Readonly
amazon(OPTIONAL) The Amazon-side IPv4 CIDR range that is allowed through the site-to-site VPN tunnel. Configuring this option restricts the Amazon-side CIDR range that can communicate with your local network.
Default - 0.0.0.0/0
CAUTION: if you configure this property on a VPN connection that was deployed prior to v1.5.0, your VPN connection will be recreated. Please be aware that any downstream dependencies may cause this property update to fail. To ensure a clean replacement, we highly recommend deleting the original connection and its downstream dependencies prior to making this change.
If you update this property after deployment, both of your VPN tunnel endpoints will become temporarily unavailable. Please see Customer initiated endpoint replacements for additional details.
Use CIDR notation, i.e. 10.0.0.0/16.
Readonly
customer(OPTIONAL) The customer-side IPv4 CIDR range that is allowed through the site-to-site VPN tunnel. Configuring this option restricts the local CIDR range that can communicate with your AWS environment.
Default - 0.0.0.0/0
CAUTION: if you configure this property on a VPN connection that was deployed prior to v1.5.0, your VPN connection will be recreated. Please be aware that any downstream dependencies may cause this property update to fail. To ensure a clean replacement, we highly recommend deleting the original connection and its downstream dependencies prior to making this change.
If you update this property after deployment, both of your VPN tunnel endpoints will become temporarily unavailable. Please see Customer initiated endpoint replacements for additional details.
Use CIDR notation, i.e. 10.0.0.0/16.
Readonly
enable(OPTIONAL) Enable Site-to-Site VPN Acceleration. For more information, see Accelerated Site-to-Site VPN connections.
CAUTION: if you configure this property on a VPN connection that was deployed prior to v1.5.0, your VPN connection will be recreated. Please be aware that any downstream dependencies may cause this property update to fail. To ensure a clean replacement, we highly recommend deleting the original connection and its downstream dependencies prior to making this change.
If you update this property after deployment, your VPN tunnel will be recreated. VPN acceleration can only be enabled/disabled on initial VPN connection creation.
NOTE: Accelerated VPNs are only supported on VPNs terminating on transit gateways.
Readonly
nameThe name of the VPN Connection.
The value of this property will be utilized as the logical id for this resource. Any references to this object should specify this value.
CAUTION: Changing this property value after initial deployment causes the VPN to be recreated. Please be aware that any downstream dependencies may cause this property update to fail.
Readonly
route(OPTIONAL) An array of Transit Gateway route table names to associate the VPN attachment to
This is the name
property of the Transit Gateway route table
This property should only be defined if creating a VPN connection to a Transit Gateway. Leave undefined for VPN connections to virtual private gateways.
Readonly
route(OPTIONAL) An array of Transit Gateway route table names to propagate the VPN attachment to
This is the name
property of the Transit Gateway route table
This property should only be defined if creating a VPN connection to a Transit Gateway. Leave undefined for VPN connections to virtual private gateways.
Readonly
static(OPTIONAL) If creating a VPN connection for a device that doesn't support Border Gateway Protocol (BGP) declare true as a value, otherwise, use false.
CAUTION: Changing this property value after initial deployment causes the VPN to be recreated. Please be aware that any downstream dependencies may cause this property update to fail.
Readonly
tags(OPTIONAL) An array of tags for the VPN Connection.
Readonly
transitThe logical name of the Transit Gateway that the customer Gateway is attached to so that a VPN connection is established.
CAUTION: Changing this property value after initial deployment causes the VPN to be recreated. Please be aware that any downstream dependencies may cause this property update to fail.
Must specify either the Transit Gateway name or the Virtual Private Gateway, not both.
Readonly
tunnelReadonly
vpcThe logical name of the Virtual Private Cloud that a Virtual Private Gateway is attached to.
CAUTION: Changing this property value after initial deployment causes the VPN to be recreated. Please be aware that any downstream dependencies may cause this property update to fail.
Must specify either the Transit Gateway name or the Virtual Private Gateway, not both.
Generated using TypeDoc
NetworkConfig / CustomerGatewayConfig / VpnConnectionConfig
Site-to-site VPN Connection configuration. Use this configuration to define the VPN connections that terminate either on a Transit Gateway or virtual private gateway. A VPN connection refers to the connection between your VPC and your own on-premises network. You can enable access to your remote network from your VPC by creating an AWS Site-to-Site VPN (Site-to-Site VPN) connection, and configuring routing to pass traffic through the connection.
IMPORTANT: After initial deployment of your VPN connection with any of the v1.5.0+ options noted below, you can make property changes in one of VpnConnectionConfig or VpnTunnelOptionsSpecificationsConfig, but not both. You may make multiple property changes in one of those configurations if necessary. Trying to modify properties in both configurations will result in a pipeline failure. This is due to the fact that only a single mutating API call can be made at a time for AWS Site-to-Site VPN connections.
Note: you may manually roll back the resulting CloudFormation stack should you encounter this failure. More details on how to skip failed resources in the following reference: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-continueupdaterollback.html
Example
VPN termination at a Transit Gateway:
VPN termination at a VPC: