Readonly
enable(OPTIONAL) Enable site-to-site VPN tunnel logging to CloudWatch Logs.
If you enable this property, a log group will be created along with the VPN connection.
You may customize the name of the log group using the logGroupName
property.
The global cloudwatchLogRetentionInDays configuration and accelerator-provisioned KMS key will be applied to the log group.
Readonly
log(OPTIONAL) The name of the CloudWatch Logs log group that you would like tunnel logs to be sent to.
Default - Randomly generated name based on CDK stack and VPN resource name.
If defined, this value must be unique within the account the VPN connection is deployed to. For security purposes, your custom log group name will be prefixed with the Accelerator prefix value (AWSAccelerator or the custom prefix defined in the installer stack)
Readonly
output(OPTIONAL) The output format of the VPN tunnel logs.
Default - json
Generated using TypeDoc
NetworkConfig / CustomerGatewayConfig / VpnConnectionConfig / VpnTunnelOptionsSpecificationsConfig / VpnLoggingConfig
AWS Site-to-Site VPN logging configuration. Use this configuration to define CloudWatch log groups for your Site-to-Site VPN connections. AWS Site-to-Site VPN logs provide you with deeper visibility into your Site-to-Site VPN deployments. With this feature, you have access to Site-to-Site VPN connection logs that provide details on IP Security (IPsec) tunnel establishment, Internet Key Exchange (IKE) negotiations, and dead peer detection (DPD) protocol messages.
Example
Custom settings:
Default settings: