» aviatrix_site2cloud

The aviatrix_site2cloud resource creates and manages Aviatrix-created Site2Cloud connections.

» Example Usage

# Create an Aviatrix Site2cloud Connection
resource "aviatrix_site2cloud" "test_s2c" {
  vpc_id                     = "vpc-abcd1234"
  connection_name            = "my_conn"
  connection_type            = "unmapped"
  remote_gateway_type        = "generic"
  tunnel_type                = "udp"
  primary_cloud_gateway_name = "gw1"
  remote_gateway_ip          = "5.5.5.5"
  remote_subnet_cidr         = "10.23.0.0/24"
  local_subnet_cidr          = "10.20.1.0/24"
}

» Argument Reference

The following arguments are supported:

» Required

» HA

  • ha_enabled - (Optional) Specify whether or not to enable HA. Valid Values: true, false. NOTE: Please see notes here regarding HA requirements.
  • backup_gateway_name - (Optional) Backup gateway name. NOTE: Please see notes here regarding HA requirements.
  • backup_remote_gateway_ip - (Optional) Backup Remote Gateway IP. NOTE: Please see notes here regarding HA requirements.
  • backup_pre_shared_key - (Optional) Backup Pre-Shared Key.

» Custom Algorithms

  • custom_algorithms - (Optional) Switch to enable custom/non-default algorithms for IPSec Authentication/Encryption. Valid values: true, false. NOTE: Only supported for 'udp' tunnel type. Please see notes here for more information.
  • phase_1_authentication - (Optional) Phase one Authentication. Valid values: 'SHA-1', 'SHA-256', 'SHA-384' and 'SHA-512'. Default value: 'SHA-256'.
  • phase_2_authentication - (Optional) Phase two Authentication. Valid values: 'NO-AUTH', 'HMAC-SHA-1', 'HMAC-SHA-256', 'HMAC-SHA-384' and 'HMAC-SHA-512'. Default value: 'HMAC-SHA-256'.
  • phase_1_dh_groups - (Optional) Phase one DH Groups. Valid values: '1', '2', '5', '14', '15', '16', '17' and '18'. Default value: '14'.
  • phase_2_dh_groups - (Optional) Phase two DH Groups. Valid values: '1', '2', '5', '14', '15', '16', '17' and '18'. Default value: '14'.
  • phase_1_encryption - (Optional) Phase one Encryption. Valid values: '3DES', 'AES-128-CBC', 'AES-192-CBC' and 'AES-256-CBC'. Default value: 'AES-256-CBC'.
  • phase_2_encryption - (Optional) Phase two Encryption. Valid values: '3DES', 'AES-128-CBC', 'AES-192-CBC', 'AES-256-CBC', 'AES-128-GCM-64', 'AES-128-GCM-96' and 'AES-128-GCM-128'. Default value: 'AES-256-CBC'.

» Encryption over ExpressRoute/DirectConnect

» Misc.

  • pre_shared_key - (Optional) Pre-Shared Key. Only available for "udp" tunnel_type.
  • ssl_server_pool - (Optional) Specify ssl_server_pool for tunnel_type "tcp". Default value: "192.168.44.0/24". NOTE: Only supported for 'tcp' tunnel type. Please see notes here for more information.
  • enable_dead_peer_detection - (Optional) Enable/disable Deed Peer Detection for an existing site2cloud connection. Default value: true. NOTE: Please see notes here in regards to any deltas found in your state with the addition of this argument in R1.9
  • enable_active_active - (Optional) Enable/disable active active HA for an existing site2cloud connection. Valid values: true, false. Default value: false.
  • enable_ikev2 - (Optional) Switch to enable IKEv2 for policy-based site2cloud. Valid values: true, false. Default value: false.

» Attribute Reference

In addition to all arguments above, the following attributes are exported:

» Import

site2cloud can be imported using the connection_name and vpc_id, e.g.

$ terraform import aviatrix_site2cloud.test connection_name~vpc_id

» Notes

» custom_algorithms

Only supported for 'udp' tunnel type. If set to true, the six algorithm arguments cannot all be default value. If set to false, default values will be used for all six algorithm arguments.

» enable_dead_peer_detection

If you are using/upgraded to Aviatrix Terraform Provider R1.9+, and a site2cloud resource was originally created with a provider version <R1.9, you must do ‘terraform refresh’ to update and apply the attribute’s default value (true) into the state file.

» HA Enabled

The following arguments are only supported if the backup gateway is set up by enabling peering HA through the primary gateway resource by specifying a peering_ha_subnet and peering_ha_gw_size. For more information on site2cloud, please see the doc site here:

» ssl_server_pool

Only supported for 'tcp' tunnel type. If not set, default value will be used. If set, needs to be set to a different value than the default value.