Skip to content

azurermVpnSite

Manages a VPN Site.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
new azurerm.provider.AzurermProvider(this, "azurerm", {
  features: [{}],
});
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
  this,
  "example",
  {
    location: "West Europe",
    name: "example-rg",
  }
);
const azurermVirtualWanExample = new azurerm.virtualWan.VirtualWan(
  this,
  "example_2",
  {
    location: azurermResourceGroupExample.location,
    name: "example-vwan",
    resource_group_name: azurermResourceGroupExample.name,
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermVirtualWanExample.overrideLogicalId("example");
const azurermVpnSiteExample = new azurerm.vpnSite.VpnSite(this, "example_3", {
  address_cidrs: ["10.0.0.0/24"],
  link: [
    {
      ip_address: "10.0.0.1",
      name: "link1",
    },
  ],
  location: azurermResourceGroupExample.location,
  name: "site1",
  resource_group_name: azurermResourceGroupExample.name,
  virtual_wan_id: azurermVirtualWanExample.id,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermVpnSiteExample.overrideLogicalId("example");

Arguments Reference

The following arguments are supported:

  • location - (Required) The Azure Region where the VPN Site should exist. Changing this forces a new VPN Site to be created.

  • name - (Required) The name which should be used for this VPN Site. Changing this forces a new VPN Site to be created.

  • resourceGroupName - (Required) The name of the Resource Group where the VPN Site should exist. Changing this forces a new VPN Site to be created.

  • virtualWanId - (Required) The ID of the Virtual Wan where this VPN site resides in. Changing this forces a new VPN Site to be created.

  • link - (Optional) One or more link blocks as defined below.

  • addressCidrs - (Optional) Specifies a list of IP address CIDRs that are located on your on-premises site. Traffic destined for these address spaces is routed to your local site.

-> NOTE: The addressCidrs has to be set when the linkBgp isn't specified.

  • deviceModel - (Optional) The model of the VPN device.

  • deviceVendor - (Optional) The name of the VPN device vendor.

  • o365Policy - (Optional) An o365Policy block as defined below.

  • tags - (Optional) A mapping of tags which should be assigned to the VPN Site.

A bgp block supports the following:

  • asn - (Required) The BGP speaker's ASN.

  • peeringAddress - (Required) The BGP peering IP address.

A link block supports the following:

  • name - (Required) The name which should be used for this VPN Site Link.

  • bgp - (Optional) A bgp block as defined above.

-> NOTE: The linkBgp has to be set when the addressCidrs isn't specified.

  • fqdn - (Optional) The FQDN of this VPN Site Link.

  • ipAddress - (Optional) The IP address of this VPN Site Link.

-> NOTE: Either fqdn or ipAddress should be specified.

  • providerName - (Optional) The name of the physical link at the VPN Site. Example: att, verizon.

  • speedInMbps - (Optional) The speed of the VPN device at the branch location in unit of mbps. Defaults to 0.

A o365Policy block supports the following:

  • trafficCategory - (Optional) A trafficCategory block as defined above.

A trafficCategory block supports the following:

  • allowEndpointEnabled - (Optional) Is allow endpoint enabled? The allow endpoint is required for connectivity to specific O365 services and features, but are not as sensitive to network performance and latency as other endpoint types. Defaults to false.

  • defaultEndpointEnabled - (Optional) Is default endpoint enabled? The default endpoint represents O365 services and dependencies that do not require any optimization, and can be treated by customer networks as normal Internet bound traffic. Defaults to false.

  • optimizeEndpointEnabled - (Optional) Is optimize endpoint enabled? The optimize endpoint is required for connectivity to every O365 service and represents the O365 scenario that is the most sensitive to network performance, latency, and availability. Defaults to false.

Attributes Reference

In addition to the Arguments listed above - the following Attributes are exported:

  • id - The ID of the VPN Site.

  • link - One or more link blocks as defined below.

A link block supports the following:

  • id - The ID of the VPN Site Link.

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

  • create - (Defaults to 30 minutes) Used when creating the VPN Site.
  • read - (Defaults to 5 minutes) Used when retrieving the VPN Site.
  • update - (Defaults to 30 minutes) Used when updating the VPN Site.
  • delete - (Defaults to 30 minutes) Used when deleting the VPN Site.

Import

VPN Sites can be imported using the resourceId, e.g.

terraform import azurerm_vpn_site.example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.Network/vpnSites/site1