Resource: awsNetworkmanagerSiteToSiteVpnAttachment
Terraform resource for managing an AWS NetworkManager SiteToSiteAttachment.
Example Usage
Basic Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.networkmanagerSiteToSiteVpnAttachment.NetworkmanagerSiteToSiteVpnAttachment(
this,
"example",
{
coreNetworkId: "${awscc_networkmanager_core_network.example.id}",
vpnConnectionArn: "${aws_vpn_connection.example.arn}",
}
);
Full Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
import * as awscc from "./.gen/providers/awscc";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: awscc.
For a more precise conversion please use the --provider flag in convert.*/
const awsCustomerGatewayTest = new aws.customerGateway.CustomerGateway(
this,
"test",
{
bgpAsn: 65000,
ipAddress: "172.0.0.1",
type: "ipsec.1",
}
);
const awsNetworkmanagerGlobalNetworkTest =
new aws.networkmanagerGlobalNetwork.NetworkmanagerGlobalNetwork(
this,
"test_1",
{
tags: {
Name: "test",
},
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsNetworkmanagerGlobalNetworkTest.overrideLogicalId("test");
const awsVpnConnectionTest = new aws.vpnConnection.VpnConnection(
this,
"test_2",
{
customerGatewayId: awsCustomerGatewayTest.id,
tags: {
Name: "test",
},
type: "ipsec.1",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsVpnConnectionTest.overrideLogicalId("test");
const dataAwsNetworkmanagerCoreNetworkPolicyDocumentTest =
new aws.dataAwsNetworkmanagerCoreNetworkPolicyDocument.DataAwsNetworkmanagerCoreNetworkPolicyDocument(
this,
"test_3",
{
attachmentPolicies: [
{
action: {
associationMethod: "constant",
segment: "shared",
},
conditionLogic: "or",
conditions: [
{
key: "segment",
operator: "equals",
type: "tag-value",
value: "shared",
},
],
ruleNumber: 1,
},
],
coreNetworkConfiguration: [
{
asnRanges: ["64512-64555"],
edgeLocations: [
{
asn: 64512,
location: "${data.aws_region.current.name}",
},
],
vpnEcmpSupport: false,
},
],
segmentActions: [
{
action: "share",
mode: "attachment-route",
segment: "shared",
shareWith: ["*"],
},
],
segments: [
{
description: "SegmentForSharedServices",
name: "shared",
requireAttachmentAcceptance: true,
},
],
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
dataAwsNetworkmanagerCoreNetworkPolicyDocumentTest.overrideLogicalId("test");
const awsccNetworkmanagerCoreNetworkTest =
new awscc.networkmanagerCoreNetwork.NetworkmanagerCoreNetwork(
this,
"test_4",
{
global_network_id: awsNetworkmanagerGlobalNetworkTest.id,
policy_document: `\${jsonencode(jsondecode(${dataAwsNetworkmanagerCoreNetworkPolicyDocumentTest.json}))}`,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsccNetworkmanagerCoreNetworkTest.overrideLogicalId("test");
const awsNetworkmanagerSiteToSiteVpnAttachmentTest =
new aws.networkmanagerSiteToSiteVpnAttachment.NetworkmanagerSiteToSiteVpnAttachment(
this,
"test_5",
{
coreNetworkId: awsccNetworkmanagerCoreNetworkTest.id,
tags: {
segment: "shared",
},
vpnConnectionArn: awsVpnConnectionTest.arn,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsNetworkmanagerSiteToSiteVpnAttachmentTest.overrideLogicalId("test");
const awsNetworkmanagerAttachmentAccepterTest =
new aws.networkmanagerAttachmentAccepter.NetworkmanagerAttachmentAccepter(
this,
"test_6",
{
attachmentId: awsNetworkmanagerSiteToSiteVpnAttachmentTest.id,
attachmentType:
awsNetworkmanagerSiteToSiteVpnAttachmentTest.attachmentType,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsNetworkmanagerAttachmentAccepterTest.overrideLogicalId("test");
Argument Reference
The following arguments are required:
coreNetworkId- (Required) The ID of a core network for the VPN attachment.vpnConnectionArn- (Required) The ARN of the site-to-site VPN connection.
The following arguments are optional:
tags- (Optional) Key-value tags for the attachment. If configured with a providerdefaultTagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
arn- The ARN of the attachment.attachmentPolicyRuleNumber- The policy rule number associated with the attachment.attachmentType- The type of attachment.coreNetworkArn- The ARN of a core network.coreNetworkId- The ID of a core networkedgeLocation- The Region where the edge is located.id- The ID of the attachment.ownerAccountId- The ID of the attachment account owner.resourceArn- The attachment resource ARN.segmentName- The name of the segment attachment.state- The state of the attachment.tagsAll- A map of tags assigned to the resource, including those inherited from the providerdefaultTagsconfiguration block.
Import
awsNetworkmanagerSiteToSiteVpnAttachment can be imported using the attachment ID, e.g.