Class VpnConnectionConfig

NetworkConfig / CustomerGatewayConfig / VpnConnectionConfig

Site-to-site VPN Connection configuration. Use this configuration to define the VPN connections that terminate either on a Transit Gateway or virtual private gateway. A VPN connection refers to the connection between your VPC and your own on-premises network. You can enable access to your remote network from your VPC by creating an AWS Site-to-Site VPN (Site-to-Site VPN) connection, and configuring routing to pass traffic through the connection.

IMPORTANT: After initial deployment of your VPN connection with any of the v1.5.0+ options noted below, you can make property changes in one of VpnConnectionConfig or VpnTunnelOptionsSpecificationsConfig, but not both. You may make multiple property changes in one of those configurations if necessary. Trying to modify properties in both configurations will result in a pipeline failure. This is due to the fact that only a single mutating API call can be made at a time for AWS Site-to-Site VPN connections.

Note: you may manually roll back the resulting CloudFormation stack should you encounter this failure. More details on how to skip failed resources in the following reference: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-continueupdaterollback.html

Example

VPN termination at a Transit Gateway:

- name: accelerator-vpn
  transitGateway: Network-Main
  routeTableAssociations:
    - Network-Main-Core
  routeTablePropagations:
    - Network-Main-Core
  staticRoutesOnly: false
  # Tunnel specifications are optional -- additional tunnel options available in configuration reference
  tunnelSpecifications:
    - tunnelInsideCidr: 169.254.200.0/30
      preSharedKey: Key1-AbcXyz
    - tunnelInsideCidr: 169.254.200.100/30
      preSharedKey: Key1-AbcXyz

VPN termination at a VPC:

- name: accelerator-vpn
  vpc: Inspection-Vpc
  staticRoutesOnly: false
  # Tunnel specifications are optional -- additional tunnel options available in configuration reference
  tunnelSpecifications:
    - tunnelInsideCidr: 169.254.200.0/30
      preSharedKey: Key1-AbcXyz
    - tunnelInsideCidr: 169.254.200.100/30
      preSharedKey: Key1-AbcXyz

Hierarchy

  • VpnConnectionConfig

Implements

Constructors

constructor

Properties

amazonIpv4NetworkCidr customerIpv4NetworkCidr enableVpnAcceleration name routeTableAssociations routeTablePropagations staticRoutesOnly tags transitGateway tunnelSpecifications vpc

Constructors

constructor

Properties

Readonly amazonIpv4NetworkCidr

amazonIpv4NetworkCidr: undefined | string = undefined

(OPTIONAL) The Amazon-side IPv4 CIDR range that is allowed through the site-to-site VPN tunnel. Configuring this option restricts the Amazon-side CIDR range that can communicate with your local network.

Default - 0.0.0.0/0

Remarks

CAUTION: if you configure this property on a VPN connection that was deployed prior to v1.5.0, your VPN connection will be recreated. Please be aware that any downstream dependencies may cause this property update to fail. To ensure a clean replacement, we highly recommend deleting the original connection and its downstream dependencies prior to making this change.

If you update this property after deployment, both of your VPN tunnel endpoints will become temporarily unavailable. Please see Customer initiated endpoint replacements for additional details.

Use CIDR notation, i.e. 10.0.0.0/16.

Readonly customerIpv4NetworkCidr

customerIpv4NetworkCidr: undefined | string = undefined

(OPTIONAL) The customer-side IPv4 CIDR range that is allowed through the site-to-site VPN tunnel. Configuring this option restricts the local CIDR range that can communicate with your AWS environment.

Default - 0.0.0.0/0

Remarks

CAUTION: if you configure this property on a VPN connection that was deployed prior to v1.5.0, your VPN connection will be recreated. Please be aware that any downstream dependencies may cause this property update to fail. To ensure a clean replacement, we highly recommend deleting the original connection and its downstream dependencies prior to making this change.

If you update this property after deployment, both of your VPN tunnel endpoints will become temporarily unavailable. Please see Customer initiated endpoint replacements for additional details.

Use CIDR notation, i.e. 10.0.0.0/16.

Readonly enableVpnAcceleration

enableVpnAcceleration: undefined | boolean = undefined

(OPTIONAL) Enable Site-to-Site VPN Acceleration. For more information, see Accelerated Site-to-Site VPN connections.

Remarks

CAUTION: if you configure this property on a VPN connection that was deployed prior to v1.5.0, your VPN connection will be recreated. Please be aware that any downstream dependencies may cause this property update to fail. To ensure a clean replacement, we highly recommend deleting the original connection and its downstream dependencies prior to making this change.

If you update this property after deployment, your VPN tunnel will be recreated. VPN acceleration can only be enabled/disabled on initial VPN connection creation.

NOTE: Accelerated VPNs are only supported on VPNs terminating on transit gateways.

Readonly name

name: string = ''

The name of the VPN Connection.

The value of this property will be utilized as the logical id for this resource. Any references to this object should specify this value.

Remarks

CAUTION: Changing this property value after initial deployment causes the VPN to be recreated. Please be aware that any downstream dependencies may cause this property update to fail.

Readonly routeTableAssociations

routeTableAssociations: undefined | string[] = undefined

(OPTIONAL) An array of Transit Gateway route table names to associate the VPN attachment to

Remarks

This is the name property of the Transit Gateway route table

This property should only be defined if creating a VPN connection to a Transit Gateway. Leave undefined for VPN connections to virtual private gateways.

Readonly routeTablePropagations

routeTablePropagations: undefined | string[] = undefined

(OPTIONAL) An array of Transit Gateway route table names to propagate the VPN attachment to

Remarks

This is the name property of the Transit Gateway route table

This property should only be defined if creating a VPN connection to a Transit Gateway. Leave undefined for VPN connections to virtual private gateways.

Readonly staticRoutesOnly

staticRoutesOnly: undefined | boolean = undefined

(OPTIONAL) If creating a VPN connection for a device that doesn't support Border Gateway Protocol (BGP) declare true as a value, otherwise, use false.

Remarks

CAUTION: Changing this property value after initial deployment causes the VPN to be recreated. Please be aware that any downstream dependencies may cause this property update to fail.

Readonly tags

tags: undefined | Tag[] = undefined

(OPTIONAL) An array of tags for the VPN Connection.

Readonly transitGateway

transitGateway: undefined | string = undefined

The logical name of the Transit Gateway that the customer Gateway is attached to so that a VPN connection is established.

Remarks

CAUTION: Changing this property value after initial deployment causes the VPN to be recreated. Please be aware that any downstream dependencies may cause this property update to fail.

Must specify either the Transit Gateway name or the Virtual Private Gateway, not both.

Readonly tunnelSpecifications

tunnelSpecifications: undefined | VpnTunnelOptionsSpecificationsConfig[] = undefined

(OPTIONAL) Define the optional VPN Tunnel configuration

See

VpnTunnelOptionsSpecificationsConfig

Readonly vpc

vpc: undefined | string = undefined

The logical name of the Virtual Private Cloud that a Virtual Private Gateway is attached to.

Remarks

CAUTION: Changing this property value after initial deployment causes the VPN to be recreated. Please be aware that any downstream dependencies may cause this property update to fail.

Must specify either the Transit Gateway name or the Virtual Private Gateway, not both.

Settings

Member Visibility

Theme

Generated using TypeDoc