CfnVPNConnectionPropsMixin
- class aws_cdk.mixins_preview.aws_ec2.mixins.CfnVPNConnectionPropsMixin(props, *, strategy=None)
Bases:
MixinSpecifies a VPN connection between a virtual private gateway and a VPN customer gateway or a transit gateway and a VPN customer gateway.
To specify a VPN connection between a transit gateway and customer gateway, use the
TransitGatewayIdandCustomerGatewayIdproperties.To specify a VPN connection between a virtual private gateway and customer gateway, use the
VpnGatewayIdandCustomerGatewayIdproperties.For more information, see AWS Site-to-Site VPN in the AWS Site-to-Site VPN User Guide .
- See:
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpnconnection.html
- CloudformationResource:
AWS::EC2::VPNConnection
- Mixin:
true
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview import mixins from aws_cdk.mixins_preview.aws_ec2 import mixins as ec2_mixins cfn_vPNConnection_props_mixin = ec2_mixins.CfnVPNConnectionPropsMixin(ec2_mixins.CfnVPNConnectionMixinProps( customer_gateway_id="customerGatewayId", enable_acceleration=False, local_ipv4_network_cidr="localIpv4NetworkCidr", local_ipv6_network_cidr="localIpv6NetworkCidr", outside_ip_address_type="outsideIpAddressType", pre_shared_key_storage="preSharedKeyStorage", remote_ipv4_network_cidr="remoteIpv4NetworkCidr", remote_ipv6_network_cidr="remoteIpv6NetworkCidr", static_routes_only=False, tags=[CfnTag( key="key", value="value" )], transit_gateway_id="transitGatewayId", transport_transit_gateway_attachment_id="transportTransitGatewayAttachmentId", tunnel_bandwidth="tunnelBandwidth", tunnel_inside_ip_version="tunnelInsideIpVersion", type="type", vpn_concentrator_id="vpnConcentratorId", vpn_gateway_id="vpnGatewayId", vpn_tunnel_options_specifications=[ec2_mixins.CfnVPNConnectionPropsMixin.VpnTunnelOptionsSpecificationProperty( dpd_timeout_action="dpdTimeoutAction", dpd_timeout_seconds=123, enable_tunnel_lifecycle_control=False, ike_versions=[{ "value": "value" }], log_options=ec2_mixins.CfnVPNConnectionPropsMixin.VpnTunnelLogOptionsSpecificationProperty( cloudwatch_log_options=ec2_mixins.CfnVPNConnectionPropsMixin.CloudwatchLogOptionsSpecificationProperty( bgp_log_enabled=False, bgp_log_group_arn="bgpLogGroupArn", bgp_log_output_format="bgpLogOutputFormat", log_enabled=False, log_group_arn="logGroupArn", log_output_format="logOutputFormat" ) ), phase1_dh_group_numbers=[ec2_mixins.CfnVPNConnectionPropsMixin.Phase1DHGroupNumbersRequestListValueProperty( value=123 )], phase1_encryption_algorithms=[ec2_mixins.CfnVPNConnectionPropsMixin.Phase1EncryptionAlgorithmsRequestListValueProperty( value="value" )], phase1_integrity_algorithms=[ec2_mixins.CfnVPNConnectionPropsMixin.Phase1IntegrityAlgorithmsRequestListValueProperty( value="value" )], phase1_lifetime_seconds=123, phase2_dh_group_numbers=[ec2_mixins.CfnVPNConnectionPropsMixin.Phase2DHGroupNumbersRequestListValueProperty( value=123 )], phase2_encryption_algorithms=[ec2_mixins.CfnVPNConnectionPropsMixin.Phase2EncryptionAlgorithmsRequestListValueProperty( value="value" )], phase2_integrity_algorithms=[ec2_mixins.CfnVPNConnectionPropsMixin.Phase2IntegrityAlgorithmsRequestListValueProperty( value="value" )], phase2_lifetime_seconds=123, pre_shared_key="preSharedKey", rekey_fuzz_percentage=123, rekey_margin_time_seconds=123, replay_window_size=123, startup_action="startupAction", tunnel_inside_cidr="tunnelInsideCidr", tunnel_inside_ipv6_cidr="tunnelInsideIpv6Cidr" )] ), strategy=mixins.PropertyMergeStrategy.OVERRIDE )
Create a mixin to apply properties to
AWS::EC2::VPNConnection.- Parameters:
props (
Union[CfnVPNConnectionMixinProps,Dict[str,Any]]) – L1 properties to apply.strategy (
Optional[PropertyMergeStrategy]) – (experimental) Strategy for merging nested properties. Default: - PropertyMergeStrategy.MERGE
Methods
- apply_to(construct)
Apply the mixin properties to the construct.
