The ALIYUN::VPC::VpnGateway resource creates a VPN gateway.
Syntax
{
"Type": "ALIYUN::VPC::VpnGateway",
"Properties": {
"VpcId": String,
"VSwitchId": String,
"Description": String,
"EnableIpsec": Boolean,
"AutoPay": Boolean,
"Period": Integer,
"EnableSsl": Boolean,
"Bandwidth": Integer,
"InstanceChargeType": String,
"SslConnections": Integer,
"Name": String,
"Tags": List,
"VpnType": String,
"NetworkType": String,
"DisasterRecoveryVSwitchId": String,
"ResourceGroupId": String
}
}Properties
|
Parameter |
Type |
Required |
Updates allowed |
Description |
Constraints |
|
VpcId |
String |
Yes |
No |
The VPC ID of the VPN gateway. |
None. |
|
VSwitchId |
String |
No |
No |
The vSwitch ID associated with the VPN gateway. |
None. |
|
Description |
String |
No |
Yes |
The description of the VPN gateway. |
The description must be 2 to 256 characters in length, start with a letter or a Chinese character, and must not start with |
|
EnableIpsec |
Boolean |
No |
No |
Whether to enable the IPsec-VPN feature. |
Valid values:
IPsec-VPN provides site-to-site connections. You can create an IPsec tunnel to securely connect an on-premises data center to a VPC or to connect two VPCs. |
|
AutoPay |
Boolean |
No |
No |
Whether to enable automatic payment for the subscription. |
Valid values:
|
|
Period |
Integer |
No |
No |
The subscription duration. |
Valid values:
Unit: month. This parameter is required when |
|
EnableSsl |
Boolean |
No |
No |
Whether to enable the SSL-VPN feature. |
Valid values:
SSL-VPN provides point-to-site VPN connections, which allow clients to connect directly to the VPN gateway without configuring a customer gateway. |
|
Bandwidth |
Integer |
Yes |
No |
The public bandwidth of the VPN gateway. |
Valid values:
Unit: Mbit/s. |
|
InstanceChargeType |
String |
No |
No |
The billing method of the VPN gateway. |
The value must be |
|
SslConnections |
Integer |
No |
No |
The maximum number of concurrent SSL-VPN client connections. |
None. |
|
ResourceGroupId |
String |
No |
Yes |
The ID of the resource group. |
None. |
|
Name |
String |
No |
Yes |
The name of the VPN gateway. |
The name must be 2 to 100 characters in length. It must start with a letter or a Chinese character, and can contain letters, Chinese characters, digits, underscores (_), and hyphens (-). The name cannot start with If you do not specify this parameter, the system uses the VPN gateway ID as its name. |
|
Tags |
List |
No |
Yes |
The tags to add to the VPN gateway. |
You can add up to 20 tags. For more information, see the Tag properties section. |
|
VpnType |
String |
No |
No |
The type of the VPN gateway. |
Valid values:
|
|
NetworkType |
String |
No |
No |
The network type of the VPN gateway. |
Valid values:
|
|
DisasterRecoveryVSwitchId |
String |
No |
No |
The secondary vSwitch ID associated with the VPN gateway. |
For information about the regions and availability zones that support the dual-tunnel mode for IPsec-VPN connections, see Upgrade an IPsec-VPN connection to dual-tunnel mode. |
Tag syntax
"Tags": [
{
"Key": String,
"Value": String
}
] Tag properties
|
Parameter |
Type |
Required |
Updates allowed |
Description |
Constraints |
|
Key |
String |
Yes |
No |
The tag key. |
The tag key can be 1 to 128 characters in length. It cannot start with |
|
Value |
String |
No |
No |
The tag value. |
The tag value can be 0 to 128 characters in length. It cannot start with |
Return values
Fn::GetAtt
-
OrderId: The ID of the order. -
VpnGatewayId: The ID of the VPN gateway. -
InternetIp: The public IP address of the VPN gateway. -
SslMaxConnections: The maximum number of concurrent SSL-VPN connections. -
Spec: The maximum bandwidth of the VPN gateway. -
DisasterRecoveryVSwitchId: The secondary vSwitch ID associated with the VPN gateway. -
VpnType: The type of the VPN gateway. -
VpcId: The VPC ID of the VPN gateway. -
SslVpnInternetIp: The public IP address of the SSL-VPN connection. -
DisasterRecoveryInternetIp: The secondary public IP address that is assigned to the IPsec-VPN connection in dual-tunnel mode. -
VSwitchId: The vSwitch ID associated with the VPN gateway. -
Arn: The Alibaba Cloud Resource Name (ARN) of the VPN gateway.
