describe_vpn_connections(**kwargs)¶Describes one or more of your VPN connections.
For more information, see Amazon Web Services Site-to-Site VPN in the Amazon Web Services Site-to-Site VPN User Guide .
See also: AWS API Documentation
Request Syntax
response = client.describe_vpn_connections(
Filters=[
{
'Name': 'string',
'Values': [
'string',
]
},
],
VpnConnectionIds=[
'string',
],
DryRun=True|False
)
One or more filters.
customer-gateway-configuration - The configuration information for the customer gateway.customer-gateway-id - The ID of a customer gateway associated with the VPN connection.state - The state of the VPN connection ( pending | available | deleting | deleted ).option.static-routes-only - Indicates whether the connection has static routes only. Used for devices that do not support Border Gateway Protocol (BGP).route.destination-cidr-block - The destination CIDR block. This corresponds to the subnet used in a customer data center.bgp-asn - The BGP Autonomous System Number (ASN) associated with a BGP device.tag :<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA , specify tag:Owner for the filter name and TeamA for the filter value.tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.type - The type of VPN connection. Currently the only supported type is ipsec.1 .vpn-connection-id - The ID of the VPN connection.vpn-gateway-id - The ID of a virtual private gateway associated with the VPN connection.transit-gateway-id - The ID of a transit gateway associated with the VPN connection.A filter name and value pair that is used to return a more specific list of results from a describe operation. Filters can be used to match a set of resources by specific criteria, such as tags, attributes, or IDs.
If you specify multiple filters, the filters are joined with an AND , and the request returns only results that match all of the specified filters.
The name of the filter. Filter names are case-sensitive.
The filter values. Filter values are case-sensitive. If you specify multiple values for a filter, the values are joined with an OR , and the request returns all results that match any of the specified values.
One or more VPN connection IDs.
Default: Describes your VPN connections.
DryRunOperation . Otherwise, it is UnauthorizedOperation .dict
Response Syntax
{
'VpnConnections': [
{
'CustomerGatewayConfiguration': 'string',
'CustomerGatewayId': 'string',
'Category': 'string',
'State': 'pending'|'available'|'deleting'|'deleted',
'Type': 'ipsec.1',
'VpnConnectionId': 'string',
'VpnGatewayId': 'string',
'TransitGatewayId': 'string',
'CoreNetworkArn': 'string',
'CoreNetworkAttachmentArn': 'string',
'GatewayAssociationState': 'associated'|'not-associated'|'associating'|'disassociating',
'Options': {
'EnableAcceleration': True|False,
'StaticRoutesOnly': True|False,
'LocalIpv4NetworkCidr': 'string',
'RemoteIpv4NetworkCidr': 'string',
'LocalIpv6NetworkCidr': 'string',
'RemoteIpv6NetworkCidr': 'string',
'OutsideIpAddressType': 'string',
'TransportTransitGatewayAttachmentId': 'string',
'TunnelInsideIpVersion': 'ipv4'|'ipv6',
'TunnelOptions': [
{
'OutsideIpAddress': 'string',
'TunnelInsideCidr': 'string',
'TunnelInsideIpv6Cidr': 'string',
'PreSharedKey': 'string',
'Phase1LifetimeSeconds': 123,
'Phase2LifetimeSeconds': 123,
'RekeyMarginTimeSeconds': 123,
'RekeyFuzzPercentage': 123,
'ReplayWindowSize': 123,
'DpdTimeoutSeconds': 123,
'DpdTimeoutAction': 'string',
'Phase1EncryptionAlgorithms': [
{
'Value': 'string'
},
],
'Phase2EncryptionAlgorithms': [
{
'Value': 'string'
},
],
'Phase1IntegrityAlgorithms': [
{
'Value': 'string'
},
],
'Phase2IntegrityAlgorithms': [
{
'Value': 'string'
},
],
'Phase1DHGroupNumbers': [
{
'Value': 123
},
],
'Phase2DHGroupNumbers': [
{
'Value': 123
},
],
'IkeVersions': [
{
'Value': 'string'
},
],
'StartupAction': 'string',
'LogOptions': {
'CloudWatchLogOptions': {
'LogEnabled': True|False,
'LogGroupArn': 'string',
'LogOutputFormat': 'string'
}
}
},
]
},
'Routes': [
{
'DestinationCidrBlock': 'string',
'Source': 'Static',
'State': 'pending'|'available'|'deleting'|'deleted'
},
],
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
],
'VgwTelemetry': [
{
'AcceptedRouteCount': 123,
'LastStatusChange': datetime(2015, 1, 1),
'OutsideIpAddress': 'string',
'Status': 'UP'|'DOWN',
'StatusMessage': 'string',
'CertificateArn': 'string'
},
]
},
]
}
Response Structure
(dict) --
Contains the output of DescribeVpnConnections.
VpnConnections (list) --
Information about one or more VPN connections.
(dict) --
Describes a VPN connection.
CustomerGatewayConfiguration (string) --
The configuration information for the VPN connection's customer gateway (in the native XML format). This element is always present in the CreateVpnConnection response; however, it's present in the DescribeVpnConnections response only if the VPN connection is in the pending or available state.
CustomerGatewayId (string) --
The ID of the customer gateway at your end of the VPN connection.
Category (string) --
The category of the VPN connection. A value of VPN indicates an Amazon Web Services VPN connection. A value of VPN-Classic indicates an Amazon Web Services Classic VPN connection.
State (string) --
The current state of the VPN connection.
Type (string) --
The type of VPN connection.
VpnConnectionId (string) --
The ID of the VPN connection.
VpnGatewayId (string) --
The ID of the virtual private gateway at the Amazon Web Services side of the VPN connection.
TransitGatewayId (string) --
The ID of the transit gateway associated with the VPN connection.
CoreNetworkArn (string) --
The ARN of the core network.
CoreNetworkAttachmentArn (string) --
The ARN of the core network attachment.
GatewayAssociationState (string) --
The current state of the gateway association.
Options (dict) --
The VPN connection options.
EnableAcceleration (boolean) --
Indicates whether acceleration is enabled for the VPN connection.
StaticRoutesOnly (boolean) --
Indicates whether the VPN connection uses static routes only. Static routes must be used for devices that don't support BGP.
LocalIpv4NetworkCidr (string) --
The IPv4 CIDR on the customer gateway (on-premises) side of the VPN connection.
RemoteIpv4NetworkCidr (string) --
The IPv4 CIDR on the Amazon Web Services side of the VPN connection.
LocalIpv6NetworkCidr (string) --
The IPv6 CIDR on the customer gateway (on-premises) side of the VPN connection.
RemoteIpv6NetworkCidr (string) --
The IPv6 CIDR on the Amazon Web Services side of the VPN connection.
OutsideIpAddressType (string) --
The type of IPv4 address assigned to the outside interface of the customer gateway.
Valid values: PrivateIpv4 | PublicIpv4
Default: PublicIpv4
TransportTransitGatewayAttachmentId (string) --
The transit gateway attachment ID in use for the VPN tunnel.
TunnelInsideIpVersion (string) --
Indicates whether the VPN tunnels process IPv4 or IPv6 traffic.
TunnelOptions (list) --
Indicates the VPN tunnel options.
(dict) --
The VPN tunnel options.
OutsideIpAddress (string) --
The external IP address of the VPN tunnel.
TunnelInsideCidr (string) --
The range of inside IPv4 addresses for the tunnel.
TunnelInsideIpv6Cidr (string) --
The range of inside IPv6 addresses for the tunnel.
PreSharedKey (string) --
The pre-shared key (PSK) to establish initial authentication between the virtual private gateway and the customer gateway.
Phase1LifetimeSeconds (integer) --
The lifetime for phase 1 of the IKE negotiation, in seconds.
Phase2LifetimeSeconds (integer) --
The lifetime for phase 2 of the IKE negotiation, in seconds.
