EC2 / Client / describe_vpn_connections
describe_vpn_connections#
- EC2.Client.describe_vpn_connections(**kwargs)#
Describes one or more of your VPN connections.
For more information, see Amazon Web Services Site-to-Site VPN in the Amazon Web Services Site-to-Site VPN User Guide.
See also: AWS API Documentation
Request Syntax
response = client.describe_vpn_connections( Filters=[ { 'Name': 'string', 'Values': [ 'string', ] }, ], VpnConnectionIds=[ 'string', ], DryRun=True|False )
- Parameters:
Filters (list) –
One or more filters.
customer-gateway-configuration- The configuration information for the customer gateway.customer-gateway-id- The ID of a customer gateway associated with the VPN connection.state- The state of the VPN connection (pending|available|deleting|deleted).option.static-routes-only- Indicates whether the connection has static routes only. Used for devices that do not support Border Gateway Protocol (BGP).route.destination-cidr-block- The destination CIDR block. This corresponds to the subnet used in a customer data center.bgp-asn- The BGP Autonomous System Number (ASN) associated with a BGP device.tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the keyOwnerand the valueTeamA, specifytag:Ownerfor the filter name andTeamAfor the filter value.tag-key- The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.type- The type of VPN connection. Currently the only supported type isipsec.1.vpn-connection-id- The ID of the VPN connection.vpn-gateway-id- The ID of a virtual private gateway associated with the VPN connection.transit-gateway-id- The ID of a transit gateway associated with the VPN connection.
(dict) –
A filter name and value pair that is used to return a more specific list of results from a describe operation. Filters can be used to match a set of resources by specific criteria, such as tags, attributes, or IDs.
If you specify multiple filters, the filters are joined with an
AND, and the request returns only results that match all of the specified filters.Name (string) –
The name of the filter. Filter names are case-sensitive.
Values (list) –
The filter values. Filter values are case-sensitive. If you specify multiple values for a filter, the values are joined with an
OR, and the request returns all results that match any of the specified values.(string) –
VpnConnectionIds (list) –
One or more VPN connection IDs.
Default: Describes your VPN connections.
(string) –
DryRun (boolean) – Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is
DryRunOperation. Otherwise, it isUnauthorizedOperation.
- Return type:
dict
- Returns:
Response Syntax
{ 'VpnConnections': [ { 'Category': 'string', 'TransitGatewayId': 'string', 'CoreNetworkArn': 'string', 'CoreNetworkAttachmentArn': 'string', 'GatewayAssociationState': 'associated'|'not-associated'|'associating'|'disassociating', 'Options': { 'EnableAcceleration': True|False, 'StaticRoutesOnly': True|False, 'LocalIpv4NetworkCidr': 'string', 'RemoteIpv4NetworkCidr': 'string', 'LocalIpv6NetworkCidr': 'string', 'RemoteIpv6NetworkCidr': 'string', 'OutsideIpAddressType': 'string', 'TransportTransitGatewayAttachmentId': 'string', 'TunnelInsideIpVersion': 'ipv4'|'ipv6', 'TunnelOptions': [ { 'OutsideIpAddress': 'string', 'TunnelInsideCidr': 'string', 'TunnelInsideIpv6Cidr': 'string', 'PreSharedKey': 'string', 'Phase1LifetimeSeconds': 123, 'Phase2LifetimeSeconds': 123, 'RekeyMarginTimeSeconds': 123, 'RekeyFuzzPercentage': 123, 'ReplayWindowSize': 123, 'DpdTimeoutSeconds': 123, 'DpdTimeoutAction': 'string', 'Phase1EncryptionAlgorithms': [ { 'Value': 'string' }, ], 'Phase2EncryptionAlgorithms': [ { 'Value': 'string' }, ], 'Phase1IntegrityAlgorithms': [ { 'Value': 'string' }, ], 'Phase2IntegrityAlgorithms': [ { 'Value': 'string' }, ], 'Phase1DHGroupNumbers': [ { 'Value': 123 }, ], 'Phase2DHGroupNumbers': [ { 'Value': 123 }, ], 'IkeVersions': [ { 'Value': 'string' }, ], 'StartupAction': 'string', 'LogOptions': { 'CloudWatchLogOptions': { 'LogEnabled': True|False, 'LogGroupArn': 'string', 'LogOutputFormat': 'string' } }, 'EnableTunnelLifecycleControl': True|False }, ] }, 'Routes': [ { 'DestinationCidrBlock': 'string', 'Source': 'Static', 'State': 'pending'|'available'|'deleting'|'deleted' }, ], 'Tags': [ { 'Key': 'string', 'Value': 'string' }, ], 'VgwTelemetry': [ { 'AcceptedRouteCount': 123, 'LastStatusChange': datetime(2015, 1, 1), 'OutsideIpAddress': 'string', 'Status': 'UP'|'DOWN', 'StatusMessage': 'string', 'CertificateArn': 'string' }, ], 'VpnConnectionId': 'string', 'State': 'pending'|'available'|'deleting'|'deleted', 'CustomerGatewayConfiguration': 'string', 'Type': 'ipsec.1', 'CustomerGatewayId': 'string', 'VpnGatewayId': 'string' }, ] }
Response Structure
(dict) –
Contains the output of DescribeVpnConnections.
