Skip to content

azurermVpnGateway

Manages a VPN Gateway within a Virtual Hub, which enables Site-to-Site communication.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
  this,
  "example",
  {
    location: "West Europe",
    name: "example-resources",
  }
);
const azurermVirtualNetworkExample = new azurerm.virtualNetwork.VirtualNetwork(
  this,
  "example_1",
  {
    address_space: ["10.0.0.0/16"],
    location: azurermResourceGroupExample.location,
    name: "example-network",
    resource_group_name: azurermResourceGroupExample.name,
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermVirtualNetworkExample.overrideLogicalId("example");
const azurermVirtualWanExample = new azurerm.virtualWan.VirtualWan(
  this,
  "example_2",
  {
    location: azurermResourceGroupExample.location,
    name: "example-vwan",
    resource_group_name: azurermResourceGroupExample.name,
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermVirtualWanExample.overrideLogicalId("example");
const azurermVirtualHubExample = new azurerm.virtualHub.VirtualHub(
  this,
  "example_3",
  {
    address_prefix: "10.0.1.0/24",
    location: azurermResourceGroupExample.location,
    name: "example-hub",
    resource_group_name: azurermResourceGroupExample.name,
    virtual_wan_id: azurermVirtualWanExample.id,
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermVirtualHubExample.overrideLogicalId("example");
const azurermVpnGatewayExample = new azurerm.vpnGateway.VpnGateway(
  this,
  "example_4",
  {
    location: azurermResourceGroupExample.location,
    name: "example-vpng",
    resource_group_name: azurermResourceGroupExample.name,
    virtual_hub_id: azurermVirtualHubExample.id,
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermVpnGatewayExample.overrideLogicalId("example");

Argument Reference

The following arguments are supported:

  • name - (Required) The Name which should be used for this VPN Gateway. Changing this forces a new resource to be created.

  • resourceGroupName - (Required) The Name of the Resource Group in which this VPN Gateway should be created. Changing this forces a new resource to be created.

  • location - (Required) The Azure location where this VPN Gateway should be created. Changing this forces a new resource to be created.

  • virtualHubId - (Required) The ID of the Virtual Hub within which this VPN Gateway should be created. Changing this forces a new resource to be created.

  • bgpRouteTranslationForNatEnabled - (Optional) Is BGP route translation for NAT on this VPN Gateway enabled? Defaults to false.

  • bgpSettings - (Optional) A bgpSettings block as defined below.

  • routingPreference - (Optional) Azure routing preference lets you to choose how your traffic routes between Azure and the internet. You can choose to route traffic either via the Microsoft network (default value, microsoftNetwork), or via the ISP network (public internet, set to internet). More context of the configuration can be found in the Microsoft Docs to create a VPN Gateway. Changing this forces a new resource to be created.

  • scaleUnit - (Optional) The Scale Unit for this VPN Gateway. Defaults to 1.

  • tags - (Optional) A mapping of tags to assign to the VPN Gateway.

A bgpSettings block supports the following:

  • asn - (Required) The ASN of the BGP Speaker. Changing this forces a new resource to be created.

  • peerWeight - (Required) The weight added to Routes learned from this BGP Speaker. Changing this forces a new resource to be created.

  • instance0BgpPeeringAddress - (Optional) An instanceBgpPeeringAddress block as defined below.

  • instance1BgpPeeringAddress - (Optional) An instanceBgpPeeringAddress block as defined below.

A instanceBgpPeeringAddress block supports the following:

  • customIps - (Required) A list of custom BGP peering addresses to assign to this instance.

Attributes Reference

In addition to the arguments above, the following attributes are exported:

  • id - The ID of the VPN Gateway.

  • bgpSettings - A bgpSettings block as defined below.

A bgpSettings block exports the following:

  • bgpPeeringAddress - The Address which should be used for the BGP Peering.

  • instance0BgpPeeringAddress - an instanceBgpPeeringAddress block as defined below.

  • instance1BgpPeeringAddress - an instanceBgpPeeringAddress block as defined below.

A instanceBgpPeeringAddress block exports the following:

  • ipConfigurationId - The pre-defined id of VPN Gateway IP Configuration.

  • defaultIps - The list of default BGP peering addresses which belong to the pre-defined VPN Gateway IP configuration.

  • tunnelIps - The list of tunnel public IP addresses which belong to the pre-defined VPN Gateway IP configuration.

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

  • create - (Defaults to 90 minutes) Used when creating the VPN Gateway.
  • update - (Defaults to 90 minutes) Used when updating the VPN Gateway.
  • read - (Defaults to 5 minutes) Used when retrieving the VPN Gateway.
  • delete - (Defaults to 90 minutes) Used when deleting the VPN Gateway.

Import

VPN Gateways can be imported using the resourceId, e.g.

terraform import azurerm_vpn_gateway.gateway1 /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Network/vpnGateways/gateway1