ec2-create-vpn-connection

Description

Creates a new VPN connection between an existing virtual private gateway and customer gateway. The only supported connection type is ipsec.1.

The response includes information that you need to give to your network administrator to configure your customer gateway. The underlying native format of this information is XML; however, with the ec2-create-vpn-connection command, you can transform the information into a different format based on the vendor that makes your customer gateway (e.g., Cisco or Juniper). If you use a vendor other than Cisco or Juniper, you can set the --format option to generic, and the information is formatted in a human readable format for your network administrator. If you want to see the native XML, you can specify xml as the value of the --format option. If you want to write your own stylesheet, you can use the --stylesheet option to specify that stylesheet and receive the output in your own format. Whereas the ec2-create-vpn-connection command lets you choose a format for the configuration information, the corresponding Amazon VPC API operation (CreateVpnConnection) returns only the native XML.

If you decide to shut down your VPN connection for any reason and then create a new one, you must reconfigure your customer gateway with the new information returned from this call.

For more information about Amazon Virtual Private Cloud and VPN connections, go to Adding an IPsec Hardware Virtual Private Gateway to Your VPC in the Amazon Virtual Private Cloud User Guide.

The short version of this command is ec2addvpn.

Syntax

ec2-create-vpn-connection -t type --customer-gateway customer_gateway_id --vpn-gateway vpn_gateway_id [{--format format} | {--stylesheet your_stylesheet}]

Options

Name	Description	Required
`-t` `type`	The type of VPN connection. Type: String Default: None Valid Values: `ipsec.1` Example: -t ipsec.1	Yes
`--customer-gateway` `customer_gateway_id`	The ID of the customer gateway. Type: String Default: None Example: --customer-gateway cgw-b4dc3961	Yes
`--vpn-gateway` `vpn_gateway_id`	The ID of the virtual private gateway. Type: String Default: None Example: --vpn-gateway vgw-8db04f81	Yes
`--format` `format`	Causes the response to include customer gateway configuration information, in the format specified by this option. The returned information can be formatted for various devices, including a Cisco device (cisco-ios-isr) or Juniper device (juniper-junos-j), in human readable format (generic), or in the native XML format (xml). Type: String Default: None Valid Values: `cisco-ios-isr` \| `juniper-junos-j` \| `juniper-screenos-6.2` \| `juniper-screenos-6.1` \| `generic` \| `xml` Example: --format cisco-ios-isr	No
`--stylesheet` `your_stylesheet`	Causes the response to include customer gateway configuration information, formatted according to the custom XSL stylesheet you specify with this option. Type: String Default: None Example: --stylesheet c:\my_stylesheet.xsl	No

Common Options

Option	Description
`--region` `REGION`	Overrides the Region specified in the `EC2_URL` environment variable and the URL specified by the `-U` option. Default: The `EC2_URL` environment variable, or `us-east-1` if the environment variable is not set. Example: `--region eu-west-1`
`-U, --url` `URL`	`URL` is the uniform resource locator of the Amazon EC2 web service entry point. Default: The `EC2_URL` environment variable, or https://ec2.amazonaws.com if the environment variable is not set. Example: `-U https://ec2.amazonaws.com`
`-K, --private-key` `EC2-PRIVATE-KEY`	The private key to use when constructing requests to Amazon EC2. Default: The value of the `EC2_PRIVATE_KEY` environment variable. Example: `-K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem`
`-C, --cert` `EC2-CERT`	The X.509 certificate to use when constructing requests to Amazon EC2. Default: The value of the `EC2_CERT` environment variable. Example: `-C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem`
`--connection-timeout` `TIMEOUT`	Specifies a connection timeout (in seconds). Example: --connection-timeout 30
`--request-timeout` `TIMEOUT`	Specifies a request timeout (in seconds). Example: --request-timeout 45
`-v, --verbose`	Displays verbose output by showing the SOAP request and response on the command line. This is particularly useful if you are building tools to talk directly to our SOAP API.
`-H, --headers`	Displays column headers in the output.
`--show-empty-fields`	Shows empty columns as `(nil)`.
`--hide-tags`	Do not display tags for tagged resources.
`--debug`	Prints internal debugging information. This is useful to assist us when troubleshooting problems.
`-?, --help, -h`	Displays Help.
`-`	If `-` is specified as an argument to one of the parameters, a list of arguments is read from standard input. This is useful for piping the output of one command into the input of another. Example: `ec2-describe-instances \| grep stopped \| cut -f 2 \| ec2-start-instances -`

Output

The command returns a table that contains the following information:

Output type identifier ("VPNCONNECTION")
VPN connection ID, which uniquely identifies the VPN connection
Current state of the VPN connection (pending, available, deleting, deleted)
Type of VPN connection
Customer gateway ID
Virtual private gateway ID
Configuration information for the customer gateway

Amazon EC2 command line tools display errors on stderr.

Examples

Example Request

This example creates a VPN connection between the virtual private gateway with ID vgw-8db04f81 and the customer gateway with ID cgw-b4dc3961. The example specifies that the configuration information be formatted as needed for a Cisco customer gateway. Because it's a long set of information, we haven't displayed it here in the response. To see an example of the information returned, go to the Amazon Virtual Private Cloud Network Administrator Guide.

PROMPT> ec2-create-vpn-connection -t ipsec.1 --customer-gateway cgw-b4dc3961 --vpn-gateway 
 vgw-8db04f81 --format cisco-ios-isr
VPNCONNECTION  vpn-44a8938f  pending   ipsec.1   cgw-b4dc3961  vgw-8db04f81 
<Long customer gateway configuration data...>