Docs Home Pulumi IaC Pulumi ESC Pulumi Insights Pulumi Cloud Packages Tutorials
  1. Packages
  2. AWS Cloud Control
  3. API Docs
  4. ec2
  5. VpnConnection

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.26.0 published on Wednesday, Mar 12, 2025 by Pulumi
pulumi/pulumi-aws-native

aws-native.ec2.VpnConnection

Explore with Pulumi AI

aws-native logo

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.26.0 published on Wednesday, Mar 12, 2025 by Pulumi
pulumi/pulumi-aws-native

    Specifies a VPN connection between a virtual private gateway and a VPN customer gateway or a transit gateway and a VPN customer gateway. To specify a VPN connection between a transit gateway and customer gateway, use the TransitGatewayId and CustomerGatewayId properties. To specify a VPN connection between a virtual private gateway and customer gateway, use the VpnGatewayId and CustomerGatewayId properties. For more information, see in the User Guide.

    Create VpnConnection Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new VpnConnection(name: string, args: VpnConnectionArgs, opts?: CustomResourceOptions);
    @overload
def VpnConnection(resource_name: str,
                  args: VpnConnectionArgs,
                  opts: Optional[ResourceOptions] = None)

@overload
def VpnConnection(resource_name: str,
                  opts: Optional[ResourceOptions] = None,
                  customer_gateway_id: Optional[str] = None,
                  type: Optional[str] = None,
                  remote_ipv6_network_cidr: Optional[str] = None,
                  local_ipv6_network_cidr: Optional[str] = None,
                  outside_ip_address_type: Optional[str] = None,
                  remote_ipv4_network_cidr: Optional[str] = None,
                  local_ipv4_network_cidr: Optional[str] = None,
                  static_routes_only: Optional[bool] = None,
                  tags: Optional[Sequence[_root_inputs.TagArgs]] = None,
                  transit_gateway_id: Optional[str] = None,
                  transport_transit_gateway_attachment_id: Optional[str] = None,
                  tunnel_inside_ip_version: Optional[str] = None,
                  enable_acceleration: Optional[bool] = None,
                  vpn_gateway_id: Optional[str] = None,
                  vpn_tunnel_options_specifications: Optional[Sequence[VpnConnectionVpnTunnelOptionsSpecificationArgs]] = None)
    func NewVpnConnection(ctx *Context, name string, args VpnConnectionArgs, opts ...ResourceOption) (*VpnConnection, error)
    public VpnConnection(string name, VpnConnectionArgs args, CustomResourceOptions? opts = null)
    public VpnConnection(String name, VpnConnectionArgs args)
public VpnConnection(String name, VpnConnectionArgs args, CustomResourceOptions options)

    type: aws-native:ec2:VpnConnection
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

    Parameters

    name string
    The unique name of the resource.
    args VpnConnectionArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args VpnConnectionArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args VpnConnectionArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args VpnConnectionArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args VpnConnectionArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    VpnConnection Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The VpnConnection resource accepts the following input properties:

