Integer
    The bgp holdtime of the first VPN tunnel.
    tunnel1CgwInsideAddress String
    The RFC 6890 link-local address of the first VPN tunnel (Customer Gateway Side).
    tunnel1DpdTimeoutAction String
    The action to take after DPD timeout occurs for the first VPN tunnel. Specify restart to restart the IKE initiation. Specify clear to end the IKE session. Valid values are clear | none | restart.
    tunnel1DpdTimeoutSeconds Integer
    The number of seconds after which a DPD timeout occurs for the first VPN tunnel. Valid value is equal or higher than 30.
    tunnel1EnableTunnelLifecycleControl Boolean
    Turn on or off tunnel endpoint lifecycle control feature for the first VPN tunnel. Valid values are true | false.
    tunnel1IkeVersions List<String>
    The IKE versions that are permitted for the first VPN tunnel. Valid values are ikev1 | ikev2.
    tunnel1InsideCidr String
    The CIDR block of the inside IP addresses for the first VPN tunnel. Valid value is a size /30 CIDR block from the 169.254.0.0/16 range.
    tunnel1InsideIpv6Cidr String
    The range of inside IPv6 addresses for the first VPN tunnel. Supports only EC2 Transit Gateway. Valid value is a size /126 CIDR block from the local fd00::/8 range.
    tunnel1LogOptions VpnConnectionTunnel1LogOptions
    Options for logging VPN tunnel activity. See Log Options below for more details.
    tunnel1Phase1DhGroupNumbers List<Integer>
    List of one or more Diffie-Hellman group numbers that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are 2 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24.
    tunnel1Phase1EncryptionAlgorithms List<String>
    List of one or more encryption algorithms that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16.
    tunnel1Phase1IntegrityAlgorithms List<String>
    One or more integrity algorithms that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are SHA1 | SHA2-256 | SHA2-384 | SHA2-512.
    tunnel1Phase1LifetimeSeconds Integer
    The lifetime for phase 1 of the IKE negotiation for the first VPN tunnel, in seconds. Valid value is between 900 and 28800.
    tunnel1Phase2DhGroupNumbers List<Integer>
    List of one or more Diffie-Hellman group numbers that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are 2 | 5 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24.
    tunnel1Phase2EncryptionAlgorithms List<String>
    List of one or more encryption algorithms that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16.
    tunnel1Phase2IntegrityAlgorithms List<String>
    List of one or more integrity algorithms that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are SHA1 | SHA2-256 | SHA2-384 | SHA2-512.
    tunnel1Phase2LifetimeSeconds Integer
    The lifetime for phase 2 of the IKE negotiation for the first VPN tunnel, in seconds. Valid value is between 900 and 3600.
    tunnel1PresharedKey String
    The preshared key of the first VPN tunnel. The preshared key must be between 8 and 64 characters in length and cannot start with zero(0). Allowed characters are alphanumeric characters, periods(.) and underscores(_).
    tunnel1RekeyFuzzPercentage Integer
    The percentage of the rekey window for the first VPN tunnel (determined by tunnel1_rekey_margin_time_seconds) during which the rekey time is randomly selected. Valid value is between 0 and 100.
    tunnel1RekeyMarginTimeSeconds Integer
    The margin time, in seconds, before the phase 2 lifetime expires, during which the AWS side of the first VPN connection performs an IKE rekey. The exact time of the rekey is randomly selected based on the value for tunnel1_rekey_fuzz_percentage. Valid value is between 60 and half of tunnel1_phase2_lifetime_seconds.
    tunnel1ReplayWindowSize Integer
    The number of packets in an IKE replay window for the first VPN tunnel. Valid value is between 64 and 2048.
    tunnel1StartupAction String
    The action to take when the establishing the tunnel for the first VPN connection. By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specify start for AWS to initiate the IKE negotiation. Valid values are add | start.
    tunnel1VgwInsideAddress String
    The RFC 6890 link-local address of the first VPN tunnel (VPN Gateway Side).
    tunnel2Address String
    The public IP address of the second VPN tunnel.
    tunnel2BgpAsn String
    The bgp asn number of the second VPN tunnel.
    tunnel2BgpHoldtime Integer
    The bgp holdtime of the second VPN tunnel.
    tunnel2CgwInsideAddress String
    The RFC 6890 link-local address of the second VPN tunnel (Customer Gateway Side).
    tunnel2DpdTimeoutAction String
    The action to take after DPD timeout occurs for the second VPN tunnel. Specify restart to restart the IKE initiation. Specify clear to end the IKE session. Valid values are clear | none | restart.
    tunnel2DpdTimeoutSeconds Integer
    The number of seconds after which a DPD timeout occurs for the second VPN tunnel. Valid value is equal or higher than 30.
    tunnel2EnableTunnelLifecycleControl Boolean
    Turn on or off tunnel endpoint lifecycle control feature for the second VPN tunnel. Valid values are true | false.
    tunnel2IkeVersions List<String>
    The IKE versions that are permitted for the second VPN tunnel. Valid values are ikev1 | ikev2.
    tunnel2InsideCidr String
    The CIDR block of the inside IP addresses for the second VPN tunnel. Valid value is a size /30 CIDR block from the 169.254.0.0/16 range.
    tunnel2InsideIpv6Cidr String
    The range of inside IPv6 addresses for the second VPN tunnel. Supports only EC2 Transit Gateway. Valid value is a size /126 CIDR block from the local fd00::/8 range.
    tunnel2LogOptions VpnConnectionTunnel2LogOptions
    Options for logging VPN tunnel activity. See Log Options below for more details.
    tunnel2Phase1DhGroupNumbers List<Integer>
    List of one or more Diffie-Hellman group numbers that are permitted for the second VPN tunnel for phase 1 IKE negotiations. Valid values are 2 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24.
    tunnel2Phase1EncryptionAlgorithms List<String>
    List of one or more encryption algorithms that are permitted for the second VPN tunnel for phase 1 IKE negotiations. Valid values are AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16.
    tunnel2Phase1IntegrityAlgorithms List<String>
    One or more integrity algorithms that are permitted for the second VPN tunnel for phase 1 IKE negotiations. Valid values are SHA1 | SHA2-256 | SHA2-384 | SHA2-512.
    tunnel2Phase1LifetimeSeconds Integer
    The lifetime for phase 1 of the IKE negotiation for the second VPN tunnel, in seconds. Valid value is between 900 and 28800.
    tunnel2Phase2DhGroupNumbers List<Integer>
    List of one or more Diffie-Hellman group numbers that are permitted for the second VPN tunnel for phase 2 IKE negotiations. Valid values are 2 | 5 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24.
    tunnel2Phase2EncryptionAlgorithms List<String>
    List of one or more encryption algorithms that are permitted for the second VPN tunnel for phase 2 IKE negotiations. Valid values are AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16.
    tunnel2Phase2IntegrityAlgorithms List<String>
    List of one or more integrity algorithms that are permitted for the second VPN tunnel for phase 2 IKE negotiations. Valid values are SHA1 | SHA2-256 | SHA2-384 | SHA2-512.
    tunnel2Phase2LifetimeSeconds Integer
    The lifetime for phase 2 of the IKE negotiation for the second VPN tunnel, in seconds. Valid value is between 900 and 3600.
    tunnel2PresharedKey String
    The preshared key of the second VPN tunnel. The preshared key must be between 8 and 64 characters in length and cannot start with zero(0). Allowed characters are alphanumeric characters, periods(.) and underscores(_).
    tunnel2RekeyFuzzPercentage Integer
    The percentage of the rekey window for the second VPN tunnel (determined by tunnel2_rekey_margin_time_seconds) during which the rekey time is randomly selected. Valid value is between 0 and 100.
    tunnel2RekeyMarginTimeSeconds Integer
    The margin time, in seconds, before the phase 2 lifetime expires, during which the AWS side of the second VPN connection performs an IKE rekey. The exact time of the rekey is randomly selected based on the value for tunnel2_rekey_fuzz_percentage. Valid value is between 60 and half of tunnel2_phase2_lifetime_seconds.
    tunnel2ReplayWindowSize Integer
    The number of packets in an IKE replay window for the second VPN tunnel. Valid value is between 64 and 2048.
    tunnel2StartupAction String
    The action to take when the establishing the tunnel for the second VPN connection. By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specify start for AWS to initiate the IKE negotiation. Valid values are add | start.
    tunnel2VgwInsideAddress String
    The RFC 6890 link-local address of the second VPN tunnel (VPN Gateway Side).
    tunnelInsideIpVersion String
    Indicate whether the VPN tunnels process IPv4 or IPv6 traffic. Valid values are ipv4 | ipv6. ipv6 Supports only EC2 Transit Gateway.
    type String
    The type of VPN connection. The only type AWS supports at this time is "ipsec.1".
    vgwTelemetries List<VpnConnectionVgwTelemetry>
    Telemetry for the VPN tunnels. Detailed below.
    vpnGatewayId String
    The ID of the Virtual Private Gateway.
    arn string
    Amazon Resource Name (ARN) of the VPN Connection.
    coreNetworkArn string
    The ARN of the core network.
    coreNetworkAttachmentArn string
    The ARN of the core network attachment.
    customerGatewayConfiguration string
    The configuration information for the VPN connection's customer gateway (in the native XML format).
    customerGatewayId string
    The ID of the customer gateway.
    enableAcceleration boolean
    Indicate whether to enable acceleration for the VPN connection. Supports only EC2 Transit Gateway.
    localIpv4NetworkCidr string
    The IPv4 CIDR on the customer gateway (on-premises) side of the VPN connection.
    localIpv6NetworkCidr string
    The IPv6 CIDR on the customer gateway (on-premises) side of the VPN connection.
    outsideIpAddressType string
    Indicates if a Public S2S VPN or Private S2S VPN over AWS Direct Connect. Valid values are PublicIpv4 | PrivateIpv4
    remoteIpv4NetworkCidr string
    The IPv4 CIDR on the AWS side of the VPN connection.
    remoteIpv6NetworkCidr string
    The IPv6 CIDR on the AWS side of the VPN connection.
    routes VpnConnectionRoute[]
    The static routes associated with the VPN connection. Detailed below.
    staticRoutesOnly boolean
    Whether the VPN connection uses static routes exclusively. Static routes must be used for devices that don't support BGP.
    tags {[key: string]: string}
    Tags to apply to the connection. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tagsAll {[key: string]: string}
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    transitGatewayAttachmentId string
    When associated with an EC2 Transit Gateway (transit_gateway_id argument), the attachment ID. See also the aws.ec2.Tag resource for tagging the EC2 Transit Gateway VPN Attachment.
    transitGatewayId string
    The ID of the EC2 Transit Gateway.
    transportTransitGatewayAttachmentId string
    . The attachment ID of the Transit Gateway attachment to Direct Connect Gateway. The ID is obtained through a data source only.
    tunnel1Address string
    The public IP address of the first VPN tunnel.
    tunnel1BgpAsn string
    The bgp asn number of the first VPN tunnel.
    tunnel1BgpHoldtime number
    The bgp holdtime of the first VPN tunnel.
    tunnel1CgwInsideAddress string
    The RFC 6890 link-local address of the first VPN tunnel (Customer Gateway Side).
    tunnel1DpdTimeoutAction string
    The action to take after DPD timeout occurs for the first VPN tunnel. Specify restart to restart the IKE initiation. Specify clear to end the IKE session. Valid values are clear | none | restart.
    tunnel1DpdTimeoutSeconds number
    The number of seconds after which a DPD timeout occurs for the first VPN tunnel. Valid value is equal or higher than 30.
    tunnel1EnableTunnelLifecycleControl boolean
    Turn on or off tunnel endpoint lifecycle control feature for the first VPN tunnel. Valid values are true | false.
    tunnel1IkeVersions string[]
    The IKE versions that are permitted for the first VPN tunnel. Valid values are ikev1 | ikev2.
    tunnel1InsideCidr string
    The CIDR block of the inside IP addresses for the first VPN tunnel. Valid value is a size /30 CIDR block from the 169.254.0.0/16 range.
    tunnel1InsideIpv6Cidr string
    The range of inside IPv6 addresses for the first VPN tunnel. Supports only EC2 Transit Gateway. Valid value is a size /126 CIDR block from the local fd00::/8 range.
    tunnel1LogOptions VpnConnectionTunnel1LogOptions
    Options for logging VPN tunnel activity. See Log Options below for more details.
    tunnel1Phase1DhGroupNumbers number[]
    List of one or more Diffie-Hellman group numbers that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are 2 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24.
    tunnel1Phase1EncryptionAlgorithms string[]
    List of one or more encryption algorithms that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16.
    tunnel1Phase1IntegrityAlgorithms string[]
    One or more integrity algorithms that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are SHA1 | SHA2-256 | SHA2-384 | SHA2-512.
    tunnel1Phase1LifetimeSeconds number
    The lifetime for phase 1 of the IKE negotiation for the first VPN tunnel, in seconds. Valid value is between 900 and 28800.
    tunnel1Phase2DhGroupNumbers number[]
    List of one or more Diffie-Hellman group numbers that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are 2 | 5 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24.
    tunnel1Phase2EncryptionAlgorithms string[]
    List of one or more encryption algorithms that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16.
    tunnel1Phase2IntegrityAlgorithms string[]
    List of one or more integrity algorithms that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are SHA1 | SHA2-256 | SHA2-384 | SHA2-512.
    tunnel1Phase2LifetimeSeconds number
    The lifetime for phase 2 of the IKE negotiation for the first VPN tunnel, in seconds. Valid value is between 900 and 3600.
    tunnel1PresharedKey string
    The preshared key of the first VPN tunnel. The preshared key must be between 8 and 64 characters in length and cannot start with zero(0). Allowed characters are alphanumeric characters, periods(.) and underscores(_).
    tunnel1RekeyFuzzPercentage number
    The percentage of the rekey window for the first VPN tunnel (determined by tunnel1_rekey_margin_time_seconds) during which the rekey time is randomly selected. Valid value is between 0 and 100.
    tunnel1RekeyMarginTimeSeconds number
    The margin time, in seconds, before the phase 2 lifetime expires, during which the AWS side of the first VPN connection performs an IKE rekey. The exact time of the rekey is randomly selected based on the value for tunnel1_rekey_fuzz_percentage. Valid value is between 60 and half of tunnel1_phase2_lifetime_seconds.
    tunnel1ReplayWindowSize number
    The number of packets in an IKE replay window for the first VPN tunnel. Valid value is between 64 and 2048.
    tunnel1StartupAction string
    The action to take when the establishing the tunnel for the first VPN connection. By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specify start for AWS to initiate the IKE negotiation. Valid values are add | start.
    tunnel1VgwInsideAddress string
    The RFC 6890 link-local address of the first VPN tunnel (VPN Gateway Side).
    tunnel2Address string
    The public IP address of the second VPN tunnel.
    tunnel2BgpAsn string
    The bgp asn number of the second VPN tunnel.
    tunnel2BgpHoldtime number
    The bgp holdtime of the second VPN tunnel.
    tunnel2CgwInsideAddress string
    The RFC 6890 link-local address of the second VPN tunnel (Customer Gateway Side).
    tunnel2DpdTimeoutAction string
    The action to take after DPD timeout occurs for the second VPN tunnel. Specify restart to restart the IKE initiation. Specify clear to end the IKE session. Valid values are clear | none | restart.
    tunnel2DpdTimeoutSeconds number
    The number of seconds after which a DPD timeout occurs for the second VPN tunnel. Valid value is equal or higher than 30.
    tunnel2EnableTunnelLifecycleControl boolean
    Turn on or off tunnel endpoint lifecycle control feature for the second VPN tunnel. Valid values are true | false.
    tunnel2IkeVersions string[]
    The IKE versions that are permitted for the second VPN tunnel. Valid values are ikev1 | ikev2.
    tunnel2InsideCidr string
    The CIDR block of the inside IP addresses for the second VPN tunnel. Valid value is a size /30 CIDR block from the 169.254.0.0/16 range.
    tunnel2InsideIpv6Cidr string
    The range of inside IPv6 addresses for the second VPN tunnel. Supports only EC2 Transit Gateway. Valid value is a size /126 CIDR block from the local fd00::/8 range.
    tunnel2LogOptions VpnConnectionTunnel2LogOptions
    Options for logging VPN tunnel activity. See Log Options below for more details.
    tunnel2Phase1DhGroupNumbers number[]
    List of one or more Diffie-Hellman group numbers that are permitted for the second VPN tunnel for phase 1 IKE negotiations. Valid values are 2 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24.
    tunnel2Phase1EncryptionAlgorithms string[]
    List of one or more encryption algorithms that are permitted for the second VPN tunnel for phase 1 IKE negotiations. Valid values are AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16.
    tunnel2Phase1IntegrityAlgorithms string[]
    One or more integrity algorithms that are permitted for the second VPN tunnel for phase 1 IKE negotiations. Valid values are SHA1 | SHA2-256 | SHA2-384 | SHA2-512.
    tunnel2Phase1LifetimeSeconds number
    The lifetime for phase 1 of the IKE negotiation for the second VPN tunnel, in seconds. Valid value is between 900 and 28800.
    tunnel2Phase2DhGroupNumbers number[]
    List of one or more Diffie-Hellman group numbers that are permitted for the second VPN tunnel for phase 2 IKE negotiations. Valid values are 2 | 5 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24.
    tunnel2Phase2EncryptionAlgorithms string[]
    List of one or more encryption algorithms that are permitted for the second VPN tunnel for phase 2 IKE negotiations. Valid values are AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16.
    tunnel2Phase2IntegrityAlgorithms string[]
    List of one or more integrity algorithms that are permitted for the second VPN tunnel for phase 2 IKE negotiations. Valid values are SHA1 | SHA2-256 | SHA2-384 | SHA2-512.
    tunnel2Phase2LifetimeSeconds number
    The lifetime for phase 2 of the IKE negotiation for the second VPN tunnel, in seconds. Valid value is between 900 and 3600.
    tunnel2PresharedKey string
    The preshared key of the second VPN tunnel. The preshared key must be between 8 and 64 characters in length and cannot start with zero(0). Allowed characters are alphanumeric characters, periods(.) and underscores(_).
    tunnel2RekeyFuzzPercentage number
    The percentage of the rekey window for the second VPN tunnel (determined by tunnel2_rekey_margin_time_seconds) during which the rekey time is randomly selected. Valid value is between 0 and 100.
    tunnel2RekeyMarginTimeSeconds number
    The margin time, in seconds, before the phase 2 lifetime expires, during which the AWS side of the second VPN connection performs an IKE rekey. The exact time of the rekey is randomly selected based on the value for tunnel2_rekey_fuzz_percentage. Valid value is between 60 and half of tunnel2_phase2_lifetime_seconds.
    tunnel2ReplayWindowSize number
    The number of packets in an IKE replay window for the second VPN tunnel. Valid value is between 64 and 2048.
    tunnel2StartupAction string
    The action to take when the establishing the tunnel for the second VPN connection. By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specify start for AWS to initiate the IKE negotiation. Valid values are add | start.
    tunnel2VgwInsideAddress string
    The RFC 6890 link-local address of the second VPN tunnel (VPN Gateway Side).
    tunnelInsideIpVersion string
    Indicate whether the VPN tunnels process IPv4 or IPv6 traffic. Valid values are ipv4 | ipv6. ipv6 Supports only EC2 Transit Gateway.
    type string
    The type of VPN connection. The only type AWS supports at this time is "ipsec.1".
    vgwTelemetries VpnConnectionVgwTelemetry[]
    Telemetry for the VPN tunnels. Detailed below.
    vpnGatewayId string
    The ID of the Virtual Private Gateway.
    arn str
    Amazon Resource Name (ARN) of the VPN Connection.
    core_network_arn str
    The ARN of the core network.
    core_network_attachment_arn str
    The ARN of the core network attachment.
    customer_gateway_configuration str
    The configuration information for the VPN connection's customer gateway (in the native XML format).
    customer_gateway_id str
    The ID of the customer gateway.
    enable_acceleration bool
    Indicate whether to enable acceleration for the VPN connection. Supports only EC2 Transit Gateway.
    local_ipv4_network_cidr str
    The IPv4 CIDR on the customer gateway (on-premises) side of the VPN connection.
    local_ipv6_network_cidr str
    The IPv6 CIDR on the customer gateway (on-premises) side of the VPN connection.
    outside_ip_address_type str
    Indicates if a Public S2S VPN or Private S2S VPN over AWS Direct Connect. Valid values are PublicIpv4 | PrivateIpv4
    remote_ipv4_network_cidr str
    The IPv4 CIDR on the AWS side of the VPN connection.
    remote_ipv6_network_cidr str
    The IPv6 CIDR on the AWS side of the VPN connection.