- Parameters:
construct (
IConstruct)- Return type:
- supports(construct)
Check if this mixin supports the given construct.
- Parameters:
construct (
IConstruct)- Return type:
bool
Attributes
- CFN_PROPERTY_KEYS = ['customerGatewayId', 'enableAcceleration', 'localIpv4NetworkCidr', 'localIpv6NetworkCidr', 'outsideIpAddressType', 'preSharedKeyStorage', 'remoteIpv4NetworkCidr', 'remoteIpv6NetworkCidr', 'staticRoutesOnly', 'tags', 'transitGatewayId', 'transportTransitGatewayAttachmentId', 'tunnelBandwidth', 'tunnelInsideIpVersion', 'type', 'vpnConcentratorId', 'vpnGatewayId', 'vpnTunnelOptionsSpecifications']
Static Methods
- classmethod is_mixin(x)
(experimental) Checks if
xis a Mixin.- Parameters:
x (
Any) – Any object.- Return type:
bool- Returns:
true if
xis an object created from a class which extendsMixin.- Stability:
experimental
CloudwatchLogOptionsSpecificationProperty
- class CfnVPNConnectionPropsMixin.CloudwatchLogOptionsSpecificationProperty(*, bgp_log_enabled=None, bgp_log_group_arn=None, bgp_log_output_format=None, log_enabled=None, log_group_arn=None, log_output_format=None)
Bases:
objectOptions for sending VPN tunnel logs to CloudWatch.
- Parameters:
bgp_log_enabled (
Union[bool,IResolvable,None]) – Specifies whether to enable BGP logging for the VPN connection. Default value isFalse. Valid values:True|Falsebgp_log_group_arn (
Optional[str]) – The Amazon Resource Name (ARN) of the CloudWatch log group where BGP logs will be sent.bgp_log_output_format (
Optional[str]) – The desired output format for BGP logs to be sent to CloudWatch. Default format isjson. Valid values:json|textlog_enabled (
Union[bool,IResolvable,None]) – Enable or disable VPN tunnel logging feature. Default value isFalse. Valid values:True|Falselog_group_arn (
Optional[str]) – The Amazon Resource Name (ARN) of the CloudWatch log group to send logs to.log_output_format (
Optional[str]) – Set log format. Default format isjson. Valid values:json|text
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_ec2 import mixins as ec2_mixins cloudwatch_log_options_specification_property = ec2_mixins.CfnVPNConnectionPropsMixin.CloudwatchLogOptionsSpecificationProperty( bgp_log_enabled=False, bgp_log_group_arn="bgpLogGroupArn", bgp_log_output_format="bgpLogOutputFormat", log_enabled=False, log_group_arn="logGroupArn", log_output_format="logOutputFormat" )
Attributes
- bgp_log_enabled
Specifies whether to enable BGP logging for the VPN connection. Default value is
False.Valid values:
True|False
- bgp_log_group_arn
The Amazon Resource Name (ARN) of the CloudWatch log group where BGP logs will be sent.
- bgp_log_output_format
The desired output format for BGP logs to be sent to CloudWatch. Default format is
json.Valid values:
json|text
- log_enabled
Enable or disable VPN tunnel logging feature. Default value is
False.Valid values:
True|False
- log_group_arn
The Amazon Resource Name (ARN) of the CloudWatch log group to send logs to.
- log_output_format
Set log format. Default format is
json.Valid values:
json|text
IKEVersionsRequestListValueProperty
- class CfnVPNConnectionPropsMixin.IKEVersionsRequestListValueProperty(*, value=None)
Bases:
objectThe IKE version that is permitted for the VPN tunnel.
- Parameters:
value (
Optional[str]) – The IKE version.- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_ec2 import mixins as ec2_mixins i_kEVersions_request_list_value_property = { "value": "value" }
Attributes
Phase1DHGroupNumbersRequestListValueProperty
- class CfnVPNConnectionPropsMixin.Phase1DHGroupNumbersRequestListValueProperty(*, value=None)
Bases:
objectSpecifies a Diffie-Hellman group number for the VPN tunnel for phase 1 IKE negotiations.
