Class CustomerGatewayConfig

NetworkConfig / CustomerGatewayConfig

Customer Gateway (CGW) Configuration. Use this configuration to define Customer Gateways and site-to-site VPN connections. A customer gateway device is a physical or software appliance that you own or manage in your on-premises network (on your side of a Site-to-Site VPN connection). A VPN connection refers to the connection between your VPC and your own on-premises network.

Example

customerGateways:
  - name: accelerator-cgw
    account: Network
    region: *HOME_REGION
    ipAddress: 1.1.1.1
    asn: 65500
    vpnConnections:
      - name: accelerator-vpn
        transitGateway: Network-Main
        routeTableAssociations:
          - Network-Main-Core
        routeTablePropagations:
          - Network-Main-Core
        staticRoutesOnly: false
        tunnelSpecifications:
          - tunnelInsideCidr: 169.254.200.0/30
            preSharedKey: Key1-AbcXyz
          - tunnelInsideCidr: 169.254.200.100/30
            preSharedKey: Key2-AbcXyz

Hierarchy

  • CustomerGatewayConfig

Implements

Constructors

constructor

Properties

account asn ipAddress name region tags vpnConnections

Constructors

constructor

Properties

Readonly account

account: string = ''

The logical name of the account to deploy the Customer Gateway to. This value should match the name of the account recorded in the accounts-config.yaml file.

Readonly asn

asn: number = 65000

Define the ASN used for the Customer Gateway

Remarks

CAUTION: Changing this property value after initial deployment causes the VPN to be recreated. Please be aware that any downstream dependencies may cause this property update to fail.

The private ASN range is 64512 to 65534. The default is 65000.

Readonly ipAddress

ipAddress: string = ''

Defines the IP address of the Customer Gateway

Remarks

CAUTION: Changing this property value after initial deployment causes the VPN to be recreated. Please be aware that any downstream dependencies may cause this property update to fail.

To define a customer gateway that references an external appliance (i.e. on-premise or otherwise external to the accelerator), use a public-facing IPv4 address (i.e. 1.2.3.4).

This property supports ACCEL_LOOKUP replacement variables to target the public IP address of a network interface attached to an Ec2FirewallInstanceConfig defined in customizations-config.yaml. The target network interface MUST be configured with the associateElasticIp property set to true.

NOTE: This lookup value is not supported for firewalls defined in Ec2FirewallAutoScalingGroupConfig.

Supported replacement:

  • Network interface replacement - look up a network interface attached to a firewall instance defined in customizations-config.yaml
    • Format:${ACCEL_LOOKUP::EC2:ENI_<ENI_INDEX>:<FIREWALL_INSTANCE_NAME>}, where <ENI_INDEX> is the device index of the network interface as defined in the firewall launch template and <FIREWALL_INSTANCE_NAME> is the name of the firewall instance.
    • Index numbering is zero-based, so the primary interface of the instance is 0.
    • Example usage: ${ACCEL_LOOKUP::EC2:ENI_0:accelerator-firewall} - translates to the primary public IP address of the primary network interface of a firewall named accelerator-firewall.

Readonly name

name: string = ''

The name of the CGW.

The value of this property will be utilized as the logical id for this resource. Any references to this object should specify this value.

Remarks

CAUTION: Changing this property value after initial deployment causes the VPN to be recreated. Please be aware that any downstream dependencies may cause this property update to fail.

Readonly region

region: string = 'us-east-1'

The AWS region to provision the customer gateway in

Readonly tags

tags: undefined | Tag[] = undefined

Define tags for the Customer Gateway

Readonly vpnConnections

vpnConnections: undefined | VpnConnectionConfig[] = undefined

Define the optional VPN Connection configuration

See

VpnConnectionConfig

Settings

Member Visibility

Theme

Generated using TypeDoc