    routes Sequence[VpnConnectionRouteArgs]
    The static routes associated with the VPN connection. Detailed below.
    static_routes_only bool
    Whether the VPN connection uses static routes exclusively. Static routes must be used for devices that don't support BGP.
    tags Mapping[str, str]
    Tags to apply to the connection. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tags_all Mapping[str, str]
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    transit_gateway_attachment_id str
    When associated with an EC2 Transit Gateway (transit_gateway_id argument), the attachment ID. See also the aws.ec2.Tag resource for tagging the EC2 Transit Gateway VPN Attachment.
    transit_gateway_id str
    The ID of the EC2 Transit Gateway.
    transport_transit_gateway_attachment_id str
    . The attachment ID of the Transit Gateway attachment to Direct Connect Gateway. The ID is obtained through a data source only.
    tunnel1_address str
    The public IP address of the first VPN tunnel.
    tunnel1_bgp_asn str
    The bgp asn number of the first VPN tunnel.
    tunnel1_bgp_holdtime int
    The bgp holdtime of the first VPN tunnel.
    tunnel1_cgw_inside_address str
    The RFC 6890 link-local address of the first VPN tunnel (Customer Gateway Side).
    tunnel1_dpd_timeout_action str
    The action to take after DPD timeout occurs for the first VPN tunnel. Specify restart to restart the IKE initiation. Specify clear to end the IKE session. Valid values are clear | none | restart.
    tunnel1_dpd_timeout_seconds int
    The number of seconds after which a DPD timeout occurs for the first VPN tunnel. Valid value is equal or higher than 30.
    tunnel1_enable_tunnel_lifecycle_control bool
    Turn on or off tunnel endpoint lifecycle control feature for the first VPN tunnel. Valid values are true | false.
    tunnel1_ike_versions Sequence[str]
    The IKE versions that are permitted for the first VPN tunnel. Valid values are ikev1 | ikev2.
    tunnel1_inside_cidr str
    The CIDR block of the inside IP addresses for the first VPN tunnel. Valid value is a size /30 CIDR block from the 169.254.0.0/16 range.
    tunnel1_inside_ipv6_cidr str
    The range of inside IPv6 addresses for the first VPN tunnel. Supports only EC2 Transit Gateway. Valid value is a size /126 CIDR block from the local fd00::/8 range.
    tunnel1_log_options VpnConnectionTunnel1LogOptionsArgs
    Options for logging VPN tunnel activity. See Log Options below for more details.
    tunnel1_phase1_dh_group_numbers Sequence[int]
    List of one or more Diffie-Hellman group numbers that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are 2 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24.
    tunnel1_phase1_encryption_algorithms Sequence[str]
    List of one or more encryption algorithms that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16.
    tunnel1_phase1_integrity_algorithms Sequence[str]
    One or more integrity algorithms that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are SHA1 | SHA2-256 | SHA2-384 | SHA2-512.
    tunnel1_phase1_lifetime_seconds int
    The lifetime for phase 1 of the IKE negotiation for the first VPN tunnel, in seconds. Valid value is between 900 and 28800.
    tunnel1_phase2_dh_group_numbers Sequence[int]
    List of one or more Diffie-Hellman group numbers that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are 2 | 5 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24.
    tunnel1_phase2_encryption_algorithms Sequence[str]
    List of one or more encryption algorithms that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16.
    tunnel1_phase2_integrity_algorithms Sequence[str]
    List of one or more integrity algorithms that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are SHA1 | SHA2-256 | SHA2-384 | SHA2-512.
    tunnel1_phase2_lifetime_seconds int
    The lifetime for phase 2 of the IKE negotiation for the first VPN tunnel, in seconds. Valid value is between 900 and 3600.
    tunnel1_preshared_key str
    The preshared key of the first VPN tunnel. The preshared key must be between 8 and 64 characters in length and cannot start with zero(0). Allowed characters are alphanumeric characters, periods(.) and underscores(_).
    tunnel1_rekey_fuzz_percentage int
    The percentage of the rekey window for the first VPN tunnel (determined by tunnel1_rekey_margin_time_seconds) during which the rekey time is randomly selected. Valid value is between 0 and 100.
    tunnel1_rekey_margin_time_seconds int
    The margin time, in seconds, before the phase 2 lifetime expires, during which the AWS side of the first VPN connection performs an IKE rekey. The exact time of the rekey is randomly selected based on the value for tunnel1_rekey_fuzz_percentage. Valid value is between 60 and half of tunnel1_phase2_lifetime_seconds.
    tunnel1_replay_window_size int
    The number of packets in an IKE replay window for the first VPN tunnel. Valid value is between 64 and 2048.
    tunnel1_startup_action str
    The action to take when the establishing the tunnel for the first VPN connection. By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specify start for AWS to initiate the IKE negotiation. Valid values are add | start.
    tunnel1_vgw_inside_address str
    The RFC 6890 link-local address of the first VPN tunnel (VPN Gateway Side).
    tunnel2_address str
    The public IP address of the second VPN tunnel.
    tunnel2_bgp_asn str
    The bgp asn number of the second VPN tunnel.
    tunnel2_bgp_holdtime int
    The bgp holdtime of the second VPN tunnel.
    tunnel2_cgw_inside_address str
    The RFC 6890 link-local address of the second VPN tunnel (Customer Gateway Side).
    tunnel2_dpd_timeout_action str
    The action to take after DPD timeout occurs for the second VPN tunnel. Specify restart to restart the IKE initiation. Specify clear to end the IKE session. Valid values are clear | none | restart.
    tunnel2_dpd_timeout_seconds int
    The number of seconds after which a DPD timeout occurs for the second VPN tunnel. Valid value is equal or higher than 30.
    tunnel2_enable_tunnel_lifecycle_control bool
    Turn on or off tunnel endpoint lifecycle control feature for the second VPN tunnel. Valid values are true | false.
    tunnel2_ike_versions Sequence[str]
    The IKE versions that are permitted for the second VPN tunnel. Valid values are ikev1 | ikev2.
    tunnel2_inside_cidr str
    The CIDR block of the inside IP addresses for the second VPN tunnel. Valid value is a size /30 CIDR block from the 169.254.0.0/16 range.
    tunnel2_inside_ipv6_cidr str
    The range of inside IPv6 addresses for the second VPN tunnel. Supports only EC2 Transit Gateway. Valid value is a size /126 CIDR block from the local fd00::/8 range.
    tunnel2_log_options VpnConnectionTunnel2LogOptionsArgs
    Options for logging VPN tunnel activity. See Log Options below for more details.
    tunnel2_phase1_dh_group_numbers Sequence[int]
    List of one or more Diffie-Hellman group numbers that are permitted for the second VPN tunnel for phase 1 IKE negotiations. Valid values are 2 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24.
    tunnel2_phase1_encryption_algorithms Sequence[str]
    List of one or more encryption algorithms that are permitted for the second VPN tunnel for phase 1 IKE negotiations. Valid values are AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16.
