modify_vpn_tunnel_certificate

EC2.Client.modify_vpn_tunnel_certificate(**kwargs)

Modifies the VPN tunnel endpoint certificate.

See also: AWS API Documentation

Request Syntax

response = client.modify_vpn_tunnel_certificate(
    VpnConnectionId='string',
    VpnTunnelOutsideIpAddress='string',
    DryRun=True|False
)
Parameters
  • VpnConnectionId (string) --

    [REQUIRED]

    The ID of the Amazon Web Services Site-to-Site VPN connection.

  • VpnTunnelOutsideIpAddress (string) --

    [REQUIRED]

    The external IP address of the VPN tunnel.

  • DryRun (boolean) -- Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
Return type

dict

Returns

Response Syntax

{
    'VpnConnection': {
        'CustomerGatewayConfiguration': 'string',
        'CustomerGatewayId': 'string',
        'Category': 'string',
        'State': 'pending'|'available'|'deleting'|'deleted',
        'Type': 'ipsec.1',
        'VpnConnectionId': 'string',
        'VpnGatewayId': 'string',
        'TransitGatewayId': 'string',
        'CoreNetworkArn': 'string',
        'CoreNetworkAttachmentArn': 'string',
        'GatewayAssociationState': 'associated'|'not-associated'|'associating'|'disassociating',
        'Options': {
            'EnableAcceleration': True|False,
            'StaticRoutesOnly': True|False,
            'LocalIpv4NetworkCidr': 'string',
            'RemoteIpv4NetworkCidr': 'string',
            'LocalIpv6NetworkCidr': 'string',
            'RemoteIpv6NetworkCidr': 'string',
            'OutsideIpAddressType': 'string',
            'TransportTransitGatewayAttachmentId': 'string',
            'TunnelInsideIpVersion': 'ipv4'|'ipv6',
            'TunnelOptions': [
                {
                    'OutsideIpAddress': 'string',
                    'TunnelInsideCidr': 'string',
                    'TunnelInsideIpv6Cidr': 'string',
                    'PreSharedKey': 'string',
                    'Phase1LifetimeSeconds': 123,
                    'Phase2LifetimeSeconds': 123,
                    'RekeyMarginTimeSeconds': 123,
                    'RekeyFuzzPercentage': 123,
                    'ReplayWindowSize': 123,
                    'DpdTimeoutSeconds': 123,
                    'DpdTimeoutAction': 'string',
                    'Phase1EncryptionAlgorithms': [
                        {
                            'Value': 'string'
                        },
                    ],
                    'Phase2EncryptionAlgorithms': [
                        {
                            'Value': 'string'
                        },
                    ],
                    'Phase1IntegrityAlgorithms': [
                        {
                            'Value': 'string'
                        },
                    ],
                    'Phase2IntegrityAlgorithms': [
                        {
                            'Value': 'string'
                        },
                    ],
                    'Phase1DHGroupNumbers': [
                        {
                            'Value': 123
                        },
                    ],
                    'Phase2DHGroupNumbers': [
                        {
                            'Value': 123
                        },
                    ],
                    'IkeVersions': [
                        {
                            'Value': 'string'
                        },
                    ],
                    'StartupAction': 'string',
                    'LogOptions': {
                        'CloudWatchLogOptions': {
                            'LogEnabled': True|False,
                            'LogGroupArn': 'string',
                            'LogOutputFormat': 'string'
                        }
                    }
                },
            ]
        },
        'Routes': [
            {
                'DestinationCidrBlock': 'string',
                'Source': 'Static',
                'State': 'pending'|'available'|'deleting'|'deleted'
            },
        ],
        'Tags': [
            {
                'Key': 'string',
                'Value': 'string'
            },
        ],
        'VgwTelemetry': [
            {
                'AcceptedRouteCount': 123,
                'LastStatusChange': datetime(2015, 1, 1),
                'OutsideIpAddress': 'string',
                'Status': 'UP'|'DOWN',
                'StatusMessage': 'string',
                'CertificateArn': 'string'
            },
        ]
    }
}

Response Structure

  • (dict) --

    • VpnConnection (dict) --

      Information about the VPN connection.

      • CustomerGatewayConfiguration (string) --

        The configuration information for the VPN connection's customer gateway (in the native XML format). This element is always present in the CreateVpnConnection response; however, it's present in the DescribeVpnConnections response only if the VPN connection is in the pending or available state.

      • CustomerGatewayId (string) --

        The ID of the customer gateway at your end of the VPN connection.

      • Category (string) --

        The category of the VPN connection. A value of VPN indicates an Amazon Web Services VPN connection. A value of VPN-Classic indicates an Amazon Web Services Classic VPN connection.

      • State (string) --

        The current state of the VPN connection.

      • Type (string) --

        The type of VPN connection.

      • VpnConnectionId (string) --

        The ID of the VPN connection.

      • VpnGatewayId (string) --

        The ID of the virtual private gateway at the Amazon Web Services side of the VPN connection.

      • TransitGatewayId (string) --

        The ID of the transit gateway associated with the VPN connection.

      • CoreNetworkArn (string) --

        The ARN of the core network.

      • CoreNetworkAttachmentArn (string) --

        The ARN of the core network attachment.

      • GatewayAssociationState (string) --

        The current state of the gateway association.

      • Options (dict) --

        The VPN connection options.

        • EnableAcceleration (boolean) --

          Indicates whether acceleration is enabled for the VPN connection.

        • StaticRoutesOnly (boolean) --

          Indicates whether the VPN connection uses static routes only. Static routes must be used for devices that don't support BGP.

        • LocalIpv4NetworkCidr (string) --

          The IPv4 CIDR on the customer gateway (on-premises) side of the VPN connection.

        • RemoteIpv4NetworkCidr (string) --

          The IPv4 CIDR on the Amazon Web Services side of the VPN connection.

        • LocalIpv6NetworkCidr (string) --

          The IPv6 CIDR on the customer gateway (on-premises) side of the VPN connection.

        • RemoteIpv6NetworkCidr (string) --

          The IPv6 CIDR on the Amazon Web Services side of the VPN connection.

        • OutsideIpAddressType (string) --

          The type of IPv4 address assigned to the outside interface of the customer gateway.

          Valid values: PrivateIpv4 | PublicIpv4

          Default: PublicIpv4

        • TransportTransitGatewayAttachmentId (string) --

          The transit gateway attachment ID in use for the VPN tunnel.

        • TunnelInsideIpVersion (string) --

          Indicates whether the VPN tunnels process IPv4 or IPv6 traffic.

        • TunnelOptions (list) --

          Indicates the VPN tunnel options.

          • (dict) --

            The VPN tunnel options.

            • OutsideIpAddress (string) --

              The external IP address of the VPN tunnel.

            • TunnelInsideCidr (string) --

              The range of inside IPv4 addresses for the tunnel.

            • TunnelInsideIpv6Cidr (string) --

              The range of inside IPv6 addresses for the tunnel.

            • PreSharedKey (string) --

              The pre-shared key (PSK) to establish initial authentication between the virtual private gateway and the customer gateway.

            • Phase1LifetimeSeconds (integer) --

              The lifetime for phase 1 of the IKE negotiation, in seconds.

            • Phase2LifetimeSeconds (integer) --

              The lifetime for phase 2 of the IKE negotiation, in seconds.

            • RekeyMarginTimeSeconds (integer) --

              The margin time, in seconds, before the phase 2 lifetime expires, during which the Amazon Web Services side of the VPN connection performs an IKE rekey.

            • RekeyFuzzPercentage (integer) --

              The percentage of the rekey window determined by RekeyMarginTimeSeconds during which the rekey time is randomly selected.

            • ReplayWindowSize (integer) --

              The number of packets in an IKE replay window.

            • DpdTimeoutSeconds (integer) --

              The number of seconds after which a DPD timeout occurs.