VpnConnections (list) –
Information about one or more VPN connections.
(dict) –
Describes a VPN connection.
Category (string) –
The category of the VPN connection. A value of
VPNindicates an Amazon Web Services VPN connection. A value ofVPN-Classicindicates an Amazon Web Services Classic VPN connection.TransitGatewayId (string) –
The ID of the transit gateway associated with the VPN connection.
CoreNetworkArn (string) –
The ARN of the core network.
CoreNetworkAttachmentArn (string) –
The ARN of the core network attachment.
GatewayAssociationState (string) –
The current state of the gateway association.
Options (dict) –
The VPN connection options.
EnableAcceleration (boolean) –
Indicates whether acceleration is enabled for the VPN connection.
StaticRoutesOnly (boolean) –
Indicates whether the VPN connection uses static routes only. Static routes must be used for devices that don’t support BGP.
LocalIpv4NetworkCidr (string) –
The IPv4 CIDR on the customer gateway (on-premises) side of the VPN connection.
RemoteIpv4NetworkCidr (string) –
The IPv4 CIDR on the Amazon Web Services side of the VPN connection.
LocalIpv6NetworkCidr (string) –
The IPv6 CIDR on the customer gateway (on-premises) side of the VPN connection.
RemoteIpv6NetworkCidr (string) –
The IPv6 CIDR on the Amazon Web Services side of the VPN connection.
OutsideIpAddressType (string) –
The type of IPv4 address assigned to the outside interface of the customer gateway.
Valid values:
PrivateIpv4|PublicIpv4Default:
PublicIpv4TransportTransitGatewayAttachmentId (string) –
The transit gateway attachment ID in use for the VPN tunnel.
TunnelInsideIpVersion (string) –
Indicates whether the VPN tunnels process IPv4 or IPv6 traffic.
TunnelOptions (list) –
Indicates the VPN tunnel options.
(dict) –
The VPN tunnel options.
OutsideIpAddress (string) –
The external IP address of the VPN tunnel.
TunnelInsideCidr (string) –
The range of inside IPv4 addresses for the tunnel.
TunnelInsideIpv6Cidr (string) –
The range of inside IPv6 addresses for the tunnel.
PreSharedKey (string) –
The pre-shared key (PSK) to establish initial authentication between the virtual private gateway and the customer gateway.
Phase1LifetimeSeconds (integer) –
The lifetime for phase 1 of the IKE negotiation, in seconds.
Phase2LifetimeSeconds (integer) –
The lifetime for phase 2 of the IKE negotiation, in seconds.
RekeyMarginTimeSeconds (integer) –
The margin time, in seconds, before the phase 2 lifetime expires, during which the Amazon Web Services side of the VPN connection performs an IKE rekey.
RekeyFuzzPercentage (integer) –
The percentage of the rekey window determined by
RekeyMarginTimeSecondsduring which the rekey time is randomly selected.ReplayWindowSize (integer) –
The number of packets in an IKE replay window.
DpdTimeoutSeconds (integer) –
The number of seconds after which a DPD timeout occurs.
DpdTimeoutAction (string) –
The action to take after a DPD timeout occurs.