    tunnel2_phase1_integrity_algorithms Sequence[str]
    One or more integrity algorithms that are permitted for the second VPN tunnel for phase 1 IKE negotiations. Valid values are SHA1 | SHA2-256 | SHA2-384 | SHA2-512.
    tunnel2_phase1_lifetime_seconds int
    The lifetime for phase 1 of the IKE negotiation for the second VPN tunnel, in seconds. Valid value is between 900 and 28800.
    tunnel2_phase2_dh_group_numbers Sequence[int]
    List of one or more Diffie-Hellman group numbers that are permitted for the second VPN tunnel for phase 2 IKE negotiations. Valid values are 2 | 5 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24.
    tunnel2_phase2_encryption_algorithms Sequence[str]
    List of one or more encryption algorithms that are permitted for the second VPN tunnel for phase 2 IKE negotiations. Valid values are AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16.
    tunnel2_phase2_integrity_algorithms Sequence[str]
    List of one or more integrity algorithms that are permitted for the second VPN tunnel for phase 2 IKE negotiations. Valid values are SHA1 | SHA2-256 | SHA2-384 | SHA2-512.
    tunnel2_phase2_lifetime_seconds int
    The lifetime for phase 2 of the IKE negotiation for the second VPN tunnel, in seconds. Valid value is between 900 and 3600.
    tunnel2_preshared_key str
    The preshared key of the second VPN tunnel. The preshared key must be between 8 and 64 characters in length and cannot start with zero(0). Allowed characters are alphanumeric characters, periods(.) and underscores(_).
    tunnel2_rekey_fuzz_percentage int
    The percentage of the rekey window for the second VPN tunnel (determined by tunnel2_rekey_margin_time_seconds) during which the rekey time is randomly selected. Valid value is between 0 and 100.
    tunnel2_rekey_margin_time_seconds int
    The margin time, in seconds, before the phase 2 lifetime expires, during which the AWS side of the second VPN connection performs an IKE rekey. The exact time of the rekey is randomly selected based on the value for tunnel2_rekey_fuzz_percentage. Valid value is between 60 and half of tunnel2_phase2_lifetime_seconds.
    tunnel2_replay_window_size int
    The number of packets in an IKE replay window for the second VPN tunnel. Valid value is between 64 and 2048.
    tunnel2_startup_action str
    The action to take when the establishing the tunnel for the second VPN connection. By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specify start for AWS to initiate the IKE negotiation. Valid values are add | start.
    tunnel2_vgw_inside_address str
    The RFC 6890 link-local address of the second VPN tunnel (VPN Gateway Side).
    tunnel_inside_ip_version str
    Indicate whether the VPN tunnels process IPv4 or IPv6 traffic. Valid values are ipv4 | ipv6. ipv6 Supports only EC2 Transit Gateway.
    type str
    The type of VPN connection. The only type AWS supports at this time is "ipsec.1".
    vgw_telemetries Sequence[VpnConnectionVgwTelemetryArgs]
    Telemetry for the VPN tunnels. Detailed below.
    vpn_gateway_id str
    The ID of the Virtual Private Gateway.
    arn String
    Amazon Resource Name (ARN) of the VPN Connection.
    coreNetworkArn String
    The ARN of the core network.
    coreNetworkAttachmentArn String
    The ARN of the core network attachment.
    customerGatewayConfiguration String
    The configuration information for the VPN connection's customer gateway (in the native XML format).
    customerGatewayId String
    The ID of the customer gateway.
    enableAcceleration Boolean
    Indicate whether to enable acceleration for the VPN connection. Supports only EC2 Transit Gateway.
    localIpv4NetworkCidr String
    The IPv4 CIDR on the customer gateway (on-premises) side of the VPN connection.
    localIpv6NetworkCidr String
    The IPv6 CIDR on the customer gateway (on-premises) side of the VPN connection.
    outsideIpAddressType String
    Indicates if a Public S2S VPN or Private S2S VPN over AWS Direct Connect. Valid values are PublicIpv4 | PrivateIpv4
    remoteIpv4NetworkCidr String
    The IPv4 CIDR on the AWS side of the VPN connection.
    remoteIpv6NetworkCidr String
    The IPv6 CIDR on the AWS side of the VPN connection.
    routes List<Property Map>
    The static routes associated with the VPN connection. Detailed below.
    staticRoutesOnly Boolean
    Whether the VPN connection uses static routes exclusively. Static routes must be used for devices that don't support BGP.
    tags Map<String>
    Tags to apply to the connection. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tagsAll Map<String>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    transitGatewayAttachmentId String
    When associated with an EC2 Transit Gateway (transit_gateway_id argument), the attachment ID. See also the aws.ec2.Tag resource for tagging the EC2 Transit Gateway VPN Attachment.
    transitGatewayId String
    The ID of the EC2 Transit Gateway.
    transportTransitGatewayAttachmentId String
    . The attachment ID of the Transit Gateway attachment to Direct Connect Gateway. The ID is obtained through a data source only.
    tunnel1Address String
    The public IP address of the first VPN tunnel.
    tunnel1BgpAsn String
    The bgp asn number of the first VPN tunnel.
    tunnel1BgpHoldtime Number
    The bgp holdtime of the first VPN tunnel.
    tunnel1CgwInsideAddress String
    The RFC 6890 link-local address of the first VPN tunnel (Customer Gateway Side).
    tunnel1DpdTimeoutAction String
    The action to take after DPD timeout occurs for the first VPN tunnel. Specify restart to restart the IKE initiation. Specify clear to end the IKE session. Valid values are clear | none | restart.
    tunnel1DpdTimeoutSeconds Number
    The number of seconds after which a DPD timeout occurs for the first VPN tunnel. Valid value is equal or higher than 30.
    tunnel1EnableTunnelLifecycleControl Boolean
    Turn on or off tunnel endpoint lifecycle control feature for the first VPN tunnel. Valid values are true | false.
    tunnel1IkeVersions List<String>
    The IKE versions that are permitted for the first VPN tunnel. Valid values are ikev1 | ikev2.
    tunnel1InsideCidr String
    The CIDR block of the inside IP addresses for the first VPN tunnel. Valid value is a size /30 CIDR block from the 169.254.0.0/16 range.
    tunnel1InsideIpv6Cidr String
    The range of inside IPv6 addresses for the first VPN tunnel. Supports only EC2 Transit Gateway. Valid value is a size /126 CIDR block from the local fd00::/8 range.
    tunnel1LogOptions Property Map
    Options for logging VPN tunnel activity. See Log Options below for more details.
    tunnel1Phase1DhGroupNumbers List<Number>
    List of one or more Diffie-Hellman group numbers that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are 2 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24.
    tunnel1Phase1EncryptionAlgorithms List<String>
    List of one or more encryption algorithms that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16.
    tunnel1Phase1IntegrityAlgorithms List<String>
    One or more integrity algorithms that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are SHA1 | SHA2-256 | SHA2-384 | SHA2-512.
    tunnel1Phase1LifetimeSeconds Number
