Skip to content

Data Source: azurermVirtualNetworkGateway

Use this data source to access information about an existing Virtual Network Gateway.

Example Usage

import * as cdktf from "cdktf";
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const dataAzurermVirtualNetworkGatewayExample =
  new azurerm.dataAzurermVirtualNetworkGateway.DataAzurermVirtualNetworkGateway(
    this,
    "example",
    {
      name: "production",
      resource_group_name: "networking",
    }
  );
new cdktf.TerraformOutput(this, "virtual_network_gateway_id", {
  value: dataAzurermVirtualNetworkGatewayExample.id,
});

Argument Reference

  • name - Specifies the name of the Virtual Network Gateway.
  • resourceGroupName - Specifies the name of the resource group the Virtual Network Gateway is located in.

Attributes Reference

  • id - The ID of the Virtual Network Gateway.

  • location - The location/region where the Virtual Network Gateway is located.

  • type - The type of the Virtual Network Gateway.

  • vpnType - The routing type of the Virtual Network Gateway.

  • enableBgp - Will BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway.

  • activeActive - Is this an Active-Active Gateway?

  • privateIpAddressEnabled - Whether a private IP will be used for this gateway for connections.

  • defaultLocalNetworkGatewayId - The ID of the local network gateway through which outbound Internet traffic from the virtual network in which the gateway is created will be routed (forced tunneling). Refer to the Azure documentation on forced tunneling.

  • sku - Configuration of the size and capacity of the Virtual Network Gateway.

  • generation - The Generation of the Virtual Network Gateway.

  • ipConfiguration - One or two ipConfiguration blocks documented below.

  • vpnClientConfiguration - A vpnClientConfiguration block which is documented below.

  • tags - A mapping of tags assigned to the resource.

The ipConfiguration block supports:

  • id - The resource ID of the IP configuration.

  • name - A user-defined name of the IP configuration.

  • privateIpAddressAllocation - Defines how the private IP address of the gateways virtual interface is assigned.

  • subnetId - The ID of the gateway subnet of a virtual network in which the virtual network gateway will be created. It is mandatory that the associated subnet is named gatewaySubnet. Therefore, each virtual network can contain at most a single Virtual Network Gateway.

  • publicIpAddressId - The ID of the Public IP Address associated with the Virtual Network Gateway.

The vpnClientConfiguration block supports:

  • addressSpace - The address space out of which IP addresses for vpn clients will be taken. You can provide more than one address space, e.g. in CIDR notation.

  • aadTenant - AzureAD Tenant URL This setting is incompatible with the use of rootCertificate and revokedCertificate, radiusServerAddress, and radiusServerSecret.

  • aadAudience - The client id of the Azure VPN application. See Create an Active Directory (AD) tenant for P2S OpenVPN protocol connections for values This setting is incompatible with the use of rootCertificate and revokedCertificate, radiusServerAddress, and radiusServerSecret.

  • aadIssuer - The STS url for your tenant This setting is incompatible with the use of rootCertificate and revokedCertificate, radiusServerAddress, and radiusServerSecret.

  • rootCertificate - One or more rootCertificate blocks which are defined below. These root certificates are used to sign the client certificate used by the VPN clients to connect to the gateway. This setting is incompatible with the use of aadTenant, aadAudience, aadIssuer, radiusServerAddress, and radiusServerSecret.

  • revokedCertificate - One or more revokedCertificate blocks which are defined below. This setting is incompatible with the use of aadTenant, aadAudience, aadIssuer, radiusServerAddress, and radiusServerSecret.

  • radiusServerAddress - The address of the Radius server. This setting is incompatible with the use of aadTenant, aadAudience, aadIssuer, rootCertificate and revokedCertificate.

  • radiusServerSecret - The secret used by the Radius server. This setting is incompatible with the use of aadTenant, aadAudience, aadIssuer, rootCertificate and revokedCertificate.

  • vpnClientProtocols - List of the protocols supported by the vpn client. The supported values are sstp, ikeV2 and openVpn.

The bgpSettings block supports:

  • asn - The Autonomous System Number (ASN) to use as part of the BGP.

  • peeringAddress - The BGP peer IP address of the virtual network gateway. This address is needed to configure the created gateway as a BGP Peer on the on-premises VPN devices.

  • peerWeight - The weight added to routes which have been learned through BGP peering.

A customRoute block exports the following:

  • addressPrefixes - A list of address blocks reserved for this virtual network in CIDR notation.

The rootCertificate block supports:

  • name - The user-defined name of the root certificate.

  • publicCertData - The public certificate of the root certificate authority. The certificate must be provided in Base-64 encoded X.509 format (PEM).

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

  • read - (Defaults to 5 minutes) Used when retrieving the Virtual Network Gateway.