Phase1EncryptionAlgorithms (list) –
The permitted encryption algorithms for the VPN tunnel for phase 1 IKE negotiations.
(dict) –
The encryption algorithm for phase 1 IKE negotiations.
Value (string) –
The value for the encryption algorithm.
Phase2EncryptionAlgorithms (list) –
The permitted encryption algorithms for the VPN tunnel for phase 2 IKE negotiations.
(dict) –
The encryption algorithm for phase 2 IKE negotiations.
Value (string) –
The encryption algorithm.
Phase1IntegrityAlgorithms (list) –
The permitted integrity algorithms for the VPN tunnel for phase 1 IKE negotiations.
(dict) –
The integrity algorithm for phase 1 IKE negotiations.
Value (string) –
The value for the integrity algorithm.
Phase2IntegrityAlgorithms (list) –
The permitted integrity algorithms for the VPN tunnel for phase 2 IKE negotiations.
(dict) –
The integrity algorithm for phase 2 IKE negotiations.
Value (string) –
The integrity algorithm.
Phase1DHGroupNumbers (list) –
The permitted Diffie-Hellman group numbers for the VPN tunnel for phase 1 IKE negotiations.
(dict) –
The Diffie-Hellmann group number for phase 1 IKE negotiations.
Value (integer) –
The Diffie-Hellmann group number.
Phase2DHGroupNumbers (list) –
The permitted Diffie-Hellman group numbers for the VPN tunnel for phase 2 IKE negotiations.
(dict) –
The Diffie-Hellmann group number for phase 2 IKE negotiations.
Value (integer) –
The Diffie-Hellmann group number.
IkeVersions (list) –
The IKE versions that are permitted for the VPN tunnel.
(dict) –
The internet key exchange (IKE) version permitted for the VPN tunnel.
Value (string) –
The IKE version.
StartupAction (string) –
The action to take when the establishing the VPN tunnels for a VPN connection.
LogOptions (dict) –
Options for logging VPN tunnel activity.
CloudWatchLogOptions (dict) –
Options for sending VPN tunnel logs to CloudWatch.
LogEnabled (boolean) –
Status of VPN tunnel logging feature. Default value is
False.Valid values:
True|FalseLogGroupArn (string) –
The Amazon Resource Name (ARN) of the CloudWatch log group to send logs to.
LogOutputFormat (string) –
Configured log format. Default format is
json.Valid values:
json|text
EnableTunnelLifecycleControl (boolean) –
Status of tunnel endpoint lifecycle control feature.
Routes (list) –
The static routes associated with the VPN connection.
(dict) –
Describes a static route for a VPN connection.
DestinationCidrBlock (string) –
The CIDR block associated with the local subnet of the customer data center.
Source (string) –
Indicates how the routes were provided.
State (string) –
The current state of the static route.
Tags (list) –
Any tags assigned to the VPN connection.
(dict) –
Describes a tag.
Key (string) –
The key of the tag.
Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with
aws:.Value (string) –
The value of the tag.
Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.
VgwTelemetry (list) –
Information about the VPN tunnel.
(dict) –
Describes telemetry for a VPN tunnel.
AcceptedRouteCount (integer) –
The number of accepted routes.
LastStatusChange (datetime) –
The date and time of the last change in status. This field is updated when changes in IKE (Phase 1), IPSec (Phase 2), or BGP status are detected.
OutsideIpAddress (string) –
The Internet-routable IP address of the virtual private gateway’s outside interface.
Status (string) –
The status of the VPN tunnel.
StatusMessage (string) –
If an error occurs, a description of the error.
CertificateArn (string) –
The Amazon Resource Name (ARN) of the VPN tunnel endpoint certificate.
VpnConnectionId (string) –
The ID of the VPN connection.
State (string) –
The current state of the VPN connection.
CustomerGatewayConfiguration (string) –
The configuration information for the VPN connection’s customer gateway (in the native XML format). This element is always present in the CreateVpnConnection response; however, it’s present in the DescribeVpnConnections response only if the VPN connection is in the
pendingoravailablestate.Type (string) –
The type of VPN connection.
CustomerGatewayId (string) –
The ID of the customer gateway at your end of the VPN connection.
VpnGatewayId (string) –
The ID of the virtual private gateway at the Amazon Web Services side of the VPN connection.