- Parameters:
value (
Union[int,float,None]) – The Diffie-Hellmann group number.- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_ec2 import mixins as ec2_mixins phase1_dHGroup_numbers_request_list_value_property = ec2_mixins.CfnVPNConnectionPropsMixin.Phase1DHGroupNumbersRequestListValueProperty( value=123 )
Attributes
Phase1EncryptionAlgorithmsRequestListValueProperty
- class CfnVPNConnectionPropsMixin.Phase1EncryptionAlgorithmsRequestListValueProperty(*, value=None)
Bases:
objectSpecifies the encryption algorithm for the VPN tunnel for phase 1 IKE negotiations.
- Parameters:
value (
Optional[str]) – The value for the encryption algorithm.- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_ec2 import mixins as ec2_mixins phase1_encryption_algorithms_request_list_value_property = ec2_mixins.CfnVPNConnectionPropsMixin.Phase1EncryptionAlgorithmsRequestListValueProperty( value="value" )
Attributes
Phase1IntegrityAlgorithmsRequestListValueProperty
- class CfnVPNConnectionPropsMixin.Phase1IntegrityAlgorithmsRequestListValueProperty(*, value=None)
Bases:
objectSpecifies the integrity algorithm for the VPN tunnel for phase 1 IKE negotiations.
- Parameters:
value (
Optional[str]) – The value for the integrity algorithm.- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_ec2 import mixins as ec2_mixins phase1_integrity_algorithms_request_list_value_property = ec2_mixins.CfnVPNConnectionPropsMixin.Phase1IntegrityAlgorithmsRequestListValueProperty( value="value" )
Attributes
Phase2DHGroupNumbersRequestListValueProperty
- class CfnVPNConnectionPropsMixin.Phase2DHGroupNumbersRequestListValueProperty(*, value=None)
Bases:
objectSpecifies a Diffie-Hellman group number for the VPN tunnel for phase 2 IKE negotiations.
- Parameters:
value (
Union[int,float,None]) – The Diffie-Hellmann group number.- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_ec2 import mixins as ec2_mixins phase2_dHGroup_numbers_request_list_value_property = ec2_mixins.CfnVPNConnectionPropsMixin.Phase2DHGroupNumbersRequestListValueProperty( value=123 )
Attributes
Phase2EncryptionAlgorithmsRequestListValueProperty
- class CfnVPNConnectionPropsMixin.Phase2EncryptionAlgorithmsRequestListValueProperty(*, value=None)
Bases:
objectSpecifies the encryption algorithm for the VPN tunnel for phase 2 IKE negotiations.
- Parameters:
value (
Optional[str]) – The encryption algorithm.- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_ec2 import mixins as ec2_mixins phase2_encryption_algorithms_request_list_value_property = ec2_mixins.CfnVPNConnectionPropsMixin.Phase2EncryptionAlgorithmsRequestListValueProperty( value="value" )
Attributes
Phase2IntegrityAlgorithmsRequestListValueProperty
- class CfnVPNConnectionPropsMixin.Phase2IntegrityAlgorithmsRequestListValueProperty(*, value=None)
Bases:
objectSpecifies the integrity algorithm for the VPN tunnel for phase 2 IKE negotiations.
- Parameters:
value (
Optional[str]) – The integrity algorithm.- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_ec2 import mixins as ec2_mixins phase2_integrity_algorithms_request_list_value_property = ec2_mixins.CfnVPNConnectionPropsMixin.Phase2IntegrityAlgorithmsRequestListValueProperty( value="value" )
Attributes
VpnTunnelLogOptionsSpecificationProperty
- class CfnVPNConnectionPropsMixin.VpnTunnelLogOptionsSpecificationProperty(*, cloudwatch_log_options=None)
Bases:
objectOptions for logging VPN tunnel activity.
