NetworkConfig / CustomerGatewayConfig

Customer Gateway (CGW) Configuration. Use this configuration to define Customer Gateways and site-to-site VPN connections. A customer gateway device is a physical or software appliance that you own or manage in your on-premises network (on your side of a Site-to-Site VPN connection). A VPN connection refers to the connection between your VPC and your own on-premises network.

Example

customerGateways:
- name: accelerator-cgw
account: Network
region: *HOME_REGION
ipAddress: 1.1.1.1
asn: 65500
vpnConnections:
- name: accelerator-vpn
transitGateway: Network-Main
routeTableAssociations:
- Network-Main-Core
routeTablePropagations:
- Network-Main-Core
staticRoutesOnly: false
tunnelSpecifications:
- tunnelInsideCidr: 169.254.200.0/30
preSharedKey: Key1-AbcXyz
- tunnelInsideCidr: 169.254.200.100/30
preSharedKey: Key2-AbcXyz

Hierarchy

  • CustomerGatewayConfig

Implements

Constructors

Properties

account: string = ''

The logical name of the account to deploy the Customer Gateway to. This value should match the name of the account recorded in the accounts-config.yaml file.

asn: number = 65000

Define the ASN used for the Customer Gateway

Remarks

CAUTION: Changing this property value after initial deployment causes the VPN to be recreated. Please be aware that any downstream dependencies may cause this property update to fail.

The private ASN range is 64512 to 65534. The default is 65000.

ipAddress: string = ''

Defines the IP address of the Customer Gateway

Remarks

CAUTION: Changing this property value after initial deployment causes the VPN to be recreated. Please be aware that any downstream dependencies may cause this property update to fail.

To define a customer gateway that references an external appliance (i.e. on-premise or otherwise external to the accelerator), use a public-facing IPv4 address (i.e. 1.2.3.4).

This property supports ACCEL_LOOKUP replacement variables to target the public IP address of a network interface attached to an Ec2FirewallInstanceConfig defined in customizations-config.yaml. The target network interface MUST be configured with the associateElasticIp property set to true.

NOTE: This lookup value is not supported for firewalls defined in Ec2FirewallAutoScalingGroupConfig.

Supported replacement:

  • Network interface replacement - look up a network interface attached to a firewall instance defined in customizations-config.yaml
    • Format:${ACCEL_LOOKUP::EC2:ENI_<ENI_INDEX>:<FIREWALL_INSTANCE_NAME>}, where <ENI_INDEX> is the device index of the network interface as defined in the firewall launch template and <FIREWALL_INSTANCE_NAME> is the name of the firewall instance.
    • Index numbering is zero-based, so the primary interface of the instance is 0.
    • Example usage: ${ACCEL_LOOKUP::EC2:ENI_0:accelerator-firewall} - translates to the primary public IP address of the primary network interface of a firewall named accelerator-firewall.
name: string = ''

The name of the CGW.

The value of this property will be utilized as the logical id for this resource. Any references to this object should specify this value.

Remarks

CAUTION: Changing this property value after initial deployment causes the VPN to be recreated. Please be aware that any downstream dependencies may cause this property update to fail.

region: string = 'us-east-1'

The AWS region to provision the customer gateway in

tags: undefined | Tag[] = undefined

Define tags for the Customer Gateway

vpnConnections: undefined | VpnConnectionConfig[] = undefined

Define the optional VPN Connection configuration

See

VpnConnectionConfig

Generated using TypeDoc