Examples
ROSTemplateFormatVersion: '2015-09-01'
Parameters:
AutoPay:
AllowedValues:
- 'True'
- 'true'
- 'False'
- 'false'
Default: true
Description: 'Specifies whether to automatically pay for the vpn gateway. Valid values:
True (default): Automatically pays for the vpn gateway.
False: Does not automatically pay for the vpn gateway.'
Type: Boolean
Bandwidth:
AllowedValues:
- 5
- 10
- 20
- 50
- 100
- 200
Description: 'The public bandwidth of the vpn gateway, in Mbit/s.
Valid values: 5, 10, 20, 50, 100, and 200.'
Type: Number
Description:
Description: 'A description of the vpn gateway.
The description must be 2 to 256 characters long, start with a letter or a Chinese character,
and must not start with http:// or https://.'
MaxLength: 256
MinLength: 2
Type: String
EnableIpsec:
AllowedValues:
- 'True'
- 'true'
- 'False'
- 'false'
Default: true
Description: 'Specifies whether to enable the IPsec-VPN feature. The IPsec-VPN feature provides
site-to-site connections. You can create an IPsec tunnel to securely connect your on-premises
data center to a VPC or to connect two VPCs. Valid values:
True (default): Enables the IPsec-VPN feature.
False: Disables the IPsec-VPN feature.'
Type: Boolean
EnableSsl:
AllowedValues:
- 'True'
- 'true'
- 'False'
- 'false'
Default: false
Description: 'Specifies whether to enable the SSL-VPN feature. This feature provides point-to-site VPN
connections, which allow clients to connect to the vpn gateway without the need
to configure a customer gateway. Valid values:
True: Enables the SSL-VPN feature.
False (default): Disables the SSL-VPN feature.'
Type: Boolean
InstanceChargeType:
AllowedValues:
- PREPAY
- POSTPAY
Default: PREPAY
Description: 'The billing method of the vpn gateway. Valid values are:
PREPAY, POSTPAY'
Type: String
Name:
Description: 'The name of the vpn gateway. If you do not specify this parameter, the ID of the vpn
gateway is used as its name.
The name must be 2 to 100 characters in length. It must start with a letter
or a Chinese character, can contain digits, underscores (_), and hyphens
(-), and cannot start with http:// or https://.'
MaxLength: 100
MinLength: 2
Type: String
Period:
AllowedValues:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 12
- 24
- 36
Description: 'The subscription duration, in months. Valid values: 1, 2, 3, 4, 5, 6, 7, 8, 9, 12, 24, and 36.
This parameter is required when InstanceChargeType is set to PREPAY.'
Type: Number
SslConnections:
Description: The maximum number of clients allowed to connect at the same time.
Type: Number
Tags:
Description: The tags to add to the instance. You can add a maximum of 20 tags.
Each tag consists of a key and a value, and the key is required.
MaxLength: 20
Type: Json
VSwitchId:
Description: The ID of the VSwitch to which the VPN gateway belongs.
Type: String
VpcId:
Description: The ID of the VPC to which the VPN gateway belongs.
Type: String
Resources:
VpnGateway:
Properties:
AutoPay:
Ref: AutoPay
Bandwidth:
Ref: Bandwidth
Description:
Ref: Description
EnableIpsec:
Ref: EnableIpsec
EnableSsl:
Ref: EnableSsl
InstanceChargeType:
Ref: InstanceChargeType
Name:
Ref: Name
Period:
Ref: Period
SslConnections:
Ref: SslConnections
Tags:
Ref: Tags
VSwitchId:
Ref: VSwitchId
VpcId:
Ref: VpcId
Type: ALIYUN::VPC::VpnGateway
Outputs:
InternetIp:
Description: The public IP address of the VPN gateway.
Value:
Fn::GetAtt:
- VpnGateway
- InternetIp
OrderId:
Description: The order ID.
Value:
Fn::GetAtt:
- VpnGateway
- OrderId
Spec:
Description: The specification of the VPN gateway.
Value:
Fn::GetAtt:
- VpnGateway
- Spec
SslMaxConnections:
Description: The maximum number of concurrent SSL-VPN connections.
Value:
Fn::GetAtt:
- VpnGateway
- SslMaxConnections
VpnGatewayId:
Description: The ID of the vpn gateway.