- Parameters:
cloudwatch_log_options (
Union[IResolvable,CloudwatchLogOptionsSpecificationProperty,Dict[str,Any],None]) – Options for sending VPN tunnel logs to CloudWatch.- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_ec2 import mixins as ec2_mixins vpn_tunnel_log_options_specification_property = ec2_mixins.CfnVPNConnectionPropsMixin.VpnTunnelLogOptionsSpecificationProperty( cloudwatch_log_options=ec2_mixins.CfnVPNConnectionPropsMixin.CloudwatchLogOptionsSpecificationProperty( bgp_log_enabled=False, bgp_log_group_arn="bgpLogGroupArn", bgp_log_output_format="bgpLogOutputFormat", log_enabled=False, log_group_arn="logGroupArn", log_output_format="logOutputFormat" ) )
Attributes
- cloudwatch_log_options
Options for sending VPN tunnel logs to CloudWatch.
VpnTunnelOptionsSpecificationProperty
- class CfnVPNConnectionPropsMixin.VpnTunnelOptionsSpecificationProperty(*, dpd_timeout_action=None, dpd_timeout_seconds=None, enable_tunnel_lifecycle_control=None, ike_versions=None, log_options=None, phase1_dh_group_numbers=None, phase1_encryption_algorithms=None, phase1_integrity_algorithms=None, phase1_lifetime_seconds=None, phase2_dh_group_numbers=None, phase2_encryption_algorithms=None, phase2_integrity_algorithms=None, phase2_lifetime_seconds=None, pre_shared_key=None, rekey_fuzz_percentage=None, rekey_margin_time_seconds=None, replay_window_size=None, startup_action=None, tunnel_inside_cidr=None, tunnel_inside_ipv6_cidr=None)
Bases:
objectThe tunnel options for a single VPN tunnel.
- Parameters:
dpd_timeout_action (
Optional[str]) – The action to take after DPD timeout occurs. Specifyrestartto restart the IKE initiation. Specifyclearto end the IKE session. Valid Values:clear|none|restartDefault:cleardpd_timeout_seconds (
Union[int,float,None]) – The number of seconds after which a DPD timeout occurs. Constraints: A value greater than or equal to 30. Default:30enable_tunnel_lifecycle_control (
Union[bool,IResolvable,None]) – Turn on or off tunnel endpoint lifecycle control feature.ike_versions (
Union[IResolvable,Sequence[Union[IResolvable,IKEVersionsRequestListValueProperty,Dict[str,Any]]],None]) – The IKE versions that are permitted for the VPN tunnel. Valid values:ikev1|ikev2log_options (
Union[IResolvable,VpnTunnelLogOptionsSpecificationProperty,Dict[str,Any],None]) – Options for logging VPN tunnel activity.phase1_dh_group_numbers (
Union[IResolvable,Sequence[Union[IResolvable,Phase1DHGroupNumbersRequestListValueProperty,Dict[str,Any]]],None]) – One or more Diffie-Hellman group numbers that are permitted for the VPN tunnel for phase 1 IKE negotiations. Valid values:2|14|15|16|17|18|19|20|21|22|23|24phase1_encryption_algorithms (
Union[IResolvable,Sequence[Union[IResolvable,Phase1EncryptionAlgorithmsRequestListValueProperty,Dict[str,Any]]],None]) – One or more encryption algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations. Valid values:AES128|AES256|AES128-GCM-16|AES256-GCM-16phase1_integrity_algorithms (
Union[IResolvable,Sequence[Union[IResolvable,Phase1IntegrityAlgorithmsRequestListValueProperty,Dict[str,Any]]],None]) – One or more integrity algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations. Valid values:SHA1|SHA2-256|SHA2-384|SHA2-512phase1_lifetime_seconds (
Union[int,float,None]) – The lifetime for phase 1 of the IKE negotiation, in seconds. Constraints: A value between 900 and 28,800. Default:28800phase2_dh_group_numbers (
Union[IResolvable,Sequence[Union[IResolvable,Phase2DHGroupNumbersRequestListValueProperty,Dict[str,Any]]],None]) – One or more Diffie-Hellman group numbers that are permitted for the VPN tunnel for phase 2 IKE negotiations. Valid values:2|5|14|15|16|17|18|19|20|21|22|23|24phase2_encryption_algorithms (
Union[IResolvable,Sequence[Union[IResolvable,Phase2EncryptionAlgorithmsRequestListValueProperty,Dict[str,Any]]],None]) – One or more encryption algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations. Valid values:AES128|AES256|AES128-GCM-16|AES256-GCM-16phase2_integrity_algorithms (
Union[IResolvable,Sequence[Union[IResolvable,Phase2IntegrityAlgorithmsRequestListValueProperty,Dict[str,Any]]],None]) – One or more integrity algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations. Valid values:SHA1|SHA2-256|SHA2-384|SHA2-512phase2_lifetime_seconds (
