CloudWiki

Amazon Web Service (AWS)

VPN Customer Gateway

Network
A customer gateway is a resource that you create in your VPC that represents the customer gateway device in your on-premises network for working with Site-to-Site VPN connection.
aws_customer_gateway
VPN Customer Gateway
attributes:
  • bgp_asn - (Required) The gateway's Border Gateway Protocol (BGP) Autonomous System Number (ASN).
  • certificate_arn - (Optional) The Amazon Resource Name (ARN) for the customer gateway certificate.
  • device_name - (Optional) A name for the customer gateway device.
  • ip_address - (Required) The IPv4 address for the customer gateway device's outside interface.
  • type - (Required) The type of customer gateway. The only type AWS supports at this time is "ipsec.1".
  • tags - (Optional) Tags to apply to the gateway. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Associating resources with a
VPN Customer Gateway
Resources do not "belong" to a
VPN Customer Gateway
Rather, one or more Security Groups are associated to a resource.
Create
VPN Customer Gateway
via Terraform:
The following HCL creates a customer gateway with the specified IP address for its outside interface.
Syntax:

resource "aws_customer_gateway" "main" {
 bgp_asn    = 65000
 ip_address = "172.83.124.10"
 type       = "ipsec.1"

 tags = {
   Name = "main-customer-gateway"
 }
}

Create
VPN Customer Gateway
via CLI:
Parametres:

create-customer-gateway
--bgp-asn <value>
[--public-ip <value>]
[--certificate-arn <value>]
--type <value>
[--tag-specifications <value>]
[--device-name <value>]
[--ip-address <value>]
[--dry-run | --no-dry-run]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
[--debug]
[--endpoint-url <value>]
[--no-verify-ssl]
[--no-paginate]
[--output <value>]
[--query <value>]
[--profile <value>]
[--region <value>]
[--version <value>]
[--color <value>]
[--no-sign-request]
[--ca-bundle <value>]
[--cli-read-timeout <value>]
[--cli-connect-timeout <value>]
[--cli-binary-format <value>]
[--no-cli-pager]
[--cli-auto-prompt]
[--no-cli-auto-prompt]

Example:

aws ec2 create-customer-gateway --type ipsec.1 --public-ip 12.1.2.3 --bgp-asn 65534

Best Practices for
VPN Customer Gateway

Categorized by Availability, Security & Compliance and Cost

No items found.
Explore all the rules our platform covers
All Resources