EC2.Client.
modify_vpn_tunnel_certificate
(**kwargs)¶Modifies the VPN tunnel endpoint certificate.
See also: AWS API Documentation
Request Syntax
response = client.modify_vpn_tunnel_certificate(
VpnConnectionId='string',
VpnTunnelOutsideIpAddress='string',
DryRun=True|False
)
[REQUIRED]
The ID of the Amazon Web Services Site-to-Site VPN connection.
[REQUIRED]
The external IP address of the VPN tunnel.
DryRunOperation
. Otherwise, it is UnauthorizedOperation
.dict
Response Syntax
{
'VpnConnection': {
'CustomerGatewayConfiguration': 'string',
'CustomerGatewayId': 'string',
'Category': 'string',
'State': 'pending'|'available'|'deleting'|'deleted',
'Type': 'ipsec.1',
'VpnConnectionId': 'string',
'VpnGatewayId': 'string',
'TransitGatewayId': 'string',
'CoreNetworkArn': 'string',
'CoreNetworkAttachmentArn': 'string',
'GatewayAssociationState': 'associated'|'not-associated'|'associating'|'disassociating',
'Options': {
'EnableAcceleration': True|False,
'StaticRoutesOnly': True|False,
'LocalIpv4NetworkCidr': 'string',
'RemoteIpv4NetworkCidr': 'string',
'LocalIpv6NetworkCidr': 'string',
'RemoteIpv6NetworkCidr': 'string',
'OutsideIpAddressType': 'string',
'TransportTransitGatewayAttachmentId': 'string',
'TunnelInsideIpVersion': 'ipv4'|'ipv6',
'TunnelOptions': [
{
'OutsideIpAddress': 'string',
'TunnelInsideCidr': 'string',
'TunnelInsideIpv6Cidr': 'string',
'PreSharedKey': 'string',
'Phase1LifetimeSeconds': 123,
'Phase2LifetimeSeconds': 123,
'RekeyMarginTimeSeconds': 123,
'RekeyFuzzPercentage': 123,
'ReplayWindowSize': 123,
'DpdTimeoutSeconds': 123,
'DpdTimeoutAction': 'string',
'Phase1EncryptionAlgorithms': [
{
'Value': 'string'
},
],
'Phase2EncryptionAlgorithms': [
{
'Value': 'string'
},
],
'Phase1IntegrityAlgorithms': [
{
'Value': 'string'
},
],
'Phase2IntegrityAlgorithms': [
{
'Value': 'string'
},
],
'Phase1DHGroupNumbers': [
{
'Value': 123
},
],
'Phase2DHGroupNumbers': [
{
'Value': 123
},
],
'IkeVersions': [
{
'Value': 'string'
},
],
'StartupAction': 'string',
'LogOptions': {
'CloudWatchLogOptions': {
'LogEnabled': True|False,
'LogGroupArn': 'string',
'LogOutputFormat': 'string'
}
}
},
]
},
'Routes': [
{
'DestinationCidrBlock': 'string',
'Source': 'Static',
'State': 'pending'|'available'|'deleting'|'deleted'
},
],
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
],
'VgwTelemetry': [
{
'AcceptedRouteCount': 123,
'LastStatusChange': datetime(2015, 1, 1),
'OutsideIpAddress': 'string',
'Status': 'UP'|'DOWN',
'StatusMessage': 'string',
'CertificateArn': 'string'
},
]
}
}
Response Structure
(dict) --
VpnConnection (dict) --
Information about the VPN connection.
CustomerGatewayConfiguration (string) --
The configuration information for the VPN connection's customer gateway (in the native XML format). This element is always present in the CreateVpnConnection response; however, it's present in the DescribeVpnConnections response only if the VPN connection is in the pending
or available
state.
CustomerGatewayId (string) --
The ID of the customer gateway at your end of the VPN connection.
Category (string) --
The category of the VPN connection. A value of VPN
indicates an Amazon Web Services VPN connection. A value of VPN-Classic
indicates an Amazon Web Services Classic VPN connection.
State (string) --
The current state of the VPN connection.
Type (string) --
The type of VPN connection.
VpnConnectionId (string) --
The ID of the VPN connection.
VpnGatewayId (string) --
The ID of the virtual private gateway at the Amazon Web Services side of the VPN connection.
TransitGatewayId (string) --
The ID of the transit gateway associated with the VPN connection.
CoreNetworkArn (string) --
The ARN of the core network.
CoreNetworkAttachmentArn (string) --
The ARN of the core network attachment.
GatewayAssociationState (string) --
The current state of the gateway association.
Options (dict) --
The VPN connection options.
EnableAcceleration (boolean) --
Indicates whether acceleration is enabled for the VPN connection.
StaticRoutesOnly (boolean) --
Indicates whether the VPN connection uses static routes only. Static routes must be used for devices that don't support BGP.
LocalIpv4NetworkCidr (string) --
The IPv4 CIDR on the customer gateway (on-premises) side of the VPN connection.
RemoteIpv4NetworkCidr (string) --
The IPv4 CIDR on the Amazon Web Services side of the VPN connection.
LocalIpv6NetworkCidr (string) --
The IPv6 CIDR on the customer gateway (on-premises) side of the VPN connection.
