Skip to content

azurermVpnGatewayNatRule

Manages a VPN Gateway NAT Rule.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
  this,
  "example",
  {
    location: "West Europe",
    name: "example-resources",
  }
);
const azurermVirtualWanExample = new azurerm.virtualWan.VirtualWan(
  this,
  "example_1",
  {
    location: azurermResourceGroupExample.location,
    name: "example-vwan",
    resource_group_name: azurermResourceGroupExample.name,
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermVirtualWanExample.overrideLogicalId("example");
const azurermVirtualHubExample = new azurerm.virtualHub.VirtualHub(
  this,
  "example_2",
  {
    address_prefix: "10.0.1.0/24",
    location: azurermResourceGroupExample.location,
    name: "example-vhub",
    resource_group_name: azurermResourceGroupExample.name,
    virtual_wan_id: azurermVirtualWanExample.id,
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermVirtualHubExample.overrideLogicalId("example");
const azurermVpnGatewayExample = new azurerm.vpnGateway.VpnGateway(
  this,
  "example_3",
  {
    location: azurermResourceGroupExample.location,
    name: "example-vpngateway",
    resource_group_name: azurermResourceGroupExample.name,
    virtual_hub_id: azurermVirtualHubExample.id,
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermVpnGatewayExample.overrideLogicalId("example");
const azurermVpnGatewayNatRuleExample =
  new azurerm.vpnGatewayNatRule.VpnGatewayNatRule(this, "example_4", {
    external_mapping: [
      {
        address_space: "192.168.21.0/26",
      },
    ],
    internal_mapping: [
      {
        address_space: "10.4.0.0/26",
      },
    ],
    name: "example-vpngatewaynatrule",
    resource_group_name: azurermResourceGroupExample.name,
    vpn_gateway_id: azurermVpnGatewayExample.id,
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermVpnGatewayNatRuleExample.overrideLogicalId("example");

Arguments Reference

The following arguments are supported:

  • name - (Required) The name which should be used for this VPN Gateway NAT Rule. Changing this forces a new resource to be created.

  • resourceGroupName - (Required) The Name of the Resource Group in which this VPN Gateway NAT Rule should be created. Changing this forces a new resource to be created.

  • vpnGatewayId - (Required) The ID of the VPN Gateway that this VPN Gateway NAT Rule belongs to. Changing this forces a new resource to be created.

  • externalMapping - (Optional) One or more externalMapping blocks as documented below.

  • internalMapping - (Optional) One or more internalMapping blocks as documented below.

  • ipConfigurationId - (Optional) The ID of the IP Configuration this VPN Gateway NAT Rule applies to. Possible values are instance0 and instance1.

  • mode - (Optional) The source NAT direction of the VPN NAT. Possible values are egressSnat and ingressSnat. Defaults to egressSnat. Changing this forces a new resource to be created.

  • type - (Optional) The type of the VPN Gateway NAT Rule. Possible values are dynamic and static. Defaults to static. Changing this forces a new resource to be created.

  • externalAddressSpaceMappings - (Optional) (Deprecated) A list of CIDR Ranges which are used for external mapping of the VPN Gateway NAT Rule.

\~> NOTE: externalAddressSpaceMappings is deprecated and will be removed in favour of the property externalMapping in version 4.0 of the AzureRM Provider.

  • internalAddressSpaceMappings - (Optional) (Deprecated) A list of CIDR Ranges which are used for internal mapping of the VPN Gateway NAT Rule.

\~> NOTE: internalAddressSpaceMappings is deprecated and will be removed in favour of the property internalMapping in version 4.0 of the AzureRM Provider.

A externalMapping block exports the following:

  • addressSpace - (Required) The string CIDR representing the address space for the VPN Gateway Nat Rule external mapping.

  • portRange - (Optional) The single port range for the VPN Gateway Nat Rule external mapping.

A internalMapping block exports the following:

  • addressSpace - (Required) The string CIDR representing the address space for the VPN Gateway Nat Rule internal mapping.

  • portRange - (Optional) The single port range for the VPN Gateway Nat Rule internal mapping.

Attributes Reference

In addition to the Arguments listed above - the following Attributes are exported:

  • id - The ID of the VPN Gateway NAT Rule.

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

  • create - (Defaults to 30 minutes) Used when creating the VPN Gateway NAT Rule.
  • read - (Defaults to 5 minutes) Used when retrieving the VPN Gateway NAT Rule.
  • update - (Defaults to 30 minutes) Used when updating the VPN Gateway NAT Rule.
  • delete - (Defaults to 30 minutes) Used when deleting the VPN Gateway NAT Rule.

Import

VPN Gateway NAT Rules can be imported using the resourceId, e.g.

terraform import azurerm_vpn_gateway_nat_rule.example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resGroup1/providers/Microsoft.Network/vpnGateways/vpnGateway1/natRules/natRule1