Data Source: azurermVirtualNetworkGatewayConnection
Use this data source to access information about an existing Virtual Network Gateway Connection.
Example Usage
import * as cdktf from "cdktf";
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const dataAzurermVirtualNetworkGatewayConnectionExample =
new azurerm.dataAzurermVirtualNetworkGatewayConnection.DataAzurermVirtualNetworkGatewayConnection(
this,
"example",
{
name: "production",
resource_group_name: "networking",
}
);
new cdktf.TerraformOutput(this, "virtual_network_gateway_connection_id", {
value: dataAzurermVirtualNetworkGatewayConnectionExample.id,
});
Argument Reference
name
- Specifies the name of the Virtual Network Gateway Connection.resourceGroupName
- Specifies the name of the resource group the Virtual Network Gateway Connection is located in.
Attributes Reference
-
id
- The ID of the Virtual Network Gateway Connection. -
location
- The location/region where the connection is located. -
type
- The type of connection. Valid options areiPsec
(Site-to-Site),expressRoute
(ExpressRoute), andvnet2Vnet
(VNet-to-VNet). -
virtualNetworkGatewayId
- The ID of the Virtual Network Gateway in which the connection is created. -
authorizationKey
- The authorization key associated with the Express Route Circuit. This field is present only if the type is an ExpressRoute connection. -
dpdTimeoutSeconds
- The dead peer detection timeout of this connection in seconds. -
expressRouteCircuitId
- The ID of the Express Route Circuit (i.e. whentype
isexpressRoute
). -
peerVirtualNetworkGatewayId
- The ID of the peer virtual network gateway when a VNet-to-VNet connection (i.e. whentype
isvnet2Vnet
). -
localAzureIpAddressEnabled
- Use private local Azure IP for the connection. -
localNetworkGatewayId
- The ID of the local network gateway when a Site-to-Site connection (i.e. whentype
isiPsec
). -
routingWeight
- The routing weight. -
sharedKey
- The shared IPSec key. -
enableBgp
- Iftrue
, BGP (Border Gateway Protocol) is enabled for this connection. -
customBgpAddresses
- (Optional) AcustomBgpAddresses
(Border Gateway Protocol custom IP Addresses) block which is documented below. The block can only be used onipSec
/activeactive
connections, For details about see the relevant section in the Azure documentation. -
expressRouteGatewayBypass
- Iftrue
, data packets will bypass ExpressRoute Gateway for data forwarding. This is only valid for ExpressRoute connections. -
usePolicyBasedTrafficSelectors
- Iftrue
, policy-based traffic selectors are enabled for this connection. Enabling policy-based traffic selectors requires anipsecPolicy
block. -
ipsecPolicy
(Optional) AipsecPolicy
block which is documented below. Only a single policy can be defined for a connection. For details on custom policies refer to the relevant section in the Azure documentation. -
trafficSelectorPolicy
One or moretrafficSelectorPolicy
blocks which are documented below. AtrafficSelectorPolicy
allows to specify a traffic selector policy proposal to be used in a virtual network gateway connection. For details about traffic selectors refer to the relevant section in the Azure documentation. -
tags
- A mapping of tags to assign to the resource.
The customBgpAddresses
block supports:
primary
(Required) single IP address that is part of theazurermVirtualNetworkGateway
ip_configuration (first one)secondary
(Required) single IP address that is part of theazurermVirtualNetworkGateway
ip_configuration (second one)
The ipsecPolicy
block supports:
-
dhGroup
- The DH group used in IKE phase 1 for initial SA. Valid options aredhGroup1
,dhGroup14
,dhGroup2
,dhGroup2048
,dhGroup24
,ecp256
,ecp384
, ornone
. -
ikeEncryption
- The IKE encryption algorithm. Valid options areaes128
,aes192
,aes256
,des
, ordes3
. -
ikeIntegrity
- The IKE integrity algorithm. Valid options aremd5
,sha1
,sha256
, orsha384
. -
ipsecEncryption
- The IPSec encryption algorithm. Valid options areaes128
,aes192
,aes256
,des
,des3
,gcmaes128
,gcmaes192
,gcmaes256
, ornone
. -
ipsecIntegrity
- The IPSec integrity algorithm. Valid options aregcmaes128
,gcmaes192
,gcmaes256
,md5
,sha1
, orsha256
. -
pfsGroup
- The DH group used in IKE phase 2 for new child SA. Valid options areecp256
,ecp384
,pfs1
,pfs2
,pfs2048
,pfs24
, ornone
. -
saDatasize
- The IPSec SA payload size in KB. Must be at least1024
KB. -
saLifetime
- The IPSec SA lifetime in seconds. Must be at least300
seconds.
The trafficSelectorPolicy
block supports:
-
localAddressCidrs
- List of local CIDRs. -
remoteAddressCidrs
- List of remote CIDRs.
Timeouts
The timeouts
block allows you to specify timeouts for certain actions:
read
- (Defaults to 5 minutes) Used when retrieving the Virtual Network Gateway Connection.