Union[int,float,None]) – The lifetime for phase 2 of the IKE negotiation, in seconds. Constraints: A value between 900 and 3,600. The value must be less than the value forPhase1LifetimeSeconds. Default:3600pre_shared_key (
Optional[str]) – The pre-shared key (PSK) to establish initial authentication between the virtual private gateway and customer gateway. Constraints: Allowed characters are alphanumeric characters, periods (.), and underscores (_). Must be between 8 and 64 characters in length and cannot start with zero (0).rekey_fuzz_percentage (
Union[int,float,None]) – The percentage of the rekey window (determined byRekeyMarginTimeSeconds) during which the rekey time is randomly selected. Constraints: A value between 0 and 100. Default:100rekey_margin_time_seconds (
Union[int,float,None]) – The margin time, in seconds, before the phase 2 lifetime expires, during which the AWS side of the VPN connection performs an IKE rekey. The exact time of the rekey is randomly selected based on the value forRekeyFuzzPercentage. Constraints: A value between 60 and half ofPhase2LifetimeSeconds. Default:270replay_window_size (
Union[int,float,None]) – The number of packets in an IKE replay window. Constraints: A value between 64 and 2048. Default:1024startup_action (
Optional[str]) – The action to take when the establishing the tunnel for the VPN connection. By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specifystartfor AWS to initiate the IKE negotiation. Valid Values:add|startDefault:addtunnel_inside_cidr (
Optional[str]) – The range of inside IP addresses for the tunnel. Any specified CIDR blocks must be unique across all VPN connections that use the same virtual private gateway. Constraints: A size /30 CIDR block from the169.254.0.0/16range. The following CIDR blocks are reserved and cannot be used: -169.254.0.0/30-169.254.1.0/30-169.254.2.0/30-169.254.3.0/30-169.254.4.0/30-169.254.5.0/30-169.254.169.252/30tunnel_inside_ipv6_cidr (
Optional[str]) – The range of inside IPv6 addresses for the tunnel. Any specified CIDR blocks must be unique across all VPN connections that use the same transit gateway. Constraints: A size /126 CIDR block from the localfd00::/8range.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_ec2 import mixins as ec2_mixins vpn_tunnel_options_specification_property = ec2_mixins.CfnVPNConnectionPropsMixin.VpnTunnelOptionsSpecificationProperty( dpd_timeout_action="dpdTimeoutAction", dpd_timeout_seconds=123, enable_tunnel_lifecycle_control=False, ike_versions=[{ "value": "value" }], log_options=ec2_mixins.CfnVPNConnectionPropsMixin.VpnTunnelLogOptionsSpecificationProperty( cloudwatch_log_options=ec2_mixins.CfnVPNConnectionPropsMixin.CloudwatchLogOptionsSpecificationProperty( bgp_log_enabled=False, bgp_log_group_arn="bgpLogGroupArn", bgp_log_output_format="bgpLogOutputFormat", log_enabled=False, log_group_arn="logGroupArn", log_output_format="logOutputFormat" ) ), phase1_dh_group_numbers=[ec2_mixins.CfnVPNConnectionPropsMixin.Phase1DHGroupNumbersRequestListValueProperty( value=123 )], phase1_encryption_algorithms=[ec2_mixins.CfnVPNConnectionPropsMixin.Phase1EncryptionAlgorithmsRequestListValueProperty( value="value" )], phase1_integrity_algorithms=[ec2_mixins.CfnVPNConnectionPropsMixin.Phase1IntegrityAlgorithmsRequestListValueProperty( value="value" )], phase1_lifetime_seconds=123, phase2_dh_group_numbers=[ec2_mixins.CfnVPNConnectionPropsMixin.Phase2DHGroupNumbersRequestListValueProperty( value=123 )], phase2_encryption_algorithms=[ec2_mixins.CfnVPNConnectionPropsMixin.Phase2EncryptionAlgorithmsRequestListValueProperty( value="value" )], phase2_integrity_algorithms=[ec2_mixins.CfnVPNConnectionPropsMixin.Phase2IntegrityAlgorithmsRequestListValueProperty( value="value" )], phase2_lifetime_seconds=123, pre_shared_key="preSharedKey", rekey_fuzz_percentage=123, rekey_margin_time_seconds=123, replay_window_size=123, startup_action="startupAction", tunnel_inside_cidr="tunnelInsideCidr", tunnel_inside_ipv6_cidr="tunnelInsideIpv6Cidr" )
Attributes
- dpd_timeout_action
The action to take after DPD timeout occurs.