RekeyMarginTimeSeconds (integer) --
The margin time, in seconds, before the phase 2 lifetime expires, during which the Amazon Web Services side of the VPN connection performs an IKE rekey.
RekeyFuzzPercentage (integer) --
The percentage of the rekey window determined by RekeyMarginTimeSeconds during which the rekey time is randomly selected.
ReplayWindowSize (integer) --
The number of packets in an IKE replay window.
DpdTimeoutSeconds (integer) --
The number of seconds after which a DPD timeout occurs.
DpdTimeoutAction (string) --
The action to take after a DPD timeout occurs.
Phase1EncryptionAlgorithms (list) --
The permitted encryption algorithms for the VPN tunnel for phase 1 IKE negotiations.
(dict) --
The encryption algorithm for phase 1 IKE negotiations.
Value (string) --
The value for the encryption algorithm.
Phase2EncryptionAlgorithms (list) --
The permitted encryption algorithms for the VPN tunnel for phase 2 IKE negotiations.
(dict) --
The encryption algorithm for phase 2 IKE negotiations.
Value (string) --
The encryption algorithm.
Phase1IntegrityAlgorithms (list) --
The permitted integrity algorithms for the VPN tunnel for phase 1 IKE negotiations.
(dict) --
The integrity algorithm for phase 1 IKE negotiations.
Value (string) --
The value for the integrity algorithm.
Phase2IntegrityAlgorithms (list) --
The permitted integrity algorithms for the VPN tunnel for phase 2 IKE negotiations.
(dict) --
The integrity algorithm for phase 2 IKE negotiations.
Value (string) --
The integrity algorithm.
Phase1DHGroupNumbers (list) --
The permitted Diffie-Hellman group numbers for the VPN tunnel for phase 1 IKE negotiations.
(dict) --
The Diffie-Hellmann group number for phase 1 IKE negotiations.
Value (integer) --
The Diffie-Hellmann group number.
Phase2DHGroupNumbers (list) --
The permitted Diffie-Hellman group numbers for the VPN tunnel for phase 2 IKE negotiations.
(dict) --
The Diffie-Hellmann group number for phase 2 IKE negotiations.
Value (integer) --
The Diffie-Hellmann group number.
IkeVersions (list) --
The IKE versions that are permitted for the VPN tunnel.
(dict) --
The internet key exchange (IKE) version permitted for the VPN tunnel.
Value (string) --
The IKE version.
StartupAction (string) --
The action to take when the establishing the VPN tunnels for a VPN connection.
LogOptions (dict) --
Options for logging VPN tunnel activity.
CloudWatchLogOptions (dict) --
Options for sending VPN tunnel logs to CloudWatch.
LogEnabled (boolean) --
Status of VPN tunnel logging feature. Default value is False .
Valid values: True | False
LogGroupArn (string) --
The Amazon Resource Name (ARN) of the CloudWatch log group to send logs to.
LogOutputFormat (string) --
Configured log format. Default format is json .
Valid values: json | text
Routes (list) --
The static routes associated with the VPN connection.
(dict) --
Describes a static route for a VPN connection.
DestinationCidrBlock (string) --
The CIDR block associated with the local subnet of the customer data center.
Source (string) --
Indicates how the routes were provided.
State (string) --
The current state of the static route.
Tags (list) --
Any tags assigned to the VPN connection.
(dict) --
Describes a tag.
Key (string) --
The key of the tag.
Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws: .
Value (string) --
The value of the tag.
Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.
VgwTelemetry (list) --
Information about the VPN tunnel.
(dict) --
Describes telemetry for a VPN tunnel.
AcceptedRouteCount (integer) --
The number of accepted routes.
LastStatusChange (datetime) --
The date and time of the last change in status.
OutsideIpAddress (string) --
The Internet-routable IP address of the virtual private gateway's outside interface.
Status (string) --
The status of the VPN tunnel.
StatusMessage (string) --
If an error occurs, a description of the error.
CertificateArn (string) --
The Amazon Resource Name (ARN) of the VPN tunnel endpoint certificate.