    CustomerGatewayId string
    The ID of the customer gateway at your end of the VPN connection.
    Type string
    The type of VPN connection.
    EnableAcceleration bool
    Indicate whether to enable acceleration for the VPN connection. Default: false
    LocalIpv4NetworkCidr string
    The IPv4 CIDR on the customer gateway (on-premises) side of the VPN connection. Default: 0.0.0.0/0
    LocalIpv6NetworkCidr string
    The IPv6 CIDR on the customer gateway (on-premises) side of the VPN connection. Default: ::/0
    OutsideIpAddressType string
    The type of IPv4 address assigned to the outside interface of the customer gateway device. Valid values: PrivateIpv4 | PublicIpv4 Default: PublicIpv4
    RemoteIpv4NetworkCidr string
    The IPv4 CIDR on the AWS side of the VPN connection. Default: 0.0.0.0/0
    RemoteIpv6NetworkCidr string
    The IPv6 CIDR on the AWS side of the VPN connection. Default: ::/0
    StaticRoutesOnly bool
    Indicates whether the VPN connection uses static routes only. Static routes must be used for devices that don't support BGP. If you are creating a VPN connection for a device that does not support Border Gateway Protocol (BGP), you must specify true.
    Tags List<Pulumi.AwsNative.Inputs.Tag>
    Any tags assigned to the VPN connection.
    TransitGatewayId string
    The ID of the transit gateway associated with the VPN connection. You must specify either TransitGatewayId or VpnGatewayId, but not both.
    TransportTransitGatewayAttachmentId string
    The transit gateway attachment ID to use for the VPN tunnel. Required if OutsideIpAddressType is set to PrivateIpv4.
    TunnelInsideIpVersion string
    Indicate whether the VPN tunnels process IPv4 or IPv6 traffic. Default: ipv4
    VpnGatewayId string
    The ID of the virtual private gateway at the AWS side of the VPN connection. You must specify either TransitGatewayId or VpnGatewayId, but not both.
    VpnTunnelOptionsSpecifications List<Pulumi.AwsNative.Ec2.Inputs.VpnConnectionVpnTunnelOptionsSpecification>
    The tunnel options for the VPN connection.
    CustomerGatewayId string
    The ID of the customer gateway at your end of the VPN connection.
    Type string
    The type of VPN connection.
    EnableAcceleration bool
    Indicate whether to enable acceleration for the VPN connection. Default: false
    LocalIpv4NetworkCidr string
    The IPv4 CIDR on the customer gateway (on-premises) side of the VPN connection. Default: 0.0.0.0/0
    LocalIpv6NetworkCidr string
    The IPv6 CIDR on the customer gateway (on-premises) side of the VPN connection. Default: ::/0
    OutsideIpAddressType string
    The type of IPv4 address assigned to the outside interface of the customer gateway device. Valid values: PrivateIpv4 | PublicIpv4 Default: PublicIpv4
    RemoteIpv4NetworkCidr string
    The IPv4 CIDR on the AWS side of the VPN connection. Default: 0.0.0.0/0
    RemoteIpv6NetworkCidr string
    The IPv6 CIDR on the AWS side of the VPN connection. Default: ::/0
    StaticRoutesOnly bool
    Indicates whether the VPN connection uses static routes only. Static routes must be used for devices that don't support BGP. If you are creating a VPN connection for a device that does not support Border Gateway Protocol (BGP), you must specify true.
    Tags TagArgs
    Any tags assigned to the VPN connection.
    TransitGatewayId string
    The ID of the transit gateway associated with the VPN connection. You must specify either TransitGatewayId or VpnGatewayId, but not both.
    TransportTransitGatewayAttachmentId string
    The transit gateway attachment ID to use for the VPN tunnel. Required if OutsideIpAddressType is set to PrivateIpv4.
    TunnelInsideIpVersion string
    Indicate whether the VPN tunnels process IPv4 or IPv6 traffic. Default: ipv4
    VpnGatewayId string
    The ID of the virtual private gateway at the AWS side of the VPN connection. You must specify either TransitGatewayId or VpnGatewayId, but not both.
    VpnTunnelOptionsSpecifications []VpnConnectionVpnTunnelOptionsSpecificationArgs
    The tunnel options for the VPN connection.
    customerGatewayId String
    The ID of the customer gateway at your end of the VPN connection.
    type String
    The type of VPN connection.
    enableAcceleration Boolean
    Indicate whether to enable acceleration for the VPN connection. Default: false
    localIpv4NetworkCidr String
    The IPv4 CIDR on the customer gateway (on-premises) side of the VPN connection. Default: 0.0.0.0/0
    localIpv6NetworkCidr String
    The IPv6 CIDR on the customer gateway (on-premises) side of the VPN connection. Default: ::/0
    outsideIpAddressType String
    The type of IPv4 address assigned to the outside interface of the customer gateway device. Valid values: PrivateIpv4 | PublicIpv4 Default: PublicIpv4
    remoteIpv4NetworkCidr String
    The IPv4 CIDR on the AWS side of the VPN connection. Default: 0.0.0.0/0
    remoteIpv6NetworkCidr String
    The IPv6 CIDR on the AWS side of the VPN connection. Default: ::/0
    staticRoutesOnly Boolean
    Indicates whether the VPN connection uses static routes only. Static routes must be used for devices that don't support BGP. If you are creating a VPN connection for a device that does not support Border Gateway Protocol (BGP), you must specify true.
    tags List<Tag>
    Any tags assigned to the VPN connection.
    transitGatewayId String
    The ID of the transit gateway associated with the VPN connection. You must specify either TransitGatewayId or VpnGatewayId, but not both.
    transportTransitGatewayAttachmentId String
    The transit gateway attachment ID to use for the VPN tunnel. Required if OutsideIpAddressType is set to PrivateIpv4.
    tunnelInsideIpVersion String
    Indicate whether the VPN tunnels process IPv4 or IPv6 traffic. Default: ipv4
    vpnGatewayId String
    The ID of the virtual private gateway at the AWS side of the VPN connection. You must specify either TransitGatewayId or VpnGatewayId, but not both.
    vpnTunnelOptionsSpecifications List<VpnConnectionVpnTunnelOptionsSpecification>
    The tunnel options for the VPN connection.
    customerGatewayId string
    The ID of the customer gateway at your end of the VPN connection.
    type string
    The type of VPN connection.
    enableAcceleration boolean
    Indicate whether to enable acceleration for the VPN connection. Default: false
    localIpv4NetworkCidr string
    The IPv4 CIDR on the customer gateway (on-premises) side of the VPN connection. Default: 0.0.0.0/0
    localIpv6NetworkCidr string
    The IPv6 CIDR on the customer gateway (on-premises) side of the VPN connection. Default: ::/0
    outsideIpAddressType string
    The type of IPv4 address assigned to the outside interface of the customer gateway device. Valid values: PrivateIpv4 | PublicIpv4 Default: PublicIpv4
    remoteIpv4NetworkCidr string
    The IPv4 CIDR on the AWS side of the VPN connection. Default: 0.0.0.0/0
    remoteIpv6NetworkCidr string
    The IPv6 CIDR on the AWS side of the VPN connection. Default: ::/0
    staticRoutesOnly boolean
    Indicates whether the VPN connection uses static routes only. Static routes must be used for devices that don't support BGP. If you are creating a VPN connection for a device that does not support Border Gateway Protocol (BGP), you must specify true.
    tags Tag[]
    Any tags assigned to the VPN connection.
    transitGatewayId string
    The ID of the transit gateway associated with the VPN connection. You must specify either TransitGatewayId or VpnGatewayId, but not both.
    transportTransitGatewayAttachmentId string
    The transit gateway attachment ID to use for the VPN tunnel. Required if OutsideIpAddressType is set to PrivateIpv4.
    tunnelInsideIpVersion string
    Indicate whether the VPN tunnels process IPv4 or IPv6 traffic. Default: ipv4
    vpnGatewayId string
    The ID of the virtual private gateway at the AWS side of the VPN connection. You must specify either TransitGatewayId or VpnGatewayId, but not both.
    vpnTunnelOptionsSpecifications VpnConnectionVpnTunnelOptionsSpecification[]
    The tunnel options for the VPN connection.
    customer_gateway_id str
    The ID of the customer gateway at your end of the VPN connection.
    type str
    The type of VPN connection.
    enable_acceleration bool
    Indicate whether to enable acceleration for the VPN connection. Default: false
    local_ipv4_network_cidr str
    The IPv4 CIDR on the customer gateway (on-premises) side of the VPN connection. Default: 0.0.0.0/0
    local_ipv6_network_cidr str
    The IPv6 CIDR on the customer gateway (on-premises) side of the VPN connection. Default: ::/0
    outside_ip_address_type str
    The type of IPv4 address assigned to the outside interface of the customer gateway device. Valid values: PrivateIpv4 | PublicIpv4 Default: PublicIpv4
    remote_ipv4_network_cidr str
    The IPv4 CIDR on the AWS side of the VPN connection. Default: 0.0.0.0/0
    remote_ipv6_network_cidr str
    The IPv6 CIDR on the AWS side of the VPN connection. Default: ::/0
    static_routes_only bool
    Indicates whether the VPN connection uses static routes only. Static routes must be used for devices that don't support BGP. If you are creating a VPN connection for a device that does not support Border Gateway Protocol (BGP), you must specify true.
    tags Sequence[TagArgs]
    Any tags assigned to the VPN connection.
    transit_gateway_id str
    The ID of the transit gateway associated with the VPN connection. You must specify either TransitGatewayId or VpnGatewayId, but not both.
    transport_transit_gateway_attachment_id str
    The transit gateway attachment ID to use for the VPN tunnel. Required if OutsideIpAddressType is set to PrivateIpv4.
    tunnel_inside_ip_version str
    Indicate whether the VPN tunnels process IPv4 or IPv6 traffic. Default: ipv4
    vpn_gateway_id str
    The ID of the virtual private gateway at the AWS side of the VPN connection. You must specify either TransitGatewayId or VpnGatewayId, but not both.
    vpn_tunnel_options_specifications Sequence[VpnConnectionVpnTunnelOptionsSpecificationArgs]
    The tunnel options for the VPN connection.
    customerGatewayId String
    The ID of the customer gateway at your end of the VPN connection.
    type String
    The type of VPN connection.
    enableAcceleration Boolean
    Indicate whether to enable acceleration for the VPN connection. Default: false
    localIpv4NetworkCidr String
    The IPv4 CIDR on the customer gateway (on-premises) side of the VPN connection. Default: 0.0.0.0/0
    localIpv6NetworkCidr String
    The IPv6 CIDR on the customer gateway (on-premises) side of the VPN connection. Default: ::/0
    outsideIpAddressType String
    The type of IPv4 address assigned to the outside interface of the customer gateway device. Valid values: PrivateIpv4 | PublicIpv4 Default: PublicIpv4
    remoteIpv4NetworkCidr String
    The IPv4 CIDR on the AWS side of the VPN connection. Default: 0.0.0.0/0
    remoteIpv6NetworkCidr String
    The IPv6 CIDR on the AWS side of the VPN connection. Default: ::/0
    staticRoutesOnly Boolean
    Indicates whether the VPN connection uses static routes only. Static routes must be used for devices that don't support BGP. If you are creating a VPN connection for a device that does not support Border Gateway Protocol (BGP), you must specify true.
    tags List<Property Map>
    Any tags assigned to the VPN connection.
    transitGatewayId String
    The ID of the transit gateway associated with the VPN connection. You must specify either TransitGatewayId or VpnGatewayId, but not both.
    transportTransitGatewayAttachmentId String
    The transit gateway attachment ID to use for the VPN tunnel. Required if OutsideIpAddressType is set to PrivateIpv4.
    tunnelInsideIpVersion String
    Indicate whether the VPN tunnels process IPv4 or IPv6 traffic. Default: ipv4
    vpnGatewayId String
    The ID of the virtual private gateway at the AWS side of the VPN connection. You must specify either TransitGatewayId or VpnGatewayId, but not both.
    vpnTunnelOptionsSpecifications List<Property Map>
    The tunnel options for the VPN connection.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the VpnConnection resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    VpnConnectionId string
    The ID of the VPN connection.
    Id string
    The provider-assigned unique ID for this managed resource.
    VpnConnectionId string
    The ID of the VPN connection.
    id String
    The provider-assigned unique ID for this managed resource.
    vpnConnectionId String
    The ID of the VPN connection.
    id string
    The provider-assigned unique ID for this managed resource.
    vpnConnectionId string
    The ID of the VPN connection.
    id str
    The provider-assigned unique ID for this managed resource.
    vpn_connection_id str
    The ID of the VPN connection.
    id String
    The provider-assigned unique ID for this managed resource.
    vpnConnectionId String
    The ID of the VPN connection.

