NetworkConfig / CustomerGatewayConfig / VpnConnectionConfig

Site-to-site VPN Connection configuration. Use this configuration to define the VPN connections that terminate either on a Transit Gateway or virtual private gateway. A VPN connection refers to the connection between your VPC and your own on-premises network. You can enable access to your remote network from your VPC by creating an AWS Site-to-Site VPN (Site-to-Site VPN) connection, and configuring routing to pass traffic through the connection.

IMPORTANT: After initial deployment of your VPN connection with any of the v1.5.0+ options noted below, you can make property changes in one of VpnConnectionConfig or VpnTunnelOptionsSpecificationsConfig, but not both. You may make multiple property changes in one of those configurations if necessary. Trying to modify properties in both configurations will result in a pipeline failure. This is due to the fact that only a single mutating API call can be made at a time for AWS Site-to-Site VPN connections.

Note: you may manually roll back the resulting CloudFormation stack should you encounter this failure. More details on how to skip failed resources in the following reference: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-continueupdaterollback.html

Example

VPN termination at a Transit Gateway:

- name: accelerator-vpn
transitGateway: Network-Main
routeTableAssociations:
- Network-Main-Core
routeTablePropagations:
- Network-Main-Core
staticRoutesOnly: false
# Tunnel specifications are optional -- additional tunnel options available in configuration reference
tunnelSpecifications:
- tunnelInsideCidr: 169.254.200.0/30
preSharedKey: Key1-AbcXyz
- tunnelInsideCidr: 169.254.200.100/30
preSharedKey: Key1-AbcXyz

VPN termination at a VPC:

- name: accelerator-vpn
vpc: Inspection-Vpc
staticRoutesOnly: false
# Tunnel specifications are optional -- additional tunnel options available in configuration reference
tunnelSpecifications:
- tunnelInsideCidr: 169.254.200.0/30
preSharedKey: Key1-AbcXyz
- tunnelInsideCidr: 169.254.200.100/30
preSharedKey: Key1-AbcXyz

Hierarchy

  • VpnConnectionConfig

Implements

Constructors

Properties

amazonIpv4NetworkCidr: undefined | string = undefined

(OPTIONAL) The Amazon-side IPv4 CIDR range that is allowed through the site-to-site VPN tunnel. Configuring this option restricts the Amazon-side CIDR range that can communicate with your local network.

Default - 0.0.0.0/0

Remarks

CAUTION: if you configure this property on a VPN connection that was deployed prior to v1.5.0, your VPN connection will be recreated. Please be aware that any downstream dependencies may cause this property update to fail. To ensure a clean replacement, we highly recommend deleting the original connection and its downstream dependencies prior to making this change.

If you update this property after deployment, both of your VPN tunnel endpoints will become temporarily unavailable. Please see Customer initiated endpoint replacements for additional details.

Use CIDR notation, i.e. 10.0.0.0/16.

customerIpv4NetworkCidr: undefined | string = undefined

(OPTIONAL) The customer-side IPv4 CIDR range that is allowed through the site-to-site VPN tunnel. Configuring this option restricts the local CIDR range that can communicate with your AWS environment.

Default - 0.0.0.0/0

Remarks

CAUTION: if you configure this property on a VPN connection that was deployed prior to v1.5.0, your VPN connection will be recreated. Please be aware that any downstream dependencies may cause this property update to fail. To ensure a clean replacement, we highly recommend deleting the original connection and its downstream dependencies prior to making this change.

If you update this property after deployment, both of your VPN tunnel endpoints will become temporarily unavailable. Please see Customer initiated endpoint replacements for additional details.

Use CIDR notation, i.e. 10.0.0.0/16.

enableVpnAcceleration: undefined | boolean = undefined

(OPTIONAL) Enable Site-to-Site VPN Acceleration. For more information, see Accelerated Site-to-Site VPN connections.

Remarks

CAUTION: if you configure this property on a VPN connection that was deployed prior to v1.5.0, your VPN connection will be recreated. Please be aware that any downstream dependencies may cause this property update to fail. To ensure a clean replacement, we highly recommend deleting the original connection and its downstream dependencies prior to making this change.

If you update this property after deployment, your VPN tunnel will be recreated. VPN acceleration can only be enabled/disabled on initial VPN connection creation.

NOTE: Accelerated VPNs are only supported on VPNs terminating on transit gateways.

name: string = ''

The name of the VPN Connection.

The value of this property will be utilized as the logical id for this resource. Any references to this object should specify this value.

Remarks

CAUTION: Changing this property value after initial deployment causes the VPN to be recreated. Please be aware that any downstream dependencies may cause this property update to fail.

routeTableAssociations: undefined | string[] = undefined

(OPTIONAL) An array of Transit Gateway route table names to associate the VPN attachment to

Remarks

This is the name property of the Transit Gateway route table

This property should only be defined if creating a VPN connection to a Transit Gateway. Leave undefined for VPN connections to virtual private gateways.

routeTablePropagations: undefined | string[] = undefined

(OPTIONAL) An array of Transit Gateway route table names to propagate the VPN attachment to

Remarks

This is the name property of the Transit Gateway route table

This property should only be defined if creating a VPN connection to a Transit Gateway. Leave undefined for VPN connections to virtual private gateways.

staticRoutesOnly: undefined | boolean = undefined

(OPTIONAL) If creating a VPN connection for a device that doesn't support Border Gateway Protocol (BGP) declare true as a value, otherwise, use false.

Remarks

CAUTION: Changing this property value after initial deployment causes the VPN to be recreated. Please be aware that any downstream dependencies may cause this property update to fail.

tags: undefined | Tag[] = undefined

(OPTIONAL) An array of tags for the VPN Connection.

transitGateway: undefined | string = undefined

The logical name of the Transit Gateway that the customer Gateway is attached to so that a VPN connection is established.

Remarks

CAUTION: Changing this property value after initial deployment causes the VPN to be recreated. Please be aware that any downstream dependencies may cause this property update to fail.

Must specify either the Transit Gateway name or the Virtual Private Gateway, not both.

tunnelSpecifications: undefined | VpnTunnelOptionsSpecificationsConfig[] = undefined

(OPTIONAL) Define the optional VPN Tunnel configuration

See

VpnTunnelOptionsSpecificationsConfig

vpc: undefined | string = undefined

The logical name of the Virtual Private Cloud that a Virtual Private Gateway is attached to.

Remarks

CAUTION: Changing this property value after initial deployment causes the VPN to be recreated. Please be aware that any downstream dependencies may cause this property update to fail.

Must specify either the Transit Gateway name or the Virtual Private Gateway, not both.

Generated using TypeDoc