Resource: aws_vpn_connection

Manages a Site-to-Site VPN connection. A Site-to-Site VPN connection is an Internet Protocol security (IPsec) VPN connection between a VPC and an on-premises network. Any new Site-to-Site VPN connection that you create is an AWS VPN connection.

Example Usage

EC2 Transit Gateway

resource "aws_ec2_transit_gateway" "example" {}

resource "aws_customer_gateway" "example" {
  bgp_asn    = 65000
  ip_address = "172.0.0.1"
  type       = "ipsec.1"
}

resource "aws_vpn_connection" "example" {
  customer_gateway_id = aws_customer_gateway.example.id
  transit_gateway_id  = aws_ec2_transit_gateway.example.id
  type                = aws_customer_gateway.example.type
}

Virtual Private Gateway

resource "aws_vpc" "vpc" {
  cidr_block = "10.0.0.0/16"
}

resource "aws_vpn_gateway" "vpn_gateway" {
  vpc_id = aws_vpc.vpc.id
}

resource "aws_customer_gateway" "customer_gateway" {
  bgp_asn    = 65000
  ip_address = "172.0.0.1"
  type       = "ipsec.1"
}

resource "aws_vpn_connection" "main" {
  vpn_gateway_id      = aws_vpn_gateway.vpn_gateway.id
  customer_gateway_id = aws_customer_gateway.customer_gateway.id
  type                = "ipsec.1"
  static_routes_only  = true
}

AWS Site to Site Private VPN

resource "aws_dx_gateway" "example" {
  name            = "terraform_ipsec_vpn_example"
  amazon_side_asn = "64512"
}

resource "aws_ec2_transit_gateway" "example" {
  amazon_side_asn = "64513"
  description     = "terraform_ipsec_vpn_example"
  transit_gateway_cidr_blocks = [
    "10.0.0.0/24",
  ]
}

resource "aws_customer_gateway" "example" {
  bgp_asn    = 64514
  ip_address = "10.0.0.1"
  type       = "ipsec.1"

  tags = {
    Name = "terraform_ipsec_vpn_example"
  }
}

resource "aws_dx_gateway_association" "example" {
  dx_gateway_id         = aws_dx_gateway.example.id
  associated_gateway_id = aws_ec2_transit_gateway.example.id

  allowed_prefixes = [
    "10.0.0.0/8",
  ]
}

data "aws_ec2_transit_gateway_dx_gateway_attachment" "example" {
  transit_gateway_id = aws_ec2_transit_gateway.example.id
  dx_gateway_id      = aws_dx_gateway.example.id

  depends_on = [
    aws_dx_gateway_association.example
  ]
}

resource "aws_vpn_connection" "example" {
  customer_gateway_id                     = aws_customer_gateway.example.id
  outside_ip_address_type                 = "PrivateIpv4"
  transit_gateway_id                      = aws_ec2_transit_gateway.example.id
  transport_transit_gateway_attachment_id = data.aws_ec2_transit_gateway_dx_gateway_attachment.example.id
  type                                    = "ipsec.1"

  tags = {
    Name = "terraform_ipsec_vpn_example"
  }
}

Argument Reference

This resource supports the following arguments:

Log Options

The tunnel1_log_options and tunnel2_log_options block supports the following arguments:

CloudWatch Log Options

The cloudwatch_log_options blocks supports the following arguments:

Attribute Reference

This resource exports the following attributes in addition to the arguments above:

routes

vgw_telemetry

Import

In Terraform v1.5.0 and later, use an import block to import VPN Connections using the VPN connection id. For example:

import {
  to = aws_vpn_connection.testvpnconnection
  id = "vpn-40f41529"
}

Using terraform import, import VPN Connections using the VPN connection id. For example:

% terraform import aws_vpn_connection.testvpnconnection vpn-40f41529