    Supporting Types

    Tag, TagArgs

    Key string
    The key name of the tag
    Value string
    The value of the tag
    Key string
    The key name of the tag
    Value string
    The value of the tag
    key String
    The key name of the tag
    value String
    The value of the tag
    key string
    The key name of the tag
    value string
    The value of the tag
    key str
    The key name of the tag
    value str
    The value of the tag
    key String
    The key name of the tag
    value String
    The value of the tag

    VpnConnectionCloudwatchLogOptionsSpecification, VpnConnectionCloudwatchLogOptionsSpecificationArgs

    LogEnabled bool
    Enable or disable VPN tunnel logging feature. Default value is False. Valid values: True | False
    LogGroupArn string
    The Amazon Resource Name (ARN) of the CloudWatch log group to send logs to.
    LogOutputFormat Pulumi.AwsNative.Ec2.VpnConnectionCloudwatchLogOptionsSpecificationLogOutputFormat
    Set log format. Default format is json. Valid values: json | text
    LogEnabled bool
    Enable or disable VPN tunnel logging feature. Default value is False. Valid values: True | False
    LogGroupArn string
    The Amazon Resource Name (ARN) of the CloudWatch log group to send logs to.
    LogOutputFormat VpnConnectionCloudwatchLogOptionsSpecificationLogOutputFormat
    Set log format. Default format is json. Valid values: json | text
    logEnabled Boolean
    Enable or disable VPN tunnel logging feature. Default value is False. Valid values: True | False
    logGroupArn String
    The Amazon Resource Name (ARN) of the CloudWatch log group to send logs to.
    logOutputFormat VpnConnectionCloudwatchLogOptionsSpecificationLogOutputFormat
    Set log format. Default format is json. Valid values: json | text
    logEnabled boolean
    Enable or disable VPN tunnel logging feature. Default value is False. Valid values: True | False
    logGroupArn string
    The Amazon Resource Name (ARN) of the CloudWatch log group to send logs to.
    logOutputFormat VpnConnectionCloudwatchLogOptionsSpecificationLogOutputFormat
    Set log format. Default format is json. Valid values: json | text
    log_enabled bool
    Enable or disable VPN tunnel logging feature. Default value is False. Valid values: True | False
    log_group_arn str
    The Amazon Resource Name (ARN) of the CloudWatch log group to send logs to.
    log_output_format VpnConnectionCloudwatchLogOptionsSpecificationLogOutputFormat
    Set log format. Default format is json. Valid values: json | text
    logEnabled Boolean
    Enable or disable VPN tunnel logging feature. Default value is False. Valid values: True | False
    logGroupArn String
    The Amazon Resource Name (ARN) of the CloudWatch log group to send logs to.
    logOutputFormat "json" | "text"
    Set log format. Default format is json. Valid values: json | text

    VpnConnectionCloudwatchLogOptionsSpecificationLogOutputFormat, VpnConnectionCloudwatchLogOptionsSpecificationLogOutputFormatArgs

    Json
    json
    Text
    text
    VpnConnectionCloudwatchLogOptionsSpecificationLogOutputFormatJson
    json
    VpnConnectionCloudwatchLogOptionsSpecificationLogOutputFormatText
    text
    Json
    json
    Text
    text
    Json
    json
    Text
    text
    JSON
    json
    TEXT
    text
    "json"
    json
    "text"
    text

    VpnConnectionIkeVersionsRequestListValue, VpnConnectionIkeVersionsRequestListValueArgs

    value "ikev1" | "ikev2"
    The IKE version.

    VpnConnectionIkeVersionsRequestListValueValue, VpnConnectionIkeVersionsRequestListValueValueArgs

    Ikev1
    ikev1
    Ikev2
    ikev2
    VpnConnectionIkeVersionsRequestListValueValueIkev1
    ikev1
    VpnConnectionIkeVersionsRequestListValueValueIkev2
    ikev2
    Ikev1
    ikev1
    Ikev2
    ikev2
    Ikev1
    ikev1
    Ikev2
    ikev2
    IKEV1
    ikev1
    IKEV2
    ikev2
    "ikev1"
    ikev1
    "ikev2"
    ikev2

    VpnConnectionPhase1EncryptionAlgorithmsRequestListValue, VpnConnectionPhase1EncryptionAlgorithmsRequestListValueArgs

    value "AES128" | "AES256" | "AES128-GCM-16" | "AES256-GCM-16"
    The value for the encryption algorithm.

    VpnConnectionPhase1EncryptionAlgorithmsRequestListValueValue, VpnConnectionPhase1EncryptionAlgorithmsRequestListValueValueArgs

    Aes128
    AES128
    Aes256
    AES256
    Aes128Gcm16
    AES128-GCM-16
    Aes256Gcm16
    AES256-GCM-16
    VpnConnectionPhase1EncryptionAlgorithmsRequestListValueValueAes128
    AES128
    VpnConnectionPhase1EncryptionAlgorithmsRequestListValueValueAes256
    AES256
    VpnConnectionPhase1EncryptionAlgorithmsRequestListValueValueAes128Gcm16
    AES128-GCM-16
    VpnConnectionPhase1EncryptionAlgorithmsRequestListValueValueAes256Gcm16
    AES256-GCM-16
    Aes128
    AES128
    Aes256
    AES256
    Aes128Gcm16
    AES128-GCM-16
    Aes256Gcm16
    AES256-GCM-16
    Aes128
    AES128
    Aes256
    AES256
    Aes128Gcm16
    AES128-GCM-16
    Aes256Gcm16
    AES256-GCM-16
    AES128
    AES128
    AES256
    AES256
    AES128_GCM16
    AES128-GCM-16
    AES256_GCM16
    AES256-GCM-16
    "AES128"
    AES128
    "AES256"
    AES256
    "AES128-GCM-16"
    AES128-GCM-16
    "AES256-GCM-16"
    AES256-GCM-16

    VpnConnectionPhase1IntegrityAlgorithmsRequestListValue, VpnConnectionPhase1IntegrityAlgorithmsRequestListValueArgs

    value "SHA1" | "SHA2-256" | "SHA2-384" | "SHA2-512"
    The value for the integrity algorithm.

