turbot/alicloud
steampipe plugin install alicloud

Table: alicloud_vpc_vpn_connection

An IPsec-VPN connection provides support to establish an encrypted communication tunnel between a VPN Gateway and a customer gateway.

Examples

Basic info

Explore the status of your VPN connections to determine their operational condition and identify the local and remote subnets they are connected to. This can be helpful in troubleshooting network connectivity issues or planning network expansions.

select
name,
vpn_connection_id,
status,
local_subnet,
remote_subnet,
vpn_gateway_id
from
alicloud_vpc_vpn_connection;
select
name,
vpn_connection_id,
status,
local_subnet,
remote_subnet,
vpn_gateway_id
from
alicloud_vpc_vpn_connection;

Get the vpn connections which are not healthy

Identify instances where VPN connections are not in a healthy state. This is useful for troubleshooting network issues and ensuring secure and reliable connectivity.

select
name,
vpn_connection_id,
vco_health_check ->> 'Status' as health_check_status,
status
from
alicloud_vpc_vpn_connection
where
vco_health_check ->> 'Status' = 'failed';
select
name,
vpn_connection_id,
json_extract(vco_health_check, '$.Status') as health_check_status,
status
from
alicloud_vpc_vpn_connection
where
json_extract(vco_health_check, '$.Status') = 'failed';

Get the BGP configuration information of vpn connections

Assess the elements within your VPN connections to understand the status and configuration of Border Gateway Protocol (BGP). This is useful for monitoring the health and performance of your VPN connections.

select
name,
vpn_connection_id,
vpn_bgp_config ->> 'EnableBgp' as enable_bgp,
vpn_bgp_config ->> 'LocalAsn' as local_asn,
vpn_bgp_config ->> 'LocalBgpIp' as local_bgp_ip,
vpn_bgp_config ->> 'PeerAsn' as peer_asn,
vpn_bgp_config ->> 'PeerBgpIp' as peer_bgp_ip,
vpn_bgp_config ->> 'Status' as status,
vpn_bgp_config ->> 'TunnelCidr' as tunnel_cidr
from
alicloud_vpc_vpn_connection;
select
name,
vpn_connection_id,
json_extract(vpn_bgp_config, '$.EnableBgp') as enable_bgp,
json_extract(vpn_bgp_config, '$.LocalAsn') as local_asn,
json_extract(vpn_bgp_config, '$.LocalBgpIp') as local_bgp_ip,
json_extract(vpn_bgp_config, '$.PeerAsn') as peer_asn,
json_extract(vpn_bgp_config, '$.PeerBgpIp') as peer_bgp_ip,
json_extract(vpn_bgp_config, '$.Status') as status,
json_extract(vpn_bgp_config, '$.TunnelCidr') as tunnel_cidr
from
alicloud_vpc_vpn_connection;

Get the vpn connections where NAT traversal feature is enabled

Identify instances where the NAT traversal feature is enabled in VPN connections. This can be useful to ensure secure and efficient data communication in scenarios where private networks are interconnected over the internet.

select
name,
vpn_connection_id,
enable_nat_traversal
from
alicloud_vpc_vpn_connection
where
enable_nat_traversal;
select
name,
vpn_connection_id,
enable_nat_traversal
from
alicloud_vpc_vpn_connection
where
enable_nat_traversal = 1;

Schema for alicloud_vpc_vpn_connection

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
account_idtext=, !=, ~~, ~~*, !~~, !~~*The Alicloud Account ID in which the resource is located.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
create_timetimestamp with time zoneThe time when the IPsec-VPN connection was created.
customer_gateway_idtextThe ID of the customer gateway.
effect_immediatelybooleanIndicates whether IPsec-VPN negotiations are initiated immediately.
enable_dpdbooleanIndicates whether dead peer detection (DPD) is enabled.
enable_nat_traversalbooleanIndicates whether to enable the NAT traversal feature.
ike_configjsonbThe configurations of Phase 1 negotiations.
ipsec_configjsonbThe configurations for Phase 2 negotiations.
local_subnetcidrThe CIDR block of the virtual private cloud (VPC).
nametextThe name of the IPsec-VPN connection.
regiontextThe Alicloud region in which the resource is located.
remote_subnetcidrThe CIDR block of the on-premises data center.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
statustextThe status of the IPsec-VPN connection.
titletextTitle of the resource.
vco_health_checkjsonbThe health check configurations.
vpn_bgp_configjsonbBGP configuration information.
vpn_connection_idtext=The ID of the IPsec-VPN connection.
vpn_gateway_idtextThe ID of the VPN gateway.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- alicloud

You can pass the configuration to the command with the --config argument:

steampipe_export_alicloud --config '<your_config>' alicloud_vpc_vpn_connection