Creates a VPN connection between an existing virtual private gateway or transit gateway and a customer gateway. The supported connection type is ipsec.1.
The response includes information that you need to give to your network administrator to configure your customer gateway.
ImportantWe strongly recommend that you use HTTPS when calling this operation because the response contains sensitive cryptographic information for configuring your customer gateway device.
If you decide to shut down your VPN connection for any reason and later create a new VPN connection, you must reconfigure your customer gateway with the new information returned from this call.
This is an idempotent operation. If you perform the operation more than once, Amazon EC2 doesn't return an error.
For more information, see AWS Site-to-Site VPN in the AWS Site-to-Site VPN User Guide.
Request ParametersThe following parameters are for this specific action. For more information about required and optional parameters that are common to all actions, see Common Query Parameters.
The ID of the customer gateway.
Type: String
Required: Yes
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
Type: Boolean
Required: No
The options for the VPN connection.
Type: VpnConnectionOptionsSpecification object
Required: No
Specifies the storage mode for the pre-shared key (PSK). Valid values are Standard" (stored in the Site-to-Site VPN service) or SecretsManager (stored in AWS Secrets Manager).
Type: String
Required: No
The tags to apply to the VPN connection.
Type: Array of TagSpecification objects
Required: No
The ID of the transit gateway. If you specify a transit gateway, you cannot specify a virtual private gateway.
Type: String
Required: No
The type of VPN connection (ipsec.1).
Type: String
Required: Yes
The ID of the virtual private gateway. If you specify a virtual private gateway, you cannot specify a transit gateway.
Type: String
Required: No
The following elements are returned by the service.
The ID of the request.
Type: String
Information about the VPN connection.
Type: VpnConnection object
For information about the errors that are common to all actions, see Common client error codes.
Examples Example 1This example creates a VPN connection between the specified virtual private gateway and the specified customer gateway. The response includes configuration information for configuring the customer gateway device. Because it's a long set of information, we haven't included the complete response here. To see an example of the configuration information, see the Your customer gateway device.
Sample Requesthttps://ec2.amazonaws.com/?Action=CreateVpnConnection
&Type=ipsec.1
&CustomerGatewayId=cgw-112233445566aabbc
&VpnGatewayId=vgw-aabbccddee1234567
&AUTHPARAMS<CreateVpnConnectionResponse xmlns="http://ec2.amazonaws.com/doc/2016-11-15/">
<requestId>22896b9b-e2fe-4574-9a20-example</requestId>
<vpnConnection>
<vpnConnectionId>vpn-01234abcabc123456</vpnConnectionId>
<state>pending</state>
<customerGatewayConfiguration>...Customer gateway configuration data in escaped XML format...</customerGatewayConfiguration>
<customerGatewayId>cgw-112233445566aabbc</customerGatewayId>
<vpnGatewayId>vgw-aabbccddee1234567</vpnGatewayId>
<tagSet/>
<options>
<enableAcceleration>false</enableAcceleration>
<staticRoutesOnly>false</staticRoutesOnly>
<localIpv4NetworkCidr>0.0.0.0/0</localIpv4NetworkCidr>
<remoteIpv4NetworkCidr>0.0.0.0/0</remoteIpv4NetworkCidr>
<tunnelInsideIpVersion>ipv4</tunnelInsideIpVersion>
<tunnelOptionSet>
<item/>
<item/>
</tunnelOptionSet>
</options>
<routes/>
<category>VPN</category>
</vpnConnection>
</CreateVpnConnectionResponse>This example creates a VPN connection with the static routes option between the virtual private gateway with the ID vgw-8db04f81, and the customer gateway with the ID cgw-b4dc3961, for a device that does not support the Border Gateway Protocol (BGP).
https://ec2.amazonaws.com/?Action=CreateVpnConnection
&Type=ipsec.1
&CustomerGatewayId=cgw-b4dc3961
&VpnGatewayId=vgw-8db04f81
&Options.StaticRoutesOnly=true
&AUTHPARAMSThis example creates a VPN connection between the virtual private gateway with the ID vgw-8db04f81 and the customer gateway with the ID cgw-b4dc3961 and specifies the inside IP address CIDR block and a custom pre-shared key for each tunnel.
https://ec2.amazonaws.com/?Action=CreateVpnConnection
&Type=ipsec.1
&CustomerGatewayId=cgw-b4dc3961
&VpnGatewayId=vgw-8db04f81
&Options.TunnelOptions.1.PreSharedKey=wMp_IGfO1d1o9AT4lF6tJLFN4EXAMPLE
&Options.TunnelOptions.1.TunnelInsideCidr=169.254.44.110/30
&Options.TunnelOptions.2.PreSharedKey=HAM8lcnFYEvfl6gUrOatJLFN4EXAMPLE
&Options.TunnelOptions.2.TunnelInsideCidr=169.254.44.240/30
&AUTHPARAMSThis example creates a VPN connection between the specified transit gateway and the specified customer gateway. The VPN connection processes IPv6 traffic inside the tunnels, and the tunnel options for both tunnels specify that AWS must initiate the IKE negotiation. A tag with a key of Location and a value of NewYorkVPN is applied to the VPN connection.
https://ec2.amazonaws.com/?Action=CreateVpnConnection
&Type=ipsec.1
&CustomerGatewayId=cgw-112233445566aabbc
&TransitGatewayId=tgw-0123f96e7b3f5babc
&Options.StaticRoutesOnly=false
&Options.TunnelInsideIpVersion=ipv6
&Options.TunnelOptions.1.StartupAction=start
&Options.TunnelOptions.2.StartupAction=start
&TagSpecification.1.ResourceType=vpn-connection
&TagSpecification.1.Tag.1.Key=Location
&TagSpecification.1.Tag.1.Value=NewYorkVPN
&AUTHPARAMSFor more information about using this API in one of the language-specific AWS SDKs, see the following:
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4