    VpnConnectionPhase1IntegrityAlgorithmsRequestListValueValue, VpnConnectionPhase1IntegrityAlgorithmsRequestListValueValueArgs

    Sha1
    SHA1
    Sha2256
    SHA2-256
    Sha2384
    SHA2-384
    Sha2512
    SHA2-512
    VpnConnectionPhase1IntegrityAlgorithmsRequestListValueValueSha1
    SHA1
    VpnConnectionPhase1IntegrityAlgorithmsRequestListValueValueSha2256
    SHA2-256
    VpnConnectionPhase1IntegrityAlgorithmsRequestListValueValueSha2384
    SHA2-384
    VpnConnectionPhase1IntegrityAlgorithmsRequestListValueValueSha2512
    SHA2-512
    Sha1
    SHA1
    Sha2256
    SHA2-256
    Sha2384
    SHA2-384
    Sha2512
    SHA2-512
    Sha1
    SHA1
    Sha2256
    SHA2-256
    Sha2384
    SHA2-384
    Sha2512
    SHA2-512
    SHA1
    SHA1
    SHA2256
    SHA2-256
    SHA2384
    SHA2-384
    SHA2512
    SHA2-512
    "SHA1"
    SHA1
    "SHA2-256"
    SHA2-256
    "SHA2-384"
    SHA2-384
    "SHA2-512"
    SHA2-512

    VpnConnectionPhase1dhGroupNumbersRequestListValue, VpnConnectionPhase1dhGroupNumbersRequestListValueArgs

    Value int
    The Diffie-Hellmann group number.
    Value int
    The Diffie-Hellmann group number.
    value Integer
    The Diffie-Hellmann group number.
    value number
    The Diffie-Hellmann group number.
    value int
    The Diffie-Hellmann group number.
    value Number
    The Diffie-Hellmann group number.

    VpnConnectionPhase2EncryptionAlgorithmsRequestListValue, VpnConnectionPhase2EncryptionAlgorithmsRequestListValueArgs

    VpnConnectionPhase2EncryptionAlgorithmsRequestListValueValue, VpnConnectionPhase2EncryptionAlgorithmsRequestListValueValueArgs

    Aes128
    AES128
    Aes256
    AES256
    Aes128Gcm16
    AES128-GCM-16
    Aes256Gcm16
    AES256-GCM-16
    VpnConnectionPhase2EncryptionAlgorithmsRequestListValueValueAes128
    AES128
    VpnConnectionPhase2EncryptionAlgorithmsRequestListValueValueAes256
    AES256
    VpnConnectionPhase2EncryptionAlgorithmsRequestListValueValueAes128Gcm16
    AES128-GCM-16
    VpnConnectionPhase2EncryptionAlgorithmsRequestListValueValueAes256Gcm16
    AES256-GCM-16
    Aes128
    AES128
    Aes256
    AES256
    Aes128Gcm16
    AES128-GCM-16
    Aes256Gcm16
    AES256-GCM-16
    Aes128
    AES128
    Aes256
    AES256
    Aes128Gcm16
    AES128-GCM-16
    Aes256Gcm16
    AES256-GCM-16
    AES128
    AES128
    AES256
    AES256
    AES128_GCM16
    AES128-GCM-16
    AES256_GCM16
    AES256-GCM-16
    "AES128"
    AES128
    "AES256"
    AES256
    "AES128-GCM-16"
    AES128-GCM-16
    "AES256-GCM-16"
    AES256-GCM-16

    VpnConnectionPhase2IntegrityAlgorithmsRequestListValue, VpnConnectionPhase2IntegrityAlgorithmsRequestListValueArgs

    VpnConnectionPhase2IntegrityAlgorithmsRequestListValueValue, VpnConnectionPhase2IntegrityAlgorithmsRequestListValueValueArgs

    Sha1
    SHA1
    Sha2256
    SHA2-256
    Sha2384
    SHA2-384
    Sha2512
    SHA2-512
    VpnConnectionPhase2IntegrityAlgorithmsRequestListValueValueSha1
    SHA1
    VpnConnectionPhase2IntegrityAlgorithmsRequestListValueValueSha2256
    SHA2-256
    VpnConnectionPhase2IntegrityAlgorithmsRequestListValueValueSha2384
    SHA2-384
    VpnConnectionPhase2IntegrityAlgorithmsRequestListValueValueSha2512
    SHA2-512
    Sha1
    SHA1
    Sha2256
    SHA2-256
    Sha2384
    SHA2-384
    Sha2512
    SHA2-512
    Sha1
    SHA1
    Sha2256
    SHA2-256
    Sha2384
    SHA2-384
    Sha2512
    SHA2-512
    SHA1
    SHA1
    SHA2256
    SHA2-256
    SHA2384
    SHA2-384
    SHA2512
    SHA2-512
    "SHA1"
    SHA1
    "SHA2-256"
    SHA2-256
    "SHA2-384"
    SHA2-384
    "SHA2-512"
    SHA2-512

    VpnConnectionPhase2dhGroupNumbersRequestListValue, VpnConnectionPhase2dhGroupNumbersRequestListValueArgs

    Value int
    The Diffie-Hellmann group number.
    Value int
    The Diffie-Hellmann group number.
    value Integer
    The Diffie-Hellmann group number.
    value number
    The Diffie-Hellmann group number.
    value int
    The Diffie-Hellmann group number.
    value Number
    The Diffie-Hellmann group number.

    VpnConnectionVpnTunnelLogOptionsSpecification, VpnConnectionVpnTunnelLogOptionsSpecificationArgs

    CloudwatchLogOptions VpnConnectionCloudwatchLogOptionsSpecification
    Options for sending VPN tunnel logs to CloudWatch.
    cloudwatchLogOptions VpnConnectionCloudwatchLogOptionsSpecification
    Options for sending VPN tunnel logs to CloudWatch.
    cloudwatchLogOptions VpnConnectionCloudwatchLogOptionsSpecification
    Options for sending VPN tunnel logs to CloudWatch.
    cloudwatch_log_options VpnConnectionCloudwatchLogOptionsSpecification
    Options for sending VPN tunnel logs to CloudWatch.
    cloudwatchLogOptions Property Map
    Options for sending VPN tunnel logs to CloudWatch.