    The lifetime for phase 1 of the IKE negotiation for the first VPN tunnel, in seconds. Valid value is between 900 and 28800.
    tunnel1Phase2DhGroupNumbers List<Number>
    List of one or more Diffie-Hellman group numbers that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are 2 | 5 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24.
    tunnel1Phase2EncryptionAlgorithms List<String>
    List of one or more encryption algorithms that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16.
    tunnel1Phase2IntegrityAlgorithms List<String>
    List of one or more integrity algorithms that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are SHA1 | SHA2-256 | SHA2-384 | SHA2-512.
    tunnel1Phase2LifetimeSeconds Number
    The lifetime for phase 2 of the IKE negotiation for the first VPN tunnel, in seconds. Valid value is between 900 and 3600.
    tunnel1PresharedKey String
    The preshared key of the first VPN tunnel. The preshared key must be between 8 and 64 characters in length and cannot start with zero(0). Allowed characters are alphanumeric characters, periods(.) and underscores(_).
    tunnel1RekeyFuzzPercentage Number
    The percentage of the rekey window for the first VPN tunnel (determined by tunnel1_rekey_margin_time_seconds) during which the rekey time is randomly selected. Valid value is between 0 and 100.
    tunnel1RekeyMarginTimeSeconds Number
    The margin time, in seconds, before the phase 2 lifetime expires, during which the AWS side of the first VPN connection performs an IKE rekey. The exact time of the rekey is randomly selected based on the value for tunnel1_rekey_fuzz_percentage. Valid value is between 60 and half of tunnel1_phase2_lifetime_seconds.
    tunnel1ReplayWindowSize Number
    The number of packets in an IKE replay window for the first VPN tunnel. Valid value is between 64 and 2048.
    tunnel1StartupAction String
    The action to take when the establishing the tunnel for the first VPN connection. By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specify start for AWS to initiate the IKE negotiation. Valid values are add | start.
    tunnel1VgwInsideAddress String
    The RFC 6890 link-local address of the first VPN tunnel (VPN Gateway Side).
    tunnel2Address String
    The public IP address of the second VPN tunnel.
    tunnel2BgpAsn String
    The bgp asn number of the second VPN tunnel.
    tunnel2BgpHoldtime Number
    The bgp holdtime of the second VPN tunnel.
    tunnel2CgwInsideAddress String
    The RFC 6890 link-local address of the second VPN tunnel (Customer Gateway Side).
    tunnel2DpdTimeoutAction String
    The action to take after DPD timeout occurs for the second VPN tunnel. Specify restart to restart the IKE initiation. Specify clear to end the IKE session. Valid values are clear | none | restart.
    tunnel2DpdTimeoutSeconds Number
    The number of seconds after which a DPD timeout occurs for the second VPN tunnel. Valid value is equal or higher than 30.
    tunnel2EnableTunnelLifecycleControl Boolean
    Turn on or off tunnel endpoint lifecycle control feature for the second VPN tunnel. Valid values are true | false.
    tunnel2IkeVersions List<String>
    The IKE versions that are permitted for the second VPN tunnel. Valid values are ikev1 | ikev2.
    tunnel2InsideCidr String
    The CIDR block of the inside IP addresses for the second VPN tunnel. Valid value is a size /30 CIDR block from the 169.254.0.0/16 range.
    tunnel2InsideIpv6Cidr String
    The range of inside IPv6 addresses for the second VPN tunnel. Supports only EC2 Transit Gateway. Valid value is a size /126 CIDR block from the local fd00::/8 range.
    tunnel2LogOptions Property Map
    Options for logging VPN tunnel activity. See Log Options below for more details.
    tunnel2Phase1DhGroupNumbers List<Number>
    List of one or more Diffie-Hellman group numbers that are permitted for the second VPN tunnel for phase 1 IKE negotiations. Valid values are 2 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24.
    tunnel2Phase1EncryptionAlgorithms List<String>
    List of one or more encryption algorithms that are permitted for the second VPN tunnel for phase 1 IKE negotiations. Valid values are AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16.
    tunnel2Phase1IntegrityAlgorithms List<String>
    One or more integrity algorithms that are permitted for the second VPN tunnel for phase 1 IKE negotiations. Valid values are SHA1 | SHA2-256 | SHA2-384 | SHA2-512.
    tunnel2Phase1LifetimeSeconds Number
    The lifetime for phase 1 of the IKE negotiation for the second VPN tunnel, in seconds. Valid value is between 900 and 28800.
    tunnel2Phase2DhGroupNumbers List<Number>
    List of one or more Diffie-Hellman group numbers that are permitted for the second VPN tunnel for phase 2 IKE negotiations. Valid values are 2 | 5 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24.
    tunnel2Phase2EncryptionAlgorithms List<String>
    List of one or more encryption algorithms that are permitted for the second VPN tunnel for phase 2 IKE negotiations. Valid values are AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16.
    tunnel2Phase2IntegrityAlgorithms List<String>
    List of one or more integrity algorithms that are permitted for the second VPN tunnel for phase 2 IKE negotiations. Valid values are SHA1 | SHA2-256 | SHA2-384 | SHA2-512.
    tunnel2Phase2LifetimeSeconds Number
    The lifetime for phase 2 of the IKE negotiation for the second VPN tunnel, in seconds. Valid value is between 900 and 3600.
    tunnel2PresharedKey String
    The preshared key of the second VPN tunnel. The preshared key must be between 8 and 64 characters in length and cannot start with zero(0). Allowed characters are alphanumeric characters, periods(.) and underscores(_).
    tunnel2RekeyFuzzPercentage Number
    The percentage of the rekey window for the second VPN tunnel (determined by tunnel2_rekey_margin_time_seconds) during which the rekey time is randomly selected. Valid value is between 0 and 100.
    tunnel2RekeyMarginTimeSeconds Number
    The margin time, in seconds, before the phase 2 lifetime expires, during which the AWS side of the second VPN connection performs an IKE rekey. The exact time of the rekey is randomly selected based on the value for tunnel2_rekey_fuzz_percentage. Valid value is between 60 and half of tunnel2_phase2_lifetime_seconds.
    tunnel2ReplayWindowSize Number
    The number of packets in an IKE replay window for the second VPN tunnel. Valid value is between 64 and 2048.
    tunnel2StartupAction String
    The action to take when the establishing the tunnel for the second VPN connection. By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specify start for AWS to initiate the IKE negotiation. Valid values are add | start.
    tunnel2VgwInsideAddress String
    The RFC 6890 link-local address of the second VPN tunnel (VPN Gateway Side).
    tunnelInsideIpVersion String
    Indicate whether the VPN tunnels process IPv4 or IPv6 traffic. Valid values are ipv4 | ipv6. ipv6 Supports only EC2 Transit Gateway.
    type String
    The type of VPN connection. The only type AWS supports at this time is "ipsec.1".
    vgwTelemetries List<Property Map>
    Telemetry for the VPN tunnels. Detailed below.
    vpnGatewayId String
    The ID of the Virtual Private Gateway.