            • DpdTimeoutAction (string) --

              The action to take after a DPD timeout occurs.

            • Phase1EncryptionAlgorithms (list) --

              The permitted encryption algorithms for the VPN tunnel for phase 1 IKE negotiations.

              • (dict) --

                The encryption algorithm for phase 1 IKE negotiations.

                • Value (string) --

                  The value for the encryption algorithm.

            • Phase2EncryptionAlgorithms (list) --

              The permitted encryption algorithms for the VPN tunnel for phase 2 IKE negotiations.

              • (dict) --

                The encryption algorithm for phase 2 IKE negotiations.

                • Value (string) --

                  The encryption algorithm.

            • Phase1IntegrityAlgorithms (list) --

              The permitted integrity algorithms for the VPN tunnel for phase 1 IKE negotiations.

              • (dict) --

                The integrity algorithm for phase 1 IKE negotiations.

                • Value (string) --

                  The value for the integrity algorithm.

            • Phase2IntegrityAlgorithms (list) --

              The permitted integrity algorithms for the VPN tunnel for phase 2 IKE negotiations.

              • (dict) --

                The integrity algorithm for phase 2 IKE negotiations.

                • Value (string) --

                  The integrity algorithm.

            • Phase1DHGroupNumbers (list) --

              The permitted Diffie-Hellman group numbers for the VPN tunnel for phase 1 IKE negotiations.

              • (dict) --

                The Diffie-Hellmann group number for phase 1 IKE negotiations.

                • Value (integer) --

                  The Diffie-Hellmann group number.

            • Phase2DHGroupNumbers (list) --

              The permitted Diffie-Hellman group numbers for the VPN tunnel for phase 2 IKE negotiations.

              • (dict) --

                The Diffie-Hellmann group number for phase 2 IKE negotiations.

                • Value (integer) --

                  The Diffie-Hellmann group number.

            • IkeVersions (list) --

              The IKE versions that are permitted for the VPN tunnel.

              • (dict) --

                The internet key exchange (IKE) version permitted for the VPN tunnel.

                • Value (string) --

                  The IKE version.

            • StartupAction (string) --

              The action to take when the establishing the VPN tunnels for a VPN connection.

            • LogOptions (dict) --

              Options for logging VPN tunnel activity.

              • CloudWatchLogOptions (dict) --

                Options for sending VPN tunnel logs to CloudWatch.

                • LogEnabled (boolean) --

                  Status of VPN tunnel logging feature. Default value is False .

                  Valid values: True | False

                • LogGroupArn (string) --

                  The Amazon Resource Name (ARN) of the CloudWatch log group to send logs to.

                • LogOutputFormat (string) --

                  Configured log format. Default format is json .

                  Valid values: json | text

      • Routes (list) --

        The static routes associated with the VPN connection.

        • (dict) --

          Describes a static route for a VPN connection.

          • DestinationCidrBlock (string) --

            The CIDR block associated with the local subnet of the customer data center.

          • Source (string) --

            Indicates how the routes were provided.

          • State (string) --

            The current state of the static route.

      • Tags (list) --

        Any tags assigned to the VPN connection.

        • (dict) --

          Describes a tag.

          • Key (string) --

            The key of the tag.

            Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws: .

          • Value (string) --

            The value of the tag.

            Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.

      • VgwTelemetry (list) --

        Information about the VPN tunnel.

        • (dict) --

          Describes telemetry for a VPN tunnel.

          • AcceptedRouteCount (integer) --

            The number of accepted routes.

          • LastStatusChange (datetime) --

            The date and time of the last change in status.

          • OutsideIpAddress (string) --

            The Internet-routable IP address of the virtual private gateway's outside interface.

          • Status (string) --

            The status of the VPN tunnel.

          • StatusMessage (string) --

            If an error occurs, a description of the error.

          • CertificateArn (string) --

            The Amazon Resource Name (ARN) of the VPN tunnel endpoint certificate.