    VpnConnectionVpnTunnelOptionsSpecification, VpnConnectionVpnTunnelOptionsSpecificationArgs

    DpdTimeoutAction Pulumi.AwsNative.Ec2.VpnConnectionVpnTunnelOptionsSpecificationDpdTimeoutAction
    The action to take after DPD timeout occurs. Specify restart to restart the IKE initiation. Specify clear to end the IKE session. Valid Values: clear | none | restart Default: clear
    DpdTimeoutSeconds int
    The number of seconds after which a DPD timeout occurs. Constraints: A value greater than or equal to 30. Default: 30
    EnableTunnelLifecycleControl bool
    Turn on or off tunnel endpoint lifecycle control feature.
    IkeVersions List<Pulumi.AwsNative.Ec2.Inputs.VpnConnectionIkeVersionsRequestListValue>
    The IKE versions that are permitted for the VPN tunnel. Valid values: ikev1 | ikev2
    LogOptions Pulumi.AwsNative.Ec2.Inputs.VpnConnectionVpnTunnelLogOptionsSpecification
    Options for logging VPN tunnel activity.
    Phase1EncryptionAlgorithms List<Pulumi.AwsNative.Ec2.Inputs.VpnConnectionPhase1EncryptionAlgorithmsRequestListValue>
    One or more encryption algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations. Valid values: AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16
    Phase1IntegrityAlgorithms List<Pulumi.AwsNative.Ec2.Inputs.VpnConnectionPhase1IntegrityAlgorithmsRequestListValue>
    One or more integrity algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations. Valid values: SHA1 | SHA2-256 | SHA2-384 | SHA2-512
    Phase1LifetimeSeconds int
    The lifetime for phase 1 of the IKE negotiation, in seconds. Constraints: A value between 900 and 28,800. Default: 28800
    Phase1dhGroupNumbers List<Pulumi.AwsNative.Ec2.Inputs.VpnConnectionPhase1dhGroupNumbersRequestListValue>
    One or more Diffie-Hellman group numbers that are permitted for the VPN tunnel for phase 1 IKE negotiations. Valid values: 2 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24
    Phase2EncryptionAlgorithms List<Pulumi.AwsNative.Ec2.Inputs.VpnConnectionPhase2EncryptionAlgorithmsRequestListValue>
    One or more encryption algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations. Valid values: AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16
    Phase2IntegrityAlgorithms List<Pulumi.AwsNative.Ec2.Inputs.VpnConnectionPhase2IntegrityAlgorithmsRequestListValue>
    One or more integrity algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations. Valid values: SHA1 | SHA2-256 | SHA2-384 | SHA2-512
    Phase2LifetimeSeconds int
    The lifetime for phase 2 of the IKE negotiation, in seconds. Constraints: A value between 900 and 3,600. The value must be less than the value for Phase1LifetimeSeconds. Default: 3600
    Phase2dhGroupNumbers List<Pulumi.AwsNative.Ec2.Inputs.VpnConnectionPhase2dhGroupNumbersRequestListValue>
    One or more Diffie-Hellman group numbers that are permitted for the VPN tunnel for phase 2 IKE negotiations. Valid values: 2 | 5 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24
    PreSharedKey string
    The pre-shared key (PSK) to establish initial authentication between the virtual private gateway and customer gateway. Constraints: Allowed characters are alphanumeric characters, periods (.), and underscores (_). Must be between 8 and 64 characters in length and cannot start with zero (0).
    RekeyFuzzPercentage int
    The percentage of the rekey window (determined by RekeyMarginTimeSeconds) during which the rekey time is randomly selected. Constraints: A value between 0 and 100. Default: 100
    RekeyMarginTimeSeconds int
    The margin time, in seconds, before the phase 2 lifetime expires, during which the AWS side of the VPN connection performs an IKE rekey. The exact time of the rekey is randomly selected based on the value for RekeyFuzzPercentage. Constraints: A value between 60 and half of Phase2LifetimeSeconds. Default: 270
    ReplayWindowSize int
    The number of packets in an IKE replay window. Constraints: A value between 64 and 2048. Default: 1024
    StartupAction Pulumi.AwsNative.Ec2.VpnConnectionVpnTunnelOptionsSpecificationStartupAction
    The action to take when the establishing the tunnel for the VPN connection. By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specify start for AWS to initiate the IKE negotiation. Valid Values: add | start Default: add
    TunnelInsideCidr string
    The range of inside IP addresses for the tunnel. Any specified CIDR blocks must be unique across all VPN connections that use the same virtual private gateway. Constraints: A size /30 CIDR block from the 169.254.0.0/16 range. The following CIDR blocks are reserved and cannot be used:

    • 169.254.0.0/30
    • 169.254.1.0/30
    • 169.254.2.0/30
    • 169.254.3.0/30
    • 169.254.4.0/30
    • 169.254.5.0/30
    • 169.254.169.252/30
    TunnelInsideIpv6Cidr string
    The range of inside IPv6 addresses for the tunnel. Any specified CIDR blocks must be unique across all VPN connections that use the same transit gateway. Constraints: A size /126 CIDR block from the local fd00::/8 range.
    DpdTimeoutAction VpnConnectionVpnTunnelOptionsSpecificationDpdTimeoutAction
    The action to take after DPD timeout occurs. Specify restart to restart the IKE initiation. Specify clear to end the IKE session. Valid Values: clear | none | restart Default: clear
    DpdTimeoutSeconds int
    The number of seconds after which a DPD timeout occurs. Constraints: A value greater than or equal to 30. Default: 30
    EnableTunnelLifecycleControl bool
    Turn on or off tunnel endpoint lifecycle control feature.
    IkeVersions []VpnConnectionIkeVersionsRequestListValue
    The IKE versions that are permitted for the VPN tunnel. Valid values: ikev1 | ikev2
    LogOptions VpnConnectionVpnTunnelLogOptionsSpecification
    Options for logging VPN tunnel activity.
    Phase1EncryptionAlgorithms []VpnConnectionPhase1EncryptionAlgorithmsRequestListValue
    One or more encryption algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations. Valid values: AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16
    Phase1IntegrityAlgorithms []VpnConnectionPhase1IntegrityAlgorithmsRequestListValue
    One or more integrity algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations. Valid values: SHA1 | SHA2-256 | SHA2-384 | SHA2-512
    Phase1LifetimeSeconds int
    The lifetime for phase 1 of the IKE negotiation, in seconds. Constraints: A value between 900 and 28,800. Default: 28800
    Phase1dhGroupNumbers []VpnConnectionPhase1dhGroupNumbersRequestListValue
    One or more Diffie-Hellman group numbers that are permitted for the VPN tunnel for phase 1 IKE negotiations. Valid values: 2 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24
    Phase2EncryptionAlgorithms []VpnConnectionPhase2EncryptionAlgorithmsRequestListValue
    One or more encryption algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations. Valid values: AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16
    Phase2IntegrityAlgorithms []VpnConnectionPhase2IntegrityAlgorithmsRequestListValue
    One or more integrity algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations. Valid values: SHA1 | SHA2-256 | SHA2-384 | SHA2-512
    Phase2LifetimeSeconds int
    The lifetime for phase 2 of the IKE negotiation, in seconds. Constraints: A value between 900 and 3,600. The value must be less than the value for Phase1LifetimeSeconds. Default: 3600
    Phase2dhGroupNumbers []VpnConnectionPhase2dhGroupNumbersRequestListValue
    One or more Diffie-Hellman group numbers that are permitted for the VPN tunnel for phase 2 IKE negotiations. Valid values: 2 | 5 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24
    PreSharedKey string
    The pre-shared key (PSK) to establish initial authentication between the virtual private gateway and customer gateway. Constraints: Allowed characters are alphanumeric characters, periods (.), and underscores (_). Must be between 8 and 64 characters in length and cannot start with zero (0).
    RekeyFuzzPercentage int
    The percentage of the rekey window (determined by RekeyMarginTimeSeconds) during which the rekey time is randomly selected. Constraints: A value between 0 and 100. Default: 100
    RekeyMarginTimeSeconds int
    The margin time, in seconds, before the phase 2 lifetime expires, during which the AWS side of the VPN connection performs an IKE rekey. The exact time of the rekey is randomly selected based on the value for RekeyFuzzPercentage. Constraints: A value between 60 and half of Phase2LifetimeSeconds. Default: 270
    ReplayWindowSize int
    The number of packets in an IKE replay window. Constraints: A value between 64 and 2048. Default: 1024
    StartupAction VpnConnectionVpnTunnelOptionsSpecificationStartupAction
    The action to take when the establishing the tunnel for the VPN connection. By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specify start for AWS to initiate the IKE negotiation. Valid Values: add | start Default: add
    TunnelInsideCidr string
    The range of inside IP addresses for the tunnel. Any specified CIDR blocks must be unique across all VPN connections that use the same virtual private gateway. Constraints: A size /30 CIDR block from the 169.254.0.0/16 range. The following CIDR blocks are reserved and cannot be used:

    • 169.254.0.0/30
    • 169.254.1.0/30
    • 169.254.2.0/30
    • 169.254.3.0/30
    • 169.254.4.0/30
    • 169.254.5.0/30
    • 169.254.169.252/30
    TunnelInsideIpv6Cidr string
    The range of inside IPv6 addresses for the tunnel. Any specified CIDR blocks must be unique across all VPN connections that use the same transit gateway. Constraints: A size /126 CIDR block from the local fd00::/8 range.
    dpdTimeoutAction VpnConnectionVpnTunnelOptionsSpecificationDpdTimeoutAction
    The action to take after DPD timeout occurs. Specify restart to restart the IKE initiation. Specify clear to end the IKE session. Valid Values: clear | none | restart Default: clear
    dpdTimeoutSeconds Integer
    The number of seconds after which a DPD timeout occurs. Constraints: A value greater than or equal to 30. Default: 30
    enableTunnelLifecycleControl Boolean
    Turn on or off tunnel endpoint lifecycle control feature.
    ikeVersions List<VpnConnectionIkeVersionsRequestListValue>
    The IKE versions that are permitted for the VPN tunnel. Valid values: ikev1 | ikev2
    logOptions VpnConnectionVpnTunnelLogOptionsSpecification
    Options for logging VPN tunnel activity.
    phase1EncryptionAlgorithms List<VpnConnectionPhase1EncryptionAlgorithmsRequestListValue>
    One or more encryption algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations. Valid values: AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16
    phase1IntegrityAlgorithms List<VpnConnectionPhase1IntegrityAlgorithmsRequestListValue>
    One or more integrity algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations. Valid values: SHA1 | SHA2-256 | SHA2-384 | SHA2-512
    phase1LifetimeSeconds Integer
    The lifetime for phase 1 of the IKE negotiation, in seconds. Constraints: A value between 900 and 28,800. Default: 28800
    phase1dhGroupNumbers List<VpnConnectionPhase1dhGroupNumbersRequestListValue>
    One or more Diffie-Hellman group numbers that are permitted for the VPN tunnel for phase 1 IKE negotiations. Valid values: 2 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24
    phase2EncryptionAlgorithms List<VpnConnectionPhase2EncryptionAlgorithmsRequestListValue>
    One or more encryption algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations. Valid values: AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16
    phase2IntegrityAlgorithms List<VpnConnectionPhase2IntegrityAlgorithmsRequestListValue>
    One or more integrity algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations. Valid values: SHA1 | SHA2-256 | SHA2-384 | SHA2-512
    phase2LifetimeSeconds Integer
    The lifetime for phase 2 of the IKE negotiation, in seconds. Constraints: A value between 900 and 3,600. The value must be less than the value for Phase1LifetimeSeconds. Default: 3600
    phase2dhGroupNumbers List<VpnConnectionPhase2dhGroupNumbersRequestListValue>
    One or more Diffie-Hellman group numbers that are permitted for the VPN tunnel for phase 2 IKE negotiations. Valid values: 2 | 5 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24
    preSharedKey String
    The pre-shared key (PSK) to establish initial authentication between the virtual private gateway and customer gateway. Constraints: Allowed characters are alphanumeric characters, periods (.), and underscores (_). Must be between 8 and 64 characters in length and cannot start with zero (0).
    rekeyFuzzPercentage Integer
    The percentage of the rekey window (determined by RekeyMarginTimeSeconds) during which the rekey time is randomly selected. Constraints: A value between 0 and 100. Default: 100
    rekeyMarginTimeSeconds Integer
    The margin time, in seconds, before the phase 2 lifetime expires, during which the AWS side of the VPN connection performs an IKE rekey. The exact time of the rekey is randomly selected based on the value for RekeyFuzzPercentage. Constraints: A value between 60 and half of Phase2LifetimeSeconds. Default: 270
    replayWindowSize Integer
    The number of packets in an IKE replay window. Constraints: A value between 64 and 2048. Default: 1024
    startupAction VpnConnectionVpnTunnelOptionsSpecificationStartupAction
    The action to take when the establishing the tunnel for the VPN connection. By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specify start for AWS to initiate the IKE negotiation. Valid Values: add | start Default: add
    tunnelInsideCidr String
    The range of inside IP addresses for the tunnel. Any specified CIDR blocks must be unique across all VPN connections that use the same virtual private gateway. Constraints: A size /30 CIDR block from the 169.254.0.0/16 range. The following CIDR blocks are reserved and cannot be used:

    • 169.254.0.0/30
    • 169.254.1.0/30
    • 169.254.2.0/30
    • 169.254.3.0/30
    • 169.254.4.0/30
    • 169.254.5.0/30
    • 169.254.169.252/30
    tunnelInsideIpv6Cidr String
    The range of inside IPv6 addresses for the tunnel. Any specified CIDR blocks must be unique across all VPN connections that use the same transit gateway. Constraints: A size /126 CIDR block from the local fd00::/8 range.
    dpdTimeoutAction VpnConnectionVpnTunnelOptionsSpecificationDpdTimeoutAction
    The action to take after DPD timeout occurs. Specify restart to restart the IKE initiation. Specify clear to end the IKE session. Valid Values: clear | none | restart Default: clear
    dpdTimeoutSeconds number
    The number of seconds after which a DPD timeout occurs. Constraints: A value greater than or equal to 30. Default: 30
    enableTunnelLifecycleControl boolean
    Turn on or off tunnel endpoint lifecycle control feature.
    ikeVersions VpnConnectionIkeVersionsRequestListValue[]
    The IKE versions that are permitted for the VPN tunnel. Valid values: ikev1 | ikev2
    logOptions VpnConnectionVpnTunnelLogOptionsSpecification
    Options for logging VPN tunnel activity.
    phase1EncryptionAlgorithms VpnConnectionPhase1EncryptionAlgorithmsRequestListValue[]
    One or more encryption algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations. Valid values: AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16
    phase1IntegrityAlgorithms VpnConnectionPhase1IntegrityAlgorithmsRequestListValue[]
    One or more integrity algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations. Valid values: SHA1 | SHA2-256 | SHA2-384 | SHA2-512
    phase1LifetimeSeconds number
    The lifetime for phase 1 of the IKE negotiation, in seconds. Constraints: A value between 900 and 28,800. Default: 28800
    phase1dhGroupNumbers VpnConnectionPhase1dhGroupNumbersRequestListValue[]
    One or more Diffie-Hellman group numbers that are permitted for the VPN tunnel for phase 1 IKE negotiations. Valid values: 2 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24
    phase2EncryptionAlgorithms VpnConnectionPhase2EncryptionAlgorithmsRequestListValue[]
    One or more encryption algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations. Valid values: AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16
    phase2IntegrityAlgorithms VpnConnectionPhase2IntegrityAlgorithmsRequestListValue[]
    One or more integrity algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations. Valid values: SHA1 | SHA2-256 | SHA2-384 | SHA2-512
    phase2LifetimeSeconds number
    The lifetime for phase 2 of the IKE negotiation, in seconds. Constraints: A value between 900 and 3,600. The value must be less than the value for Phase1LifetimeSeconds. Default: 3600
    phase2dhGroupNumbers VpnConnectionPhase2dhGroupNumbersRequestListValue[]
    One or more Diffie-Hellman group numbers that are permitted for the VPN tunnel for phase 2 IKE negotiations. Valid values: 2 | 5 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24
    preSharedKey string
    The pre-shared key (PSK) to establish initial authentication between the virtual private gateway and customer gateway. Constraints: Allowed characters are alphanumeric characters, periods (.), and underscores (_). Must be between 8 and 64 characters in length and cannot start with zero (0).
    rekeyFuzzPercentage number
    The percentage of the rekey window (determined by RekeyMarginTimeSeconds) during which the rekey time is randomly selected. Constraints: A value between 0 and 100. Default: 100
    rekeyMarginTimeSeconds number
    The margin time, in seconds, before the phase 2 lifetime expires, during which the AWS side of the VPN connection performs an IKE rekey. The exact time of the rekey is randomly selected based on the value for RekeyFuzzPercentage. Constraints: A value between 60 and half of Phase2LifetimeSeconds. Default: 270
    replayWindowSize number
    The number of packets in an IKE replay window. Constraints: A value between 64 and 2048. Default: 1024
    startupAction VpnConnectionVpnTunnelOptionsSpecificationStartupAction
    The action to take when the establishing the tunnel for the VPN connection. By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specify start for AWS to initiate the IKE negotiation. Valid Values: add | start Default: add
    tunnelInsideCidr string
    The range of inside IP addresses for the tunnel. Any specified CIDR blocks must be unique across all VPN connections that use the same virtual private gateway. Constraints: A size /30 CIDR block from the 169.254.0.0/16 range. The following CIDR blocks are reserved and cannot be used:

    • 169.254.0.0/30
    • 169.254.1.0/30
    • 169.254.2.0/30
    • 169.254.3.0/30
    • 169.254.4.0/30
    • 169.254.5.0/30
    • 169.254.169.252/30
    tunnelInsideIpv6Cidr string
    The range of inside IPv6 addresses for the tunnel. Any specified CIDR blocks must be unique across all VPN connections that use the same transit gateway. Constraints: A size /126 CIDR block from the local fd00::/8 range.
    dpd_timeout_action VpnConnectionVpnTunnelOptionsSpecificationDpdTimeoutAction
    The action to take after DPD timeout occurs. Specify restart to restart the IKE initiation. Specify clear to end the IKE session. Valid Values: clear | none | restart Default: clear
    dpd_timeout_seconds int
    The number of seconds after which a DPD timeout occurs. Constraints: A value greater than or equal to 30. Default: 30
    enable_tunnel_lifecycle_control bool
    Turn on or off tunnel endpoint lifecycle control feature.
    ike_versions Sequence[VpnConnectionIkeVersionsRequestListValue]
    The IKE versions that are permitted for the VPN tunnel. Valid values: ikev1 | ikev2
    log_options VpnConnectionVpnTunnelLogOptionsSpecification
    Options for logging VPN tunnel activity.
    phase1_encryption_algorithms Sequence[VpnConnectionPhase1EncryptionAlgorithmsRequestListValue]
    One or more encryption algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations. Valid values: AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16
    phase1_integrity_algorithms Sequence[VpnConnectionPhase1IntegrityAlgorithmsRequestListValue]
    One or more integrity algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations. Valid values: SHA1 | SHA2-256 | SHA2-384 | SHA2-512
    phase1_lifetime_seconds int
    The lifetime for phase 1 of the IKE negotiation, in seconds. Constraints: A value between 900 and 28,800. Default: 28800
    phase1dh_group_numbers Sequence[VpnConnectionPhase1dhGroupNumbersRequestListValue]
    One or more Diffie-Hellman group numbers that are permitted for the VPN tunnel for phase 1 IKE negotiations. Valid values: 2 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24
    phase2_encryption_algorithms Sequence[VpnConnectionPhase2EncryptionAlgorithmsRequestListValue]
    One or more encryption algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations. Valid values: AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16
    phase2_integrity_algorithms Sequence[VpnConnectionPhase2IntegrityAlgorithmsRequestListValue]
    One or more integrity algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations. Valid values: SHA1 | SHA2-256 | SHA2-384 | SHA2-512
    phase2_lifetime_seconds int
    The lifetime for phase 2 of the IKE negotiation, in seconds. Constraints: A value between 900 and 3,600. The value must be less than the value for Phase1LifetimeSeconds. Default: 3600
    phase2dh_group_numbers Sequence[VpnConnectionPhase2dhGroupNumbersRequestListValue]
    One or more Diffie-Hellman group numbers that are permitted for the VPN tunnel for phase 2 IKE negotiations. Valid values: 2 | 5 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24
    pre_shared_key str
    The pre-shared key (PSK) to establish initial authentication between the virtual private gateway and customer gateway. Constraints: Allowed characters are alphanumeric characters, periods (.), and underscores (_). Must be between 8 and 64 characters in length and cannot start with zero (0).
    rekey_fuzz_percentage int
    The percentage of the rekey window (determined by RekeyMarginTimeSeconds) during which the rekey time is randomly selected. Constraints: A value between 0 and 100. Default: 100
    rekey_margin_time_seconds int
    The margin time, in seconds, before the phase 2 lifetime expires, during which the AWS side of the VPN connection performs an IKE rekey. The exact time of the rekey is randomly selected based on the value for RekeyFuzzPercentage. Constraints: A value between 60 and half of Phase2LifetimeSeconds. Default: 270
    replay_window_size int
    The number of packets in an IKE replay window. Constraints: A value between 64 and 2048. Default: 1024
    startup_action VpnConnectionVpnTunnelOptionsSpecificationStartupAction
    The action to take when the establishing the tunnel for the VPN connection. By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specify start for AWS to initiate the IKE negotiation. Valid Values: add | start Default: add
    tunnel_inside_cidr str
    The range of inside IP addresses for the tunnel. Any specified CIDR blocks must be unique across all VPN connections that use the same virtual private gateway. Constraints: A size /30 CIDR block from the 169.254.0.0/16 range. The following CIDR blocks are reserved and cannot be used:

    • 169.254.0.0/30
    • 169.254.1.0/30
    • 169.254.2.0/30
    • 169.254.3.0/30
    • 169.254.4.0/30
    • 169.254.5.0/30
    • 169.254.169.252/30
    tunnel_inside_ipv6_cidr str
    The range of inside IPv6 addresses for the tunnel. Any specified CIDR blocks must be unique across all VPN connections that use the same transit gateway. Constraints: A size /126 CIDR block from the local fd00::/8 range.
    dpdTimeoutAction "clear" | "none" | "restart"
    The action to take after DPD timeout occurs. Specify restart to restart the IKE initiation. Specify clear to end the IKE session. Valid Values: clear | none | restart Default: clear
    dpdTimeoutSeconds Number
    The number of seconds after which a DPD timeout occurs. Constraints: A value greater than or equal to 30. Default: 30
    enableTunnelLifecycleControl Boolean
    Turn on or off tunnel endpoint lifecycle control feature.
    ikeVersions List<Property Map>
    The IKE versions that are permitted for the VPN tunnel. Valid values: ikev1 | ikev2
    logOptions Property Map
    Options for logging VPN tunnel activity.
    phase1EncryptionAlgorithms List<Property Map>
    One or more encryption algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations. Valid values: AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16
    phase1IntegrityAlgorithms List<Property Map>
    One or more integrity algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations. Valid values: SHA1 | SHA2-256 | SHA2-384 | SHA2-512
    phase1LifetimeSeconds Number
    The lifetime for phase 1 of the IKE negotiation, in seconds. Constraints: A value between 900 and 28,800. Default: 28800
    phase1dhGroupNumbers List<Property Map>
    One or more Diffie-Hellman group numbers that are permitted for the VPN tunnel for phase 1 IKE negotiations. Valid values: 2 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24
    phase2EncryptionAlgorithms List<Property Map>
    One or more encryption algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations. Valid values: AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16
    phase2IntegrityAlgorithms List<Property Map>
    One or more integrity algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations. Valid values: SHA1 | SHA2-256 | SHA2-384 | SHA2-512
    phase2LifetimeSeconds Number
    The lifetime for phase 2 of the IKE negotiation, in seconds. Constraints: A value between 900 and 3,600. The value must be less than the value for Phase1LifetimeSeconds. Default: 3600
    phase2dhGroupNumbers List<Property Map>
    One or more Diffie-Hellman group numbers that are permitted for the VPN tunnel for phase 2 IKE negotiations. Valid values: 2 | 5 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24
    preSharedKey String
    The pre-shared key (PSK) to establish initial authentication between the virtual private gateway and customer gateway. Constraints: Allowed characters are alphanumeric characters, periods (.), and underscores (_). Must be between 8 and 64 characters in length and cannot start with zero (0).
    rekeyFuzzPercentage Number
    The percentage of the rekey window (determined by RekeyMarginTimeSeconds) during which the rekey time is randomly selected. Constraints: A value between 0 and 100. Default: 100
    rekeyMarginTimeSeconds Number
    The margin time, in seconds, before the phase 2 lifetime expires, during which the AWS side of the VPN connection performs an IKE rekey. The exact time of the rekey is randomly selected based on the value for RekeyFuzzPercentage. Constraints: A value between 60 and half of Phase2LifetimeSeconds. Default: 270
    replayWindowSize Number
    The number of packets in an IKE replay window. Constraints: A value between 64 and 2048. Default: 1024
    startupAction "add" | "start"
    The action to take when the establishing the tunnel for the VPN connection. By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specify start for AWS to initiate the IKE negotiation. Valid Values: add | start Default: add
    tunnelInsideCidr String
    The range of inside IP addresses for the tunnel. Any specified CIDR blocks must be unique across all VPN connections that use the same virtual private gateway. Constraints: A size /30 CIDR block from the 169.254.0.0/16 range. The following CIDR blocks are reserved and cannot be used:

    • 169.254.0.0/30
    • 169.254.1.0/30
    • 169.254.2.0/30
    • 169.254.3.0/30
    • 169.254.4.0/30
    • 169.254.5.0/30
    • 169.254.169.252/30
    tunnelInsideIpv6Cidr String
    The range of inside IPv6 addresses for the tunnel. Any specified CIDR blocks must be unique across all VPN connections that use the same transit gateway. Constraints: A size /126 CIDR block from the local fd00::/8 range.

    VpnConnectionVpnTunnelOptionsSpecificationDpdTimeoutAction, VpnConnectionVpnTunnelOptionsSpecificationDpdTimeoutActionArgs

    Clear
    clear
    None
    none
    Restart
    restart
    VpnConnectionVpnTunnelOptionsSpecificationDpdTimeoutActionClear
    clear
    VpnConnectionVpnTunnelOptionsSpecificationDpdTimeoutActionNone
    none
    VpnConnectionVpnTunnelOptionsSpecificationDpdTimeoutActionRestart
    restart
    Clear
    clear
    None
    none
    Restart
    restart
    Clear
    clear
    None
    none
    Restart
    restart
    CLEAR
    clear
    NONE
    none
    RESTART
    restart
    "clear"
    clear
    "none"
    none
    "restart"
    restart

    VpnConnectionVpnTunnelOptionsSpecificationStartupAction, VpnConnectionVpnTunnelOptionsSpecificationStartupActionArgs

    Add
    add
    Start
    start
    VpnConnectionVpnTunnelOptionsSpecificationStartupActionAdd
    add
    VpnConnectionVpnTunnelOptionsSpecificationStartupActionStart
    start
    Add
    add
    Start
    start
    Add
    add
    Start
    start
    ADD
    add
    START
    start
    "add"
    add
    "start"
    start

    Package Details

    Repository
    AWS Native pulumi/pulumi-aws-native
    License
    Apache-2.0
    aws-native logo

    We recommend new projects start with resources from the AWS provider.

    AWS Cloud Control v1.26.0 published on Wednesday, Mar 12, 2025 by Pulumi
    pulumi/pulumi-aws-native