Specify
restartto restart the IKE initiation. Specifyclearto end the IKE session.Valid Values:
clear|none|restartDefault:
clear
- dpd_timeout_seconds
The number of seconds after which a DPD timeout occurs.
Constraints: A value greater than or equal to 30.
Default:
30
- enable_tunnel_lifecycle_control
Turn on or off tunnel endpoint lifecycle control feature.
- ike_versions
The IKE versions that are permitted for the VPN tunnel.
Valid values:
ikev1|ikev2
- log_options
Options for logging VPN tunnel activity.
- phase1_dh_group_numbers
One or more Diffie-Hellman group numbers that are permitted for the VPN tunnel for phase 1 IKE negotiations.
Valid values:
2|14|15|16|17|18|19|20|21|22|23|24
- phase1_encryption_algorithms
One or more encryption algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations.
Valid values:
AES128|AES256|AES128-GCM-16|AES256-GCM-16
- phase1_integrity_algorithms
One or more integrity algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations.
Valid values:
SHA1|SHA2-256|SHA2-384|SHA2-512
- phase1_lifetime_seconds
The lifetime for phase 1 of the IKE negotiation, in seconds.
Constraints: A value between 900 and 28,800.
Default:
28800
- phase2_dh_group_numbers
One or more Diffie-Hellman group numbers that are permitted for the VPN tunnel for phase 2 IKE negotiations.
Valid values:
2|5|14|15|16|17|18|19|20|21|22|23|24
- phase2_encryption_algorithms
One or more encryption algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations.
Valid values:
AES128|AES256|AES128-GCM-16|AES256-GCM-16
- phase2_integrity_algorithms
One or more integrity algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations.
Valid values:
SHA1|SHA2-256|SHA2-384|SHA2-512
- phase2_lifetime_seconds
The lifetime for phase 2 of the IKE negotiation, in seconds.
Constraints: A value between 900 and 3,600. The value must be less than the value for
Phase1LifetimeSeconds.Default:
3600
The pre-shared key (PSK) to establish initial authentication between the virtual private gateway and customer gateway.
Constraints: Allowed characters are alphanumeric characters, periods (.), and underscores (_). Must be between 8 and 64 characters in length and cannot start with zero (0).
- rekey_fuzz_percentage
The percentage of the rekey window (determined by
RekeyMarginTimeSeconds) during which the rekey time is randomly selected.Constraints: A value between 0 and 100.
Default:
100
- rekey_margin_time_seconds
The margin time, in seconds, before the phase 2 lifetime expires, during which the AWS side of the VPN connection performs an IKE rekey.
The exact time of the rekey is randomly selected based on the value for
RekeyFuzzPercentage.Constraints: A value between 60 and half of
Phase2LifetimeSeconds.Default:
270
- replay_window_size
The number of packets in an IKE replay window.
Constraints: A value between 64 and 2048.
Default:
1024
- startup_action
The action to take when the establishing the tunnel for the VPN connection.
By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specify
startfor AWS to initiate the IKE negotiation.Valid Values:
add|startDefault:
add
- tunnel_inside_cidr
The range of inside IP addresses for the tunnel.
Any specified CIDR blocks must be unique across all VPN connections that use the same virtual private gateway.
Constraints: A size /30 CIDR block from the
169.254.0.0/16range. The following CIDR blocks are reserved and cannot be used:169.254.0.0/30169.254.1.0/30169.254.2.0/30169.254.3.0/30169.254.4.0/30169.254.5.0/30169.254.169.252/30
- tunnel_inside_ipv6_cidr
The range of inside IPv6 addresses for the tunnel.
Any specified CIDR blocks must be unique across all VPN connections that use the same transit gateway.
Constraints: A size /126 CIDR block from the local
fd00::/8range.