AWS Fundamentals Logo
AWS Fundamentals
AWS::EC2::VPNConnection

EC2 VPNConnection

Specifies a VPN connection between a virtual private gateway and a VPN customer gateway or a transit gateway and a VPN customer gateway. To specify a VPN connection between a transit gateway and customer gateway, use the TransitGatewayId and CustomerGatewayId properties. To specify a VPN connection between a virtual private gateway and customer gateway, use the VpnGatewayId and CustomerGatewayId properties. For more information, see [](https://docs.aws.amazon.com/vpn/latest...

Properties

18 configurable properties. 2 required. Click a row to see details.

Filter:
PropertyTypeFlags
CustomerGatewayId
string
Required
Type
string
RequiredCreate-only
EnableAcceleration
boolean
Create-only
LocalIpv4NetworkCidr
string
Create-only
LocalIpv6NetworkCidr
string
Create-only
OutsideIpAddressType
string
Create-only
PreSharedKeyStorage
string
Create-onlyWrite-only
RemoteIpv4NetworkCidr
string
Create-only
RemoteIpv6NetworkCidr
string
Create-only
StaticRoutesOnly
boolean
Create-only
Tags
Array<Tag>
TransitGatewayId
string
TransportTransitGatewayAttachmentId
string
Create-only
TunnelBandwidth
string
Create-only
TunnelInsideIpVersion
string
Create-only
VpnConcentratorId
string
Create-only
VpnGatewayId
string
VpnTunnelOptionsSpecifications
Array<VpnTunnelOptionsSpecification>

Return Values

Values returned after the resource is created. Access these with Fn::GetAtt.

AttributeTypeDescription
VpnConnectionIdstring-

Sample CloudFormation Template

A minimal template with required properties and common optional ones.

template.yaml
AWSTemplateFormatVersion: "2010-09-09"
Description: Sample template for AWS::EC2::VPNConnection

Resources:
  MyResource:
    Type: AWS::EC2::VPNConnection
    Properties:
      Type: "value"
      CustomerGatewayId: "my-customergatewayid"
      Tags:
        - Key: Environment
          Value: Production

Required IAM Permissions

Permissions CloudFormation needs in your IAM role to manage this resource.

read

ec2:DescribeVpnConnections

create

ec2:DescribeVpnConnectionsec2:CreateVpnConnectionec2:CreateTagslogs:CreateLogDeliverylogs:GetLogDeliverylogs:UpdateLogDeliverylogs:DeleteLogDeliverylogs:ListLogDeliveries

update

ec2:DescribeVpnConnectionsec2:ModifyVpnConnectionec2:ModifyVpnConnectionOptionsec2:ModifyVpnTunnelOptionsec2:CreateTagsec2:DeleteTagslogs:CreateLogDeliverylogs:GetLogDelivery

list

ec2:DescribeVpnConnections

delete

ec2:DescribeVpnConnectionsec2:DeleteVpnConnection

Get the EC2 Cheat Sheet

Everything you need to know about EC2 on one page. HD quality, print-friendly.

Download Free Infographic

Quick Facts

ServiceEC2
Properties19
Required2
TaggingSupported
Primary IDVpnConnectionId

Supported Operations

ReadCreateUpdateListDelete

Immutable After Creation

These properties cannot be changed after the resource is created. Updating them triggers a replacement.

TypeVpnConcentratorIdEnableAccelerationLocalIpv4NetworkCidrLocalIpv6NetworkCidrOutsideIpAddressTypeRemoteIpv4NetworkCidrRemoteIpv6NetworkCidrStaticRoutesOnlyTransportTransitGatewayAttachmentIdTunnelInsideIpVersionPreSharedKeyStorageTunnelBandwidth

Related Resources

External Links