Skip to content

azurermPointToSiteVpnGateway

Manages a Point-to-Site VPN Gateway.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
  this,
  "example",
  {
    location: "West Europe",
    name: "example-resources",
  }
);
const azurermVirtualWanExample = new azurerm.virtualWan.VirtualWan(
  this,
  "example_1",
  {
    location: azurermResourceGroupExample.location,
    name: "example-virtualwan",
    resource_group_name: azurermResourceGroupExample.name,
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermVirtualWanExample.overrideLogicalId("example");
const azurermVpnServerConfigurationExample =
  new azurerm.vpnServerConfiguration.VpnServerConfiguration(this, "example_2", {
    client_root_certificate: [
      {
        name: "DigiCert-Federated-ID-Root-CA",
        public_cert_data:
          "MIIDuzCCAqOgAwIBAgIQCHTZWCM+IlfFIRXIvyKSrjANBgkqhkiG9w0BAQsFADBn\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSYwJAYDVQQDEx1EaWdpQ2VydCBGZWRlcmF0ZWQgSUQg\nUm9vdCBDQTAeFw0xMzAxMTUxMjAwMDBaFw0zMzAxMTUxMjAwMDBaMGcxCzAJBgNV\nBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp\nY2VydC5jb20xJjAkBgNVBAMTHURpZ2lDZXJ0IEZlZGVyYXRlZCBJRCBSb290IENB\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAEB4pcCqnNNOWE6Ur5j\nQPUH+1y1F9KdHTRSza6k5iDlXq1kGS1qAkuKtw9JsiNRrjltmFnzMZRBbX8Tlfl8\nzAhBmb6dDduDGED01kBsTkgywYPxXVTKec0WxYEEF0oMn4wSYNl0lt2eJAKHXjNf\nGTwiibdP8CUR2ghSM2sUTI8Nt1Omfc4SMHhGhYD64uJMbX98THQ/4LMGuYegou+d\nGTiahfHtjn7AboSEknwAMJHCh5RlYZZ6B1O4QbKJ+34Q0eKgnI3X6Vc9u0zf6DH8\nDk+4zQDYRRTqTnVO3VT8jzqDlCRuNtq6YvryOWN74/dq8LQhUnXHvFyrsdMaE1X2\nDwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNV\nHQ4EFgQUGRdkFnbGt1EWjKwbUne+5OaZvRYwHwYDVR0jBBgwFoAUGRdkFnbGt1EW\njKwbUne+5OaZvRYwDQYJKoZIhvcNAQELBQADggEBAHcqsHkrjpESqfuVTRiptJfP\n9JbdtWqRTmOf6uJi2c8YVqI6XlKXsD8C1dUUaaHKLUJzvKiazibVuBwMIT84AyqR\nQELn3e0BtgEymEygMU569b01ZPxoFSnNXc7qDZBDef8WfqAV/sxkTi8L9BkmFYfL\nuGLOhRJOFprPdoDIUBB+tmCl3oDcBy3vnUeOEioz8zAkprcb3GHwHAK+vHmmfgcn\nWsfMLH4JCLa/tRYL+Rw/N3ybCkDp00s0WUZ+AoDywSl0Q/ZEnNY0MsFiw6LyIdbq\nM/s/1JRtO3bDSzD9TazRVzn2oBqzSa8VgIo5C1nOnoAKJTlsClJKvIhnRlaLQqk=\n",
      },
    ],
    location: azurermResourceGroupExample.location,
    name: "example-config",
    resource_group_name: azurermResourceGroupExample.name,
    vpn_authentication_types: ["Certificate"],
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermVpnServerConfigurationExample.overrideLogicalId("example");
const azurermVirtualHubExample = new azurerm.virtualHub.VirtualHub(
  this,
  "example_3",
  {
    address_prefix: "10.0.0.0/23",
    location: azurermResourceGroupExample.location,
    name: "example-virtualhub",
    resource_group_name: azurermResourceGroupExample.name,
    virtual_wan_id: azurermVirtualWanExample.id,
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermVirtualHubExample.overrideLogicalId("example");
const azurermPointToSiteVpnGatewayExample =
  new azurerm.pointToSiteVpnGateway.PointToSiteVpnGateway(this, "example_4", {
    connection_configuration: [
      {
        name: "example-gateway-config",
        vpn_client_address_pool: [
          {
            address_prefixes: ["10.0.2.0/24"],
          },
        ],
      },
    ],
    location: azurermResourceGroupExample.location,
    name: "example-vpn-gateway",
    resource_group_name: azurermResourceGroupExample.name,
    scale_unit: 1,
    virtual_hub_id: azurermVirtualHubExample.id,
    vpn_server_configuration_id: azurermVpnServerConfigurationExample.id,
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermPointToSiteVpnGatewayExample.overrideLogicalId("example");