    Supporting Types

    VpnConnectionRoute, VpnConnectionRouteArgs

    DestinationCidrBlock string
    The CIDR block associated with the local subnet of the customer data center.
    Source string
    Indicates how the routes were provided.
    State string
    The current state of the static route.
    DestinationCidrBlock string
    The CIDR block associated with the local subnet of the customer data center.
    Source string
    Indicates how the routes were provided.
    State string
    The current state of the static route.
    destinationCidrBlock String
    The CIDR block associated with the local subnet of the customer data center.
    source String
    Indicates how the routes were provided.
    state String
    The current state of the static route.
    destinationCidrBlock string
    The CIDR block associated with the local subnet of the customer data center.
    source string
    Indicates how the routes were provided.
    state string
    The current state of the static route.
    destination_cidr_block str
    The CIDR block associated with the local subnet of the customer data center.
    source str
    Indicates how the routes were provided.
    state str
    The current state of the static route.
    destinationCidrBlock String
    The CIDR block associated with the local subnet of the customer data center.
    source String
    Indicates how the routes were provided.
    state String
    The current state of the static route.

    VpnConnectionTunnel1LogOptions, VpnConnectionTunnel1LogOptionsArgs

    CloudwatchLogOptions VpnConnectionTunnel1LogOptionsCloudwatchLogOptions
    Options for sending VPN tunnel logs to CloudWatch. See CloudWatch Log Options below for more details.
    CloudwatchLogOptions VpnConnectionTunnel1LogOptionsCloudwatchLogOptions
    Options for sending VPN tunnel logs to CloudWatch. See CloudWatch Log Options below for more details.
    cloudwatchLogOptions VpnConnectionTunnel1LogOptionsCloudwatchLogOptions
    Options for sending VPN tunnel logs to CloudWatch. See CloudWatch Log Options below for more details.
    cloudwatchLogOptions VpnConnectionTunnel1LogOptionsCloudwatchLogOptions
    Options for sending VPN tunnel logs to CloudWatch. See CloudWatch Log Options below for more details.
    cloudwatch_log_options VpnConnectionTunnel1LogOptionsCloudwatchLogOptions
    Options for sending VPN tunnel logs to CloudWatch. See CloudWatch Log Options below for more details.
    cloudwatchLogOptions Property Map
    Options for sending VPN tunnel logs to CloudWatch. See CloudWatch Log Options below for more details.

    VpnConnectionTunnel1LogOptionsCloudwatchLogOptions, VpnConnectionTunnel1LogOptionsCloudwatchLogOptionsArgs

    LogEnabled bool
    Enable or disable VPN tunnel logging feature. The default is false.
    LogGroupArn string
    The Amazon Resource Name (ARN) of the CloudWatch log group to send logs to.
    LogOutputFormat string
    Set log format. Default format is json. Possible values are: json and text. The default is json.
    LogEnabled bool
    Enable or disable VPN tunnel logging feature. The default is false.
    LogGroupArn string
    The Amazon Resource Name (ARN) of the CloudWatch log group to send logs to.
    LogOutputFormat string
    Set log format. Default format is json. Possible values are: json and text. The default is json.
    logEnabled Boolean
    Enable or disable VPN tunnel logging feature. The default is false.
    logGroupArn String
    The Amazon Resource Name (ARN) of the CloudWatch log group to send logs to.
    logOutputFormat String
    Set log format. Default format is json. Possible values are: json and text. The default is json.
    logEnabled boolean
    Enable or disable VPN tunnel logging feature. The default is false.
    logGroupArn string
    The Amazon Resource Name (ARN) of the CloudWatch log group to send logs to.
    logOutputFormat string
    Set log format. Default format is json. Possible values are: json and text. The default is json.
    log_enabled bool
    Enable or disable VPN tunnel logging feature. The default is false.
    log_group_arn str
    The Amazon Resource Name (ARN) of the CloudWatch log group to send logs to.
    log_output_format str
    Set log format. Default format is json. Possible values are: json and text. The default is json.
    logEnabled Boolean
    Enable or disable VPN tunnel logging feature. The default is false.
    logGroupArn String
    The Amazon Resource Name (ARN) of the CloudWatch log group to send logs to.
    logOutputFormat String
    Set log format. Default format is json. Possible values are: json and text. The default is json.

