ALIYUN::VPC::VpnGateway - Resource Orchestration Service

ALIYUN::VPC::VpnGateway is used to create a VPN gateway.

Syntax

{
  "Type": "ALIYUN::VPC::VpnGateway",
  "Properties": {
    "VpcId": String,
    "VSwitchId": String,
    "Description": String,
    "EnableIpsec": Boolean,
    "AutoPay": Boolean,
    "Period": Integer,
    "EnableSsl": Boolean,
    "Bandwidth": Integer,
    "InstanceChargeType": String,
    "SslConnections": Integer,
    "Name": String,
    "Tags": List,
    "VpnType": String,
    "NetworkType": String,
    "DisasterRecoveryVSwitchId": String
  }
}

Properties

Property	Type	Required	Editable	Description	Constraint
VpcId	String	Yes	No	The ID of the VPC to which the VPN gateway belongs.	None.
VSwitchId	String	No	No	The ID of the vSwitch to which the VPN gateway belongs.	None.
Description	String	No	Yes	The description of the VPN gateway.	The description must be 2 to 256 characters in length. It must start with a letter but cannot start with `http://` or `https://`.
EnableIpsec	Boolean	No	No	Specifies whether to enable the IPsec-VPN feature.	Valid values: true (default) false The IPsec-VPN feature provides site-to-site connections. You can create an IPsec tunnel to connect a data center to a VPC, or connect two VPCs.
AutoPay	Boolean	No	No	Specifies whether to enable automatic payment for the VPN gateway.	Valid values: true (default) false
Period	Integer	No	No	The subscription duration.	Valid values: 1 2 3 4 5 6 7 8 9 12 24 36 Unit: months. This property is required when the InstanceChargeType parameter is set to PREPAY.
EnableSsl	Boolean	No	No	Specifies whether to enable the SSL-VPN feature for the VPN gateway.	Valid values: true false (default) The SSL-VPN feature provides point-to-site connections. You can use the client to access the VPN without configuring a gateway for the client.
Bandwidth	Integer	Yes	No	The public bandwidth of the VPN gateway.	Valid values: 5 10 20 50 100 Unit: Mbit/s.
InstanceChargeType	String	No	No	The billing method of the VPN gateway.	Set the value to PREPAY, which indicates that the billing method is subscription.
SslConnections	Integer	No	No	The maximum number of clients that can be connected at the same time.	None.
Name	String	No	Yes	The name of the VPN gateway.	The name must be 2 to 100 characters in length and can contain letters, digits, underscores (_), and hyphens (-). The name must start with a letter but cannot start with `http://` or `https://`. The default value is the ID of the VPN gateway.
Tags	List	No	Yes	The tags of the VPN gateway.	You can specify up to 20 tags. For more information, see Tags properties.
VpnType	String	No	No	The type of the VPN gateway.	Valid values: Normal (default) NationalStandard
NetworkType	String	No	No	The network type of the VPN gateway.	Valid values: public (default) private
DisasterRecoveryVSwitchId	String	No	No	The ID of the second vSwitch with which you want to associate the VPN gateway.	If you call this operation in a region that supports the IPsec-VPN connections in dual-tunnel mode, this property is required. You need to specify two vSwitches in different zones from the VPC associated with the VPN gateway to implement disaster recovery across zones. For a region that supports only one zone, disaster recovery across zones is not supported. We recommend that you specify two vSwitches in the zone to implement high availability. You can specify the same vSwitch. For more information about the regions and zones that support the IPsec-VPN connections in dual-tunnel mode, see IPsec-VPN connections support the dual-tunnel mode.

Tags syntax

"Tags": [
  {
    "Key": String,
    "Value": String
  }
]

Tags properties

Property	Type	Required	Editable	Description	Constraint
Key	String	Yes	No	The key of the tag.	The tag key must be 1 to 128 characters in length, and cannot contain `http://` or `https://`. It cannot start with `aliyun` or `acs:`.
Value	String	No	No	The value of the tag.	The tag value can be up to 128 characters in length, and cannot contain `http://` or `https://`. It cannot start with `aliyun` or `acs:`.

Return values

Fn::GetAtt

OrderId: the order ID.
VpnGatewayId: the ID of the VPN gateway.
InternetIp: the public IP address of the VPN gateway.
SslMaxConnections: the maximum number of SSL-VPN clients that can be connected.
Spec: the maximum bandwidth of the VPN gateway.
DisasterRecoveryVSwitchId: the ID of the second vSwitch associated with the VPN gateway.
VpnType: the type of the VPN gateway.
VpcId: the ID of the VPC to which the VPN gateway belongs.
SslVpnInternetIp: the IP address of the SSL-VPN connection.
DisasterRecoveryInternetIp: the second IP address assigned by the system to create an IPsec-VPN connection.
VSwitchId: the ID of the vSwitch associated with the VPN gateway.

Examples

YAML format

ROSTemplateFormatVersion: '2015-09-01'
Parameters:
 AutoPay:
  AllowedValues:
  - 'True'
  - 'true'
  - 'False'
  - 'false'
  Default: true
  Description: 'Whether to automatically pay the bill of the VPN gateway, the value:

   True: Automatically pays the bill for the VPN gateway.

   False (default): Does not automatically pay the bill for the VPN gateway.'
  Type: Boolean
 Bandwidth:
  AllowedValues:
  - 5
  - 10
  - 20
  - 50
  - 100
  - 200
  Description: 'The public network bandwidth of the VPN gateway, in Mbps.

   Value: 5|10|20|50|100|200.'
  Type: Number
 Description:
  Description: 'Description of the VPN gateway.

   The length is 2-256 characters and must start with a letter or Chinese, but
   cannot start with http:// or https://.'
  MaxLength: 256
  MinLength: 2
  Type: String
 EnableIpsec:
  AllowedValues:
  - 'True'
  - 'true'
  - 'False'
  - 'false'
  Default: true
  Description: 'Whether to enable IPsec-VPN. The IPsec-VPN feature provides a site-to-site
   connection. You can securely connect your local data center network to a private
   network or two proprietary networks by creating an IPsec tunnel. Value:

   True (default): Enables the IPsec-VPN feature.

   False: The IPsec-VPN function is not enabled.'
  Type: Boolean
 EnableSsl:
  AllowedValues:
  - 'True'
  - 'true'
  - 'False'
  - 'false'
  Default: false
  Description: 'Enable the SSL-VPN function. Provide point-to-site VPN connection,
   no need to configure customer gateway, terminal directly access. Value:

   True: Enable SSL-VPN.

   False (default): Does not enable SSL-VPN.'
  Type: Boolean
 InstanceChargeType:
  AllowedValues:
  - PREPAY
  - POSTPAY
  Default: PREPAY
  Description: 'Accounting type of the VPN gateway, the value is:

   PREPAY, POSTPAY'
  Type: String
 Name:
  Description: 'Name of the VPN gateway. The default value is the ID of the VPN
   gateway.

   The length is 2~100 English or Chinese characters. It must start with a large
   or small letter or Chinese. It can contain numbers, underscores (_) and dashes
   (-). It cannot start with http:// or https://.'
  MaxLength: 100
  MinLength: 2
  Type: String
 Period:
  AllowedValues:
  - 1
  - 2
  - 3
  - 4
  - 5
  - 6
  - 7
  - 8
  - 9
  - 12
  - 24
  - 36
  Description: 'Purchase time, value: 1~9|12|24|36.

   When the value of the InstanceChargeType parameter is PREPAY, this parameter
   is mandatory.'
  Type: Number
 SslConnections:
  Description: The maximum number of clients allowed to connect at the same time.
  Type: Number
 Tags:
  Description: Tags to attach to instance. Max support 20 tags to add during create
   instance. Each tag with two properties Key and Value, and Key is required.
  MaxLength: 20
  Type: Json
 VSwitchId:
  Description: The ID of the VSwitch to which the VPN gateway belongs.
  Type: String
 VpcId:
  Description: VPC ID to which the VPN gateway belongs.
  Type: String
Resources:
 VpnGateway:
  Properties:
   AutoPay:
    Ref: AutoPay
   Bandwidth:
    Ref: Bandwidth
   Description:
    Ref: Description
   EnableIpsec:
    Ref: EnableIpsec
   EnableSsl:
    Ref: EnableSsl
   InstanceChargeType:
    Ref: InstanceChargeType
   Name:
    Ref: Name
   Period:
    Ref: Period
   SslConnections:
    Ref: SslConnections
   Tags:
    Ref: Tags
   VSwitchId:
    Ref: VSwitchId
   VpcId:
    Ref: VpcId
  Type: ALIYUN::VPC::VpnGateway
Outputs:
 InternetIp:
  Description: The public IP address of the VPN gateway.
  Value:
   Fn::GetAtt:
   - VpnGateway
   - InternetIp
 OrderId:
  Description: The order ID.
  Value:
   Fn::GetAtt:
   - VpnGateway
   - OrderId
 Spec:
  Description: The specification of the VPN gateway.
  Value:
   Fn::GetAtt:
   - VpnGateway
   - Spec
 SslMaxConnections:
  Description: The maximum number of concurrent SSL-VPN connections.
  Value:
   Fn::GetAtt:
   - VpnGateway
   - SslMaxConnections
 VpnGatewayId:
  Description: ID of the VPN gateway.
  Value:
   Fn::GetAtt:
   - VpnGateway
   - VpnGatewayId

JSON format

{
 "ROSTemplateFormatVersion": "2015-09-01",
 "Parameters": {
  "EnableIpsec": {
   "Type": "Boolean",
   "Description": "Whether to enable IPsec-VPN. The IPsec-VPN feature provides a site-to-site connection. You can securely connect your local data center network to a private network or two proprietary networks by creating an IPsec tunnel. Value:\nTrue (default): Enables the IPsec-VPN feature.\nFalse: The IPsec-VPN function is not enabled.",
   "AllowedValues": [
    "True",
    "true",
    "False",
    "false"
   ],
   "Default": true
  },
  "EnableSsl": {
   "Type": "Boolean",
   "Description": "Enable the SSL-VPN function. Provide point-to-site VPN connection, no need to configure customer gateway, terminal directly access. Value:\nTrue: Enable SSL-VPN.\nFalse (default): Does not enable SSL-VPN.",
   "AllowedValues": [
    "True",
    "true",
    "False",
    "false"
   ],
   "Default": false
  },
  "SslConnections": {
   "Type": "Number",
   "Description": "The maximum number of clients allowed to connect at the same time."
  },
  "Description": {
   "Type": "String",
   "Description": "Description of the VPN gateway.\nThe length is 2-256 characters and must start with a letter or Chinese, but cannot start with http:// or https://.",
   "MinLength": 2,
   "MaxLength": 256
  },
  "VpcId": {
   "Type": "String",
   "Description": "VPC ID to which the VPN gateway belongs."
  },
  "InstanceChargeType": {
   "Type": "String",
   "Description": "Accounting type of the VPN gateway, the value is:\nPREPAY, POSTPAY",
   "AllowedValues": [
    "PREPAY",
    "POSTPAY"
   ],
   "Default": "PREPAY"
  },
  "Bandwidth": {
   "Type": "Number",
   "Description": "The public network bandwidth of the VPN gateway, in Mbps.\nValue: 5|10|20|50|100|200.",
   "AllowedValues": [
    5,
    10,
    20,
    50,
    100,
    200
   ]
  },
  "VSwitchId": {
   "Type": "String",
   "Description": "The ID of the VSwitch to which the VPN gateway belongs."
  },
  "Period": {
   "Type": "Number",
   "Description": "Purchase time, value: 1~9|12|24|36.\nWhen the value of the InstanceChargeType parameter is PREPAY, this parameter is mandatory.",
   "AllowedValues": [
    1,
    2,
    3,
    4,
    5,
    6,
    7,
    8,
    9,
    12,
    24,
    36
   ]
  },
  "AutoPay": {
   "Type": "Boolean",
   "Description": "Whether to automatically pay the bill of the VPN gateway, the value:\nTrue: Automatically pays the bill for the VPN gateway.\nFalse (default): Does not automatically pay the bill for the VPN gateway.",
   "AllowedValues": [
    "True",
    "true",
    "False",
    "false"
   ],
   "Default": true
  },
  "Tags": {
   "Type": "Json",
   "Description": "Tags to attach to instance. Max support 20 tags to add during create instance. Each tag with two properties Key and Value, and Key is required.",
   "MaxLength": 20
  },
  "Name": {
   "Type": "String",
   "Description": "Name of the VPN gateway. The default value is the ID of the VPN gateway.\nThe length is 2~100 English or Chinese characters. It must start with a large or small letter or Chinese. It can contain numbers, underscores (_) and dashes (-). It cannot start with http:// or https://.",
   "MinLength": 2,
   "MaxLength": 100
  }
 },
 "Resources": {
  "VpnGateway": {
   "Type": "ALIYUN::VPC::VpnGateway",
   "Properties": {
    "EnableIpsec": {
     "Ref": "EnableIpsec"
    },
    "EnableSsl": {
     "Ref": "EnableSsl"
    },
    "SslConnections": {
     "Ref": "SslConnections"
    },
    "Description": {
     "Ref": "Description"
    },
    "VpcId": {
     "Ref": "VpcId"
    },
    "InstanceChargeType": {
     "Ref": "InstanceChargeType"
    },
    "Bandwidth": {
     "Ref": "Bandwidth"
    },
    "VSwitchId": {
     "Ref": "VSwitchId"
    },
    "Period": {
     "Ref": "Period"
    },
    "AutoPay": {
     "Ref": "AutoPay"
    },
    "Tags": {
     "Ref": "Tags"
    },
    "Name": {
     "Ref": "Name"
    }
   }
  }
 },
 "Outputs": {
  "InternetIp": {
   "Description": "The public IP address of the VPN gateway.",
   "Value": {
    "Fn::GetAtt": [
     "VpnGateway",
     "InternetIp"
    ]
   }
  },
  "VpnGatewayId": {
   "Description": "ID of the VPN gateway.",
   "Value": {
    "Fn::GetAtt": [
     "VpnGateway",
     "VpnGatewayId"
    ]
   }
  },
  "OrderId": {
   "Description": "The order ID.",
   "Value": {
    "Fn::GetAtt": [
     "VpnGateway",
     "OrderId"
    ]
   }
  },
  "Spec": {
   "Description": "The specification of the VPN gateway.",
   "Value": {
    "Fn::GetAtt": [
     "VpnGateway",
     "Spec"
    ]
   }
  },
  "SslMaxConnections": {
   "Description": "The maximum number of concurrent SSL-VPN connections.",
   "Value": {
    "Fn::GetAtt": [
     "VpnGateway",
     "SslMaxConnections"
    ]
   }
  }
 }
}