RemoteIpv6NetworkCidr (string) --
The IPv6 CIDR on the Amazon Web Services side of the VPN connection.
OutsideIpAddressType (string) --
The type of IPv4 address assigned to the outside interface of the customer gateway.
Valid values: PrivateIpv4
| PublicIpv4
Default: PublicIpv4
TransportTransitGatewayAttachmentId (string) --
The transit gateway attachment ID in use for the VPN tunnel.
TunnelInsideIpVersion (string) --
Indicates whether the VPN tunnels process IPv4 or IPv6 traffic.
TunnelOptions (list) --
Indicates the VPN tunnel options.
(dict) --
The VPN tunnel options.
OutsideIpAddress (string) --
The external IP address of the VPN tunnel.
TunnelInsideCidr (string) --
The range of inside IPv4 addresses for the tunnel.
TunnelInsideIpv6Cidr (string) --
The range of inside IPv6 addresses for the tunnel.
PreSharedKey (string) --
The pre-shared key (PSK) to establish initial authentication between the virtual private gateway and the customer gateway.
Phase1LifetimeSeconds (integer) --
The lifetime for phase 1 of the IKE negotiation, in seconds.
Phase2LifetimeSeconds (integer) --
The lifetime for phase 2 of the IKE negotiation, in seconds.
RekeyMarginTimeSeconds (integer) --
The margin time, in seconds, before the phase 2 lifetime expires, during which the Amazon Web Services side of the VPN connection performs an IKE rekey.
RekeyFuzzPercentage (integer) --
The percentage of the rekey window determined by RekeyMarginTimeSeconds
during which the rekey time is randomly selected.
ReplayWindowSize (integer) --
The number of packets in an IKE replay window.
DpdTimeoutSeconds (integer) --
The number of seconds after which a DPD timeout occurs.
DpdTimeoutAction (string) --
The action to take after a DPD timeout occurs.
Phase1EncryptionAlgorithms (list) --
The permitted encryption algorithms for the VPN tunnel for phase 1 IKE negotiations.
(dict) --
The encryption algorithm for phase 1 IKE negotiations.
Value (string) --
The value for the encryption algorithm.
Phase2EncryptionAlgorithms (list) --
The permitted encryption algorithms for the VPN tunnel for phase 2 IKE negotiations.
(dict) --
The encryption algorithm for phase 2 IKE negotiations.
Value (string) --
The encryption algorithm.
Phase1IntegrityAlgorithms (list) --
The permitted integrity algorithms for the VPN tunnel for phase 1 IKE negotiations.
(dict) --
The integrity algorithm for phase 1 IKE negotiations.
Value (string) --
The value for the integrity algorithm.
Phase2IntegrityAlgorithms (list) --
The permitted integrity algorithms for the VPN tunnel for phase 2 IKE negotiations.
(dict) --
The integrity algorithm for phase 2 IKE negotiations.
Value (string) --
The integrity algorithm.
Phase1DHGroupNumbers (list) --
The permitted Diffie-Hellman group numbers for the VPN tunnel for phase 1 IKE negotiations.
(dict) --
The Diffie-Hellmann group number for phase 1 IKE negotiations.
Value (integer) --
The Diffie-Hellmann group number.
Phase2DHGroupNumbers (list) --
The permitted Diffie-Hellman group numbers for the VPN tunnel for phase 2 IKE negotiations.
(dict) --
The Diffie-Hellmann group number for phase 2 IKE negotiations.
Value (integer) --
The Diffie-Hellmann group number.
IkeVersions (list) --
The IKE versions that are permitted for the VPN tunnel.
(dict) --
The internet key exchange (IKE) version permitted for the VPN tunnel.
Value (string) --
The IKE version.
StartupAction (string) --
The action to take when the establishing the VPN tunnels for a VPN connection.
LogOptions (dict) --
Options for logging VPN tunnel activity.
CloudWatchLogOptions (dict) --
Options for sending VPN tunnel logs to CloudWatch.
LogEnabled (boolean) --
Status of VPN tunnel logging feature. Default value is False
.
Valid values: True
| False
LogGroupArn (string) --
The Amazon Resource Name (ARN) of the CloudWatch log group to send logs to.
LogOutputFormat (string) --
Configured log format. Default format is json
.
Valid values: json
| text
Routes (list) --
The static routes associated with the VPN connection.
(dict) --
Describes a static route for a VPN connection.
DestinationCidrBlock (string) --
The CIDR block associated with the local subnet of the customer data center.
Source (string) --
Indicates how the routes were provided.
State (string) --
The current state of the static route.
Tags (list) --
Any tags assigned to the VPN connection.
(dict) --
Describes a tag.
Key (string) --
The key of the tag.
Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:
.
Value (string) --
The value of the tag.
Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.
VgwTelemetry (list) --
Information about the VPN tunnel.
(dict) --
Describes telemetry for a VPN tunnel.
AcceptedRouteCount (integer) --
The number of accepted routes.
LastStatusChange (datetime) --
The date and time of the last change in status.
OutsideIpAddress (string) --
The Internet-routable IP address of the virtual private gateway's outside interface.
Status (string) --
The status of the VPN tunnel.
StatusMessage (string) --
If an error occurs, a description of the error.
CertificateArn (string) --
The Amazon Resource Name (ARN) of the VPN tunnel endpoint certificate.