This is the new AWS CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the AWS CloudFormation User Guide.
AWS::EC2::VPNConnection
Specifies a VPN connection between a virtual private gateway and a VPN customer gateway or a transit gateway and a VPN customer gateway.
To specify a VPN connection between a transit gateway and customer gateway, use the
TransitGatewayId and CustomerGatewayId properties.
To specify a VPN connection between a virtual private gateway and customer gateway, use
the VpnGatewayId and CustomerGatewayId properties.
For more information, see AWS Site-to-Site VPN in the AWS Site-to-Site VPN User Guide.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::EC2::VPNConnection", "Properties" : { "CustomerGatewayId" :String, "EnableAcceleration" :Boolean, "LocalIpv4NetworkCidr" :String, "LocalIpv6NetworkCidr" :String, "OutsideIpAddressType" :String, "PreSharedKeyStorage" :String, "RemoteIpv4NetworkCidr" :String, "RemoteIpv6NetworkCidr" :String, "StaticRoutesOnly" :Boolean, "Tags" :[ Tag, ... ], "TransitGatewayId" :String, "TransportTransitGatewayAttachmentId" :String, "TunnelInsideIpVersion" :String, "Type" :String, "VpnGatewayId" :String, "VpnTunnelOptionsSpecifications" :[ VpnTunnelOptionsSpecification, ... ]} }
YAML
Type: AWS::EC2::VPNConnection Properties: CustomerGatewayId:StringEnableAcceleration:BooleanLocalIpv4NetworkCidr:StringLocalIpv6NetworkCidr:StringOutsideIpAddressType:StringPreSharedKeyStorage:StringRemoteIpv4NetworkCidr:StringRemoteIpv6NetworkCidr:StringStaticRoutesOnly:BooleanTags:- TagTransitGatewayId:StringTransportTransitGatewayAttachmentId:StringTunnelInsideIpVersion:StringType:StringVpnGatewayId:StringVpnTunnelOptionsSpecifications:- VpnTunnelOptionsSpecification
Properties
CustomerGatewayId-
The ID of the customer gateway at your end of the VPN connection.
Required: Yes
Type: String
Update requires: Replacement
EnableAcceleration-
Indicate whether to enable acceleration for the VPN connection.
Default:
falseRequired: No
Type: Boolean
Update requires: Replacement
LocalIpv4NetworkCidr-
The IPv4 CIDR on the customer gateway (on-premises) side of the VPN connection.
Default:
0.0.0.0/0Required: No
Type: String
Update requires: Replacement
LocalIpv6NetworkCidr-
The IPv6 CIDR on the customer gateway (on-premises) side of the VPN connection.
Default:
::/0Required: No
Type: String
Update requires: Replacement
OutsideIpAddressType-
The type of IP address assigned to the outside interface of the customer gateway device.
Valid values:
PrivateIpv4|PublicIpv4|Ipv6Default:
PublicIpv4Required: No
Type: String
Update requires: Replacement
-
Describes the storage location for an instance store-backed AMI.
Required: No
Type: String
Allowed values:
Standard | SecretsManagerUpdate requires: Replacement
RemoteIpv4NetworkCidr-
The IPv4 CIDR on the AWS side of the VPN connection.
Default:
0.0.0.0/0Required: No
Type: String
Update requires: Replacement
RemoteIpv6NetworkCidr-
The IPv6 CIDR on the AWS side of the VPN connection.
Default:
::/0Required: No
Type: String
Update requires: Replacement
StaticRoutesOnly-
Indicates whether the VPN connection uses static routes only. Static routes must be used for devices that don't support BGP.
If you are creating a VPN connection for a device that does not support Border Gateway Protocol (BGP), you must specify
true.Required: No
Type: Boolean
Update requires: Replacement
-
Any tags assigned to the VPN connection.
Required: No
Type: Array of Tag
Update requires: No interruption
TransitGatewayId-
The ID of the transit gateway associated with the VPN connection.
You must specify either
TransitGatewayIdorVpnGatewayId, but not both.Required: Conditional
Type: String
Update requires: Replacement
TransportTransitGatewayAttachmentId-
The transit gateway attachment ID to use for the VPN tunnel.
Required if
OutsideIpAddressTypeis set toPrivateIpv4.Required: No
Type: String
Update requires: Replacement
TunnelInsideIpVersion-
Indicate whether the VPN tunnels process IPv4 or IPv6 traffic.
Default:
ipv4Required: No
Type: String
Allowed values:
ipv4 | ipv6Update requires: Replacement
Type-
The type of VPN connection.
Required: Yes
Type: String
Allowed values:
ipsec.1Update requires: Replacement
VpnGatewayId-
The ID of the virtual private gateway at the AWS side of the VPN connection.
You must specify either
TransitGatewayIdorVpnGatewayId, but not both.Required: Conditional
Type: String
Update requires: Replacement
VpnTunnelOptionsSpecifications-
The tunnel options for the VPN connection.
Required: No
Type: Array of VpnTunnelOptionsSpecification
Update requires: Replacement
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the ID of the VPN connection.
For more information about using the Ref function, see Ref.
Fn::GetAtt
The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.
For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.
VpnConnectionId-
The ID of the VPN connection.
Examples
VPN connection
The following example specifies a VPN connection between myVPNGateway and MyCustomerGateway.
JSON
"myVPNConnection" : { "Type" : "AWS::EC2::VPNConnection", "Properties" : { "Type" : "ipsec.1", "StaticRoutesOnly" : "true", "CustomerGatewayId" : {"Ref" : "myCustomerGateway"}, "VpnGatewayId" : {"Ref" : "myVPNGateway"} } }
YAML
myVPNConnection: Type: AWS::EC2::VPNConnection Properties: Type: ipsec.1 StaticRoutesOnly: true CustomerGatewayId: !Ref myCustomerGateway VpnGatewayId: !Ref myVPNGateway
See also
-
VPNConnection in the Amazon EC2 API Reference