Argument Reference

The following arguments are supported:

  • name - (Required) Specifies the name of the Point-to-Site VPN Gateway. Changing this forces a new resource to be created.

  • resourceGroupName - (Required) The name of the resource group in which to create the Point-to-Site VPN Gateway. Changing this forces a new resource to be created.

  • location - (Required) Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.

  • connectionConfiguration - (Required) A connectionConfiguration block as defined below.

  • scaleUnit - (Required) The Scale Unit for this Point-to-Site VPN Gateway.

  • virtualHubId - (Required) The ID of the Virtual Hub where this Point-to-Site VPN Gateway should exist. Changing this forces a new resource to be created.

  • vpnServerConfigurationId - (Required) The ID of the VPN Server Configuration which this Point-to-Site VPN Gateway should use. Changing this forces a new resource to be created.

  • dnsServers - (Optional) A list of IP Addresses of DNS Servers for the Point-to-Site VPN Gateway.

  • routingPreferenceInternetEnabled - (Optional) Is the Routing Preference for the Public IP Interface of the VPN Gateway enabled? Defaults to false. Changing this forces a new resource to be created.

  • tags - (Optional) A mapping of tags to assign to the Point-to-Site VPN Gateway.

A connectionConfiguration block supports the following:

  • name - (Required) The Name which should be used for this Connection Configuration.

  • vpnClientAddressPool - (Required) A vpnClientAddressPool block as defined below.

  • route - (Optional) A route block as defined below.

  • internetSecurityEnabled - (Optional) Should Internet Security be enabled to secure internet traffic? Changing this forces a new resource to be created. Defaults to false.

A vpnClientAddressPool block supports the following:

  • addressPrefixes - (Required) A list of CIDR Ranges which should be used as Address Prefixes.

A route block supports the following:

  • associatedRouteTableId - (Required) The Virtual Hub Route Table resource id associated with this Routing Configuration.

  • inboundRouteMapId - (Optional) The resource ID of the Route Map associated with this Routing Configuration for inbound learned routes.

  • outboundRouteMapId - (Optional) The resource ID of the Route Map associated with this Routing Configuration for outbound advertised routes.

  • propagatedRouteTable - (Optional) A propagatedRouteTable block as defined below.

A propagatedRouteTable block supports the following:

  • ids - (Required) The list of Virtual Hub Route Table resource id which the routes will be propagated to.

  • labels - (Optional) The list of labels to logically group Virtual Hub Route Tables which the routes will be propagated to.

Attributes Reference

The following attributes are exported:

  • id - The ID of the Point-to-Site VPN Gateway.

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

  • create - (Defaults to 90 minutes) Used when creating the Point-to-Site VPN Gateway.
  • update - (Defaults to 90 minutes) Used when updating the Point-to-Site VPN Gateway.
  • read - (Defaults to 5 minutes) Used when retrieving the Point-to-Site VPN Gateway.
  • delete - (Defaults to 90 minutes) Used when deleting the Point-to-Site VPN Gateway.

Import

Point-to-Site VPN Gateway's can be imported using the resourceId, e.g.

terraform import azurerm_point_to_site_vpn_gateway.example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Network/p2sVpnGateways/gateway1