Syntax Properties Return values Examples See also

AWS::EC2::VPNConnection

Specifies a VPN connection between a virtual private gateway and a VPN customer gateway or a transit gateway and a VPN customer gateway.

To specify a VPN connection between a transit gateway and customer gateway, use the TransitGatewayId and CustomerGatewayId properties.

To specify a VPN connection between a virtual private gateway and customer gateway, use the VpnGatewayId and CustomerGatewayId properties.

For more information, see AWS Site-to-Site VPN in the AWS Site-to-Site VPN User Guide.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON


{
  "Type" : "AWS::EC2::VPNConnection",
  "Properties" : {
      "CustomerGatewayId" : String,
      "EnableAcceleration" : Boolean,
      "LocalIpv4NetworkCidr" : String,
      "LocalIpv6NetworkCidr" : String,
      "OutsideIpAddressType" : String,
      "RemoteIpv4NetworkCidr" : String,
      "RemoteIpv6NetworkCidr" : String,
      "StaticRoutesOnly" : Boolean,
      "Tags" : [ Tag, ... ],
      "TransitGatewayId" : String,
      "TransportTransitGatewayAttachmentId" : String,
      "TunnelInsideIpVersion" : String,
      "Type" : String,
      "VpnGatewayId" : String,
      "VpnTunnelOptionsSpecifications" : [ VpnTunnelOptionsSpecification, ... ]
    }
}

YAML


Type: AWS::EC2::VPNConnection
Properties:
  CustomerGatewayId: String
  EnableAcceleration: Boolean
  LocalIpv4NetworkCidr: String
  LocalIpv6NetworkCidr: String
  OutsideIpAddressType: String
  RemoteIpv4NetworkCidr: String
  RemoteIpv6NetworkCidr: String
  StaticRoutesOnly: Boolean
  Tags: 
    - Tag
  TransitGatewayId: String
  TransportTransitGatewayAttachmentId: String
  TunnelInsideIpVersion: String
  Type: String
  VpnGatewayId: String
  VpnTunnelOptionsSpecifications: 
    - VpnTunnelOptionsSpecification

Properties

CustomerGatewayId

The ID of the customer gateway at your end of the VPN connection.

Required: Yes

Type: String

Update requires: Replacement

EnableAcceleration

Indicate whether to enable acceleration for the VPN connection.

Default: false

Required: No

Type: Boolean

Update requires: Replacement

LocalIpv4NetworkCidr

The IPv4 CIDR on the customer gateway (on-premises) side of the VPN connection.

Default: 0.0.0.0/0

Required: No

Type: String

Update requires: Replacement

LocalIpv6NetworkCidr

The IPv6 CIDR on the customer gateway (on-premises) side of the VPN connection.

Default: ::/0

Required: No

Type: String

Update requires: Replacement

OutsideIpAddressType

The type of IPv4 address assigned to the outside interface of the customer gateway device.

Valid values: PrivateIpv4 | PublicIpv4

Default: PublicIpv4

Required: No

Type: String

Update requires: Replacement

RemoteIpv4NetworkCidr

The IPv4 CIDR on the AWS side of the VPN connection.

Default: 0.0.0.0/0

Required: No

Type: String

Update requires: Replacement

RemoteIpv6NetworkCidr

The IPv6 CIDR on the AWS side of the VPN connection.

Default: ::/0

Required: No

Type: String

Update requires: Replacement

StaticRoutesOnly

Indicates whether the VPN connection uses static routes only. Static routes must be used for devices that don't support BGP.

If you are creating a VPN connection for a device that does not support Border Gateway Protocol (BGP), you must specify true.

Required: No

Type: Boolean

Update requires: Replacement

Tags

Any tags assigned to the VPN connection.

Required: No

Type: Array of Tag

Update requires: No interruption

TransitGatewayId

The ID of the transit gateway associated with the VPN connection.

You must specify either TransitGatewayId or VpnGatewayId, but not both.

Required: Conditional

Type: String

Update requires: Replacement

TransportTransitGatewayAttachmentId

The transit gateway attachment ID to use for the VPN tunnel.

Required if OutsideIpAddressType is set to PrivateIpv4.

Required: No

Type: String

Update requires: Replacement

TunnelInsideIpVersion

Indicate whether the VPN tunnels process IPv4 or IPv6 traffic.

Default: ipv4

Required: No

Type: String

Allowed values: ipv4 | ipv6

Update requires: Replacement

Type

The type of VPN connection.

Required: Yes

Type: String

Allowed values: ipsec.1

Update requires: Replacement

VpnGatewayId

The ID of the virtual private gateway at the AWS side of the VPN connection.

You must specify either TransitGatewayId or VpnGatewayId, but not both.

Required: Conditional

Type: String

Update requires: Replacement

VpnTunnelOptionsSpecifications

The tunnel options for the VPN connection.

Required: No

Type: Array of VpnTunnelOptionsSpecification

Update requires: Replacement

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the ID of the VPN connection.

For more information about using the Ref function, see Ref.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

VpnConnectionId: The ID of the VPN connection.

Examples

VPN connection

The following example specifies a VPN connection between myVPNGateway and MyCustomerGateway.

JSON



"myVPNConnection" : {
   "Type" : "AWS::EC2::VPNConnection",
   "Properties" : {
      "Type" : "ipsec.1",
      "StaticRoutesOnly" : "true",
      "CustomerGatewayId" : {"Ref" : "myCustomerGateway"},
      "VpnGatewayId" : {"Ref" : "myVPNGateway"}
   }
}

YAML


   myVPNConnection: 
      Type: AWS::EC2::VPNConnection
      Properties: 
        Type: ipsec.1
        StaticRoutesOnly: true
        CustomerGatewayId: 
          !Ref myCustomerGateway
        VpnGatewayId: 
          !Ref myVPNGateway