    VpnConnectionTunnel2LogOptions, VpnConnectionTunnel2LogOptionsArgs

    CloudwatchLogOptions VpnConnectionTunnel2LogOptionsCloudwatchLogOptions
    Options for sending VPN tunnel logs to CloudWatch. See CloudWatch Log Options below for more details.
    CloudwatchLogOptions VpnConnectionTunnel2LogOptionsCloudwatchLogOptions
    Options for sending VPN tunnel logs to CloudWatch. See CloudWatch Log Options below for more details.
    cloudwatchLogOptions VpnConnectionTunnel2LogOptionsCloudwatchLogOptions
    Options for sending VPN tunnel logs to CloudWatch. See CloudWatch Log Options below for more details.
    cloudwatchLogOptions VpnConnectionTunnel2LogOptionsCloudwatchLogOptions
    Options for sending VPN tunnel logs to CloudWatch. See CloudWatch Log Options below for more details.
    cloudwatch_log_options VpnConnectionTunnel2LogOptionsCloudwatchLogOptions
    Options for sending VPN tunnel logs to CloudWatch. See CloudWatch Log Options below for more details.
    cloudwatchLogOptions Property Map
    Options for sending VPN tunnel logs to CloudWatch. See CloudWatch Log Options below for more details.

    VpnConnectionTunnel2LogOptionsCloudwatchLogOptions, VpnConnectionTunnel2LogOptionsCloudwatchLogOptionsArgs

    LogEnabled bool
    Enable or disable VPN tunnel logging feature. The default is false.
    LogGroupArn string
    The Amazon Resource Name (ARN) of the CloudWatch log group to send logs to.
    LogOutputFormat string
    Set log format. Default format is json. Possible values are: json and text. The default is json.
    LogEnabled bool
    Enable or disable VPN tunnel logging feature. The default is false.
    LogGroupArn string
    The Amazon Resource Name (ARN) of the CloudWatch log group to send logs to.
    LogOutputFormat string
    Set log format. Default format is json. Possible values are: json and text. The default is json.
    logEnabled Boolean
    Enable or disable VPN tunnel logging feature. The default is false.
    logGroupArn String
    The Amazon Resource Name (ARN) of the CloudWatch log group to send logs to.
    logOutputFormat String
    Set log format. Default format is json. Possible values are: json and text. The default is json.
    logEnabled boolean
    Enable or disable VPN tunnel logging feature. The default is false.
    logGroupArn string
    The Amazon Resource Name (ARN) of the CloudWatch log group to send logs to.
    logOutputFormat string
    Set log format. Default format is json. Possible values are: json and text. The default is json.
    log_enabled bool
    Enable or disable VPN tunnel logging feature. The default is false.
    log_group_arn str
    The Amazon Resource Name (ARN) of the CloudWatch log group to send logs to.
    log_output_format str
    Set log format. Default format is json. Possible values are: json and text. The default is json.
    logEnabled Boolean
    Enable or disable VPN tunnel logging feature. The default is false.
    logGroupArn String
    The Amazon Resource Name (ARN) of the CloudWatch log group to send logs to.
    logOutputFormat String
    Set log format. Default format is json. Possible values are: json and text. The default is json.

    VpnConnectionVgwTelemetry, VpnConnectionVgwTelemetryArgs

    AcceptedRouteCount int
    The number of accepted routes.
    CertificateArn string
    The Amazon Resource Name (ARN) of the VPN tunnel endpoint certificate.
    LastStatusChange string
    The date and time of the last change in status.
    OutsideIpAddress string
    The Internet-routable IP address of the virtual private gateway's outside interface.
    Status string
    The status of the VPN tunnel.
    StatusMessage string
    If an error occurs, a description of the error.
    AcceptedRouteCount int
    The number of accepted routes.
    CertificateArn string
    The Amazon Resource Name (ARN) of the VPN tunnel endpoint certificate.
    LastStatusChange string
    The date and time of the last change in status.
    OutsideIpAddress string
    The Internet-routable IP address of the virtual private gateway's outside interface.
    Status string
    The status of the VPN tunnel.
    StatusMessage string
    If an error occurs, a description of the error.
    acceptedRouteCount Integer
    The number of accepted routes.
    certificateArn String
    The Amazon Resource Name (ARN) of the VPN tunnel endpoint certificate.
    lastStatusChange String
    The date and time of the last change in status.
    outsideIpAddress String
    The Internet-routable IP address of the virtual private gateway's outside interface.
    status String
    The status of the VPN tunnel.
    statusMessage String
    If an error occurs, a description of the error.
    acceptedRouteCount number
    The number of accepted routes.
    certificateArn string
    The Amazon Resource Name (ARN) of the VPN tunnel endpoint certificate.
    lastStatusChange string
    The date and time of the last change in status.
    outsideIpAddress string
    The Internet-routable IP address of the virtual private gateway's outside interface.
    status string
    The status of the VPN tunnel.
    statusMessage string
    If an error occurs, a description of the error.
    accepted_route_count int
    The number of accepted routes.
    certificate_arn str
    The Amazon Resource Name (ARN) of the VPN tunnel endpoint certificate.
    last_status_change str
    The date and time of the last change in status.
    outside_ip_address str
    The Internet-routable IP address of the virtual private gateway's outside interface.
    status str
    The status of the VPN tunnel.
    status_message str
    If an error occurs, a description of the error.
    acceptedRouteCount Number
    The number of accepted routes.
    certificateArn String
    The Amazon Resource Name (ARN) of the VPN tunnel endpoint certificate.
    lastStatusChange String
    The date and time of the last change in status.
    outsideIpAddress String
    The Internet-routable IP address of the virtual private gateway's outside interface.
    status String
    The status of the VPN tunnel.
    statusMessage String
    If an error occurs, a description of the error.

    Import

    Using pulumi import, import VPN Connections using the VPN connection id. For example:

    $ pulumi import aws:ec2/vpnConnection:VpnConnection testvpnconnection vpn-40f41529
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    AWS Classic pulumi/pulumi-aws
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the aws Terraform Provider.
    aws logo
    AWS v6.55.0 published on Monday, Oct 7, 2024 by Pulumi