Interface ICustomerGatewayConfig

NetworkConfig / CustomerGatewayConfig

Customer Gateway (CGW) Configuration.

Description

Use this configuration to define Customer Gateways and site-to-site VPN connections. A customer gateway device is a physical or software appliance that you own or manage in your on-premises network (on your side of a Site-to-Site VPN connection). A VPN connection refers to the connection between your VPC and your own on-premises network.

Example

customerGateways:
  - name: accelerator-cgw
    account: Network
    region: *HOME_REGION
    ipAddress: 1.1.1.1
    asn: 65500
    vpnConnections:
      - name: accelerator-vpn
        transitGateway: Network-Main
        routeTableAssociations:
          - Network-Main-Core
        routeTablePropagations:
          - Network-Main-Core
        staticRoutesOnly: false
        tunnelSpecifications:
          - tunnelInsideCidr: 169.254.200.0/30
            preSharedKey: Key1-AbcXyz
          - tunnelInsideCidr: 169.254.200.100/30
            preSharedKey: Key2-AbcXyz
interface ICustomerGatewayConfig {
    account: string;
    asn: number;
    ipAddress: string;
    name: string;
    region:
        | "af-south-1"
        | "ap-east-1"
        | "ap-northeast-1"
        | "ap-northeast-2"
        | "ap-northeast-3"
        | "ap-south-1"
        | "ap-south-2"
        | "ap-southeast-1"
        | "ap-southeast-2"
        | "ap-southeast-3"
        | "ap-southeast-4"
        | "ap-southeast-5"
        | "ca-central-1"
        | "ca-west-1"
        | "cn-north-1"
        | "cn-northwest-1"
        | "eu-central-1"
        | "eu-central-2"
        | "eu-north-1"
        | "eu-south-1"
        | "eu-south-2"
        | "eu-west-1"
        | "eu-west-2"
        | "eu-west-3"
        | "eu-isoe-west-1"
        | "il-central-1"
        | "me-central-1"
        | "me-south-1"
        | "mx-central-1"
        | "sa-east-1"
        | "us-east-1"
        | "us-east-2"
        | "us-gov-west-1"
        | "us-gov-east-1"
        | "us-iso-east-1"
        | "us-isob-east-1"
        | "us-iso-west-1"
        | "us-isof-south-1"
        | "us-isof-east-1"
        | "us-west-1"
        | "us-west-2";
    tags?: ITag[];
    vpnConnections?: IVpnConnectionConfig[];
}

Properties

account asn ipAddress name region tags? vpnConnections?

Properties

Readonlyaccount

account: string

The logical name of the account to deploy the Customer Gateway to. This value should match the name of the account recorded in the accounts-config.yaml file.

Readonlyasn

asn: number

Define the ASN used for the Customer Gateway

Remarks

CAUTION: Changing this property value after initial deployment causes the VPN to be recreated. Please be aware that any downstream dependencies may cause this property update to fail.

The private ASN range is 64512 to 65534. The default is 65000.

ReadonlyipAddress

ipAddress: string

Defines the IP address of the Customer Gateway

Remarks

CAUTION: Changing this property value after initial deployment causes the VPN to be recreated. Please be aware that any downstream dependencies may cause this property update to fail.

To define a customer gateway that references an external appliance (i.e. on-premise or otherwise external to the accelerator), use a public-facing IPv4 address (i.e. 1.2.3.4).

This property supports ACCEL_LOOKUP replacement variables to target the public IP address of a network interface attached to an Ec2FirewallInstanceConfig defined in customizations-config.yaml. The target network interface MUST be configured with the associateElasticIp property set to true.

NOTE: This lookup value is not supported for firewalls defined in Ec2FirewallAutoScalingGroupConfig.

Supported replacement:

  • Network interface replacement - look up a network interface attached to a firewall instance defined in customizations-config.yaml
    • Format:${ACCEL_LOOKUP::EC2:ENI_<ENI_INDEX>:<FIREWALL_INSTANCE_NAME>}, where <ENI_INDEX> is the device index of the network interface as defined in the firewall launch template and <FIREWALL_INSTANCE_NAME> is the name of the firewall instance.
    • Index numbering is zero-based, so the primary interface of the instance is 0.
    • Example usage: ${ACCEL_LOOKUP::EC2:ENI_0:accelerator-firewall} - translates to the primary public IP address of the primary network interface of a firewall named accelerator-firewall.

Readonlyname

name: string

The name of the CGW.

The value of this property will be utilized as the logical id for this resource. Any references to this object should specify this value.

Remarks

CAUTION: Changing this property value after initial deployment causes the VPN to be recreated. Please be aware that any downstream dependencies may cause this property update to fail.

Readonlyregion

region:
    | "af-south-1"
    | "ap-east-1"
    | "ap-northeast-1"
    | "ap-northeast-2"
    | "ap-northeast-3"
    | "ap-south-1"
    | "ap-south-2"
    | "ap-southeast-1"
    | "ap-southeast-2"
    | "ap-southeast-3"
    | "ap-southeast-4"
    | "ap-southeast-5"
    | "ca-central-1"
    | "ca-west-1"
    | "cn-north-1"
    | "cn-northwest-1"
    | "eu-central-1"
    | "eu-central-2"
    | "eu-north-1"
    | "eu-south-1"
    | "eu-south-2"
    | "eu-west-1"
    | "eu-west-2"
    | "eu-west-3"
    | "eu-isoe-west-1"
    | "il-central-1"
    | "me-central-1"
    | "me-south-1"
    | "mx-central-1"
    | "sa-east-1"
    | "us-east-1"
    | "us-east-2"
    | "us-gov-west-1"
    | "us-gov-east-1"
    | "us-iso-east-1"
    | "us-isob-east-1"
    | "us-iso-west-1"
    | "us-isof-south-1"
    | "us-isof-east-1"
    | "us-west-1"
    | "us-west-2"

The AWS region to provision the customer gateway in

Optional Readonlytags

tags?: ITag[]

Define tags for the Customer Gateway

Optional ReadonlyvpnConnections

vpnConnections?: IVpnConnectionConfig[]

Define the optional VPN Connection configuration

See

VpnConnectionConfig

Settings

Member Visibility

On This Page

Properties