Value:
Fn::GetAtt:
- VpnGateway
- VpnGatewayId{
"ROSTemplateFormatVersion": "2015-09-01",
"Parameters": {
"EnableIpsec": {
"Type": "Boolean",
"Description": "Specifies whether to enable the IPsec-VPN feature. The IPsec-VPN feature provides site-to-site connections. You can create an IPsec tunnel to securely connect your on-premises data center to a VPC or to connect two VPCs. Valid values:\nTrue (default): Enables the IPsec-VPN feature.\nFalse: Disables the IPsec-VPN feature.",
"AllowedValues": [
"True",
"true",
"False",
"false"
],
"Default": true
},
"EnableSsl": {
"Type": "Boolean",
"Description": "Specifies whether to enable the SSL-VPN feature. This feature provides point-to-site VPN connections, which allow clients to connect to the vpn gateway without the need to configure a customer gateway. Valid values:\nTrue: Enables the SSL-VPN feature.\nFalse (default): Disables the SSL-VPN feature.",
"AllowedValues": [
"True",
"true",
"False",
"false"
],
"Default": false
},
"SslConnections": {
"Type": "Number",
"Description": "The maximum number of clients allowed to connect at the same time."
},
"Description": {
"Type": "String",
"Description": "A description of the vpn gateway.\nThe description must be 2 to 256 characters long, start with a letter or a Chinese character, and must not start with http:// or https://.",
"MinLength": 2,
"MaxLength": 256
},
"VpcId": {
"Type": "String",
"Description": "The ID of the VPC to which the VPN gateway belongs."
},
"InstanceChargeType": {
"Type": "String",
"Description": "The billing method of the vpn gateway. Valid values are:\nPREPAY, POSTPAY",
"AllowedValues": [
"PREPAY",
"POSTPAY"
],
"Default": "PREPAY"
},
"Bandwidth": {
"Type": "Number",
"Description": "The public bandwidth of the vpn gateway, in Mbit/s.\nValid values: 5, 10, 20, 50, 100, and 200.",
"AllowedValues": [
5,
10,
20,
50,
100,
200
]
},
"VSwitchId": {
"Type": "String",
"Description": "The ID of the VSwitch to which the VPN gateway belongs."
},
"Period": {
"Type": "Number",
"Description": "The subscription duration, in months. Valid values: 1, 2, 3, 4, 5, 6, 7, 8, 9, 12, 24, and 36.\nThis parameter is required when InstanceChargeType is set to PREPAY.",
"AllowedValues": [
1,
2,
3,
4,
5,
6,
7,
8,
9,
12,
24,
36
]
},
"AutoPay": {
"Type": "Boolean",
"Description": "Specifies whether to automatically pay for the vpn gateway. Valid values:\nTrue (default): Automatically pays for the vpn gateway.\nFalse: Does not automatically pay for the vpn gateway.",
"AllowedValues": [
"True",
"true",
"False",
"false"
],
"Default": true
},
"Tags": {
"Type": "Json",
"Description": "The tags to add to the instance. You can add a maximum of 20 tags. Each tag consists of a key and a value, and the key is required.",
"MaxLength": 20
},
"Name": {
"Type": "String",
"Description": "The name of the vpn gateway. If you do not specify this parameter, the ID of the vpn gateway is used as its name.\nThe name must be 2 to 100 characters in length. It must start with a letter or a Chinese character, can contain digits, underscores (_), and hyphens (-), and cannot start with http:// or https://.",
"MinLength": 2,
"MaxLength": 100
}
},
"Resources": {
"VpnGateway": {
"Type": "ALIYUN::VPC::VpnGateway",
"Properties": {
"EnableIpsec": {
"Ref": "EnableIpsec"
},
"EnableSsl": {
"Ref": "EnableSsl"
},
"SslConnections": {
"Ref": "SslConnections"
},
"Description": {
"Ref": "Description"
},
"VpcId": {
"Ref": "VpcId"
},
"InstanceChargeType": {
"Ref": "InstanceChargeType"
},
"Bandwidth": {
"Ref": "Bandwidth"
},
"VSwitchId": {
"Ref": "VSwitchId"
},
"Period": {
"Ref": "Period"
},
"AutoPay": {
"Ref": "AutoPay"
},
"Tags": {
"Ref": "Tags"
},
"Name": {
"Ref": "Name"
}
}
}
},
"Outputs": {
"InternetIp": {
"Description": "The public IP address of the VPN gateway.",
"Value": {
"Fn::GetAtt": [
"VpnGateway",
"InternetIp"
]
}
},
"VpnGatewayId": {
"Description": "The ID of the vpn gateway.",
"Value": {
"Fn::GetAtt": [
"VpnGateway",
"VpnGatewayId"
]
}
},
"OrderId": {
"Description": "The order ID.",
"Value": {
"Fn::GetAtt": [
"VpnGateway",
"OrderId"
]
}
},
"Spec": {
"Description": "The specification of the VPN gateway.",
"Value": {
"Fn::GetAtt": [
"VpnGateway",
"Spec"
]
}
},
"SslMaxConnections": {
"Description": "The maximum number of concurrent SSL-VPN connections.",
"Value": {
"Fn::GetAtt": [
"VpnGateway",
"SslMaxConnections"
]
}
}
}
}