Table: alicloud_vpc_vpn_connection - Query Alibaba Cloud VPN Connections using SQL
Alibaba Cloud VPN Gateway supports secure, encrypted communication between on-premises networks and Alibaba Cloud VPCs. VPN connections link a customer gateway with a VPN gateway and use IPsec to establish secure tunnels over the internet.
Table Usage Guide
The alicloud_vpc_vpn_connection table enables network administrators and cloud architects to query detailed information about site-to-site VPN connections in Alibaba Cloud. Use this table to retrieve values such as VPN connection ID, name, status, associated VPN gateway and customer gateway IDs, encryption settings, and tunnel options. This data is vital for managing hybrid cloud connectivity, enforcing encryption standards, and monitoring the health of secure network links.
Examples
Basic info
Explore the status of your VPN connections to determine their operational condition and identify the local and remote subnets they are connected to. This can be helpful in troubleshooting network connectivity issues or planning network expansions.
select name, vpn_connection_id, status, local_subnet, remote_subnet, vpn_gateway_idfrom alicloud_vpc_vpn_connection;select name, vpn_connection_id, status, local_subnet, remote_subnet, vpn_gateway_idfrom alicloud_vpc_vpn_connection;Get the vpn connections which are not healthy
Identify instances where VPN connections are not in a healthy state. This is useful for troubleshooting network issues and ensuring secure and reliable connectivity.
select name, vpn_connection_id, vco_health_check ->> 'Status' as health_check_status, statusfrom alicloud_vpc_vpn_connectionwhere vco_health_check ->> 'Status' = 'failed';select name, vpn_connection_id, json_extract(vco_health_check, '$.Status') as health_check_status, statusfrom alicloud_vpc_vpn_connectionwhere json_extract(vco_health_check, '$.Status') = 'failed';Get the BGP configuration information of vpn connections
Assess the elements within your VPN connections to understand the status and configuration of Border Gateway Protocol (BGP). This is useful for monitoring the health and performance of your VPN connections.
select name, vpn_connection_id, vpn_bgp_config ->> 'EnableBgp' as enable_bgp, vpn_bgp_config ->> 'LocalAsn' as local_asn, vpn_bgp_config ->> 'LocalBgpIp' as local_bgp_ip, vpn_bgp_config ->> 'PeerAsn' as peer_asn, vpn_bgp_config ->> 'PeerBgpIp' as peer_bgp_ip, vpn_bgp_config ->> 'Status' as status, vpn_bgp_config ->> 'TunnelCidr' as tunnel_cidrfrom alicloud_vpc_vpn_connection;select name, vpn_connection_id, json_extract(vpn_bgp_config, '$.EnableBgp') as enable_bgp, json_extract(vpn_bgp_config, '$.LocalAsn') as local_asn, json_extract(vpn_bgp_config, '$.LocalBgpIp') as local_bgp_ip, json_extract(vpn_bgp_config, '$.PeerAsn') as peer_asn, json_extract(vpn_bgp_config, '$.PeerBgpIp') as peer_bgp_ip, json_extract(vpn_bgp_config, '$.Status') as status, json_extract(vpn_bgp_config, '$.TunnelCidr') as tunnel_cidrfrom alicloud_vpc_vpn_connection;Get the vpn connections where NAT traversal feature is enabled
Identify instances where the NAT traversal feature is enabled in VPN connections. This can be useful to ensure secure and efficient data communication in scenarios where private networks are interconnected over the internet.
select name, vpn_connection_id, enable_nat_traversalfrom alicloud_vpc_vpn_connectionwhere enable_nat_traversal;select name, vpn_connection_id, enable_nat_traversalfrom alicloud_vpc_vpn_connectionwhere enable_nat_traversal = 1;Schema for alicloud_vpc_vpn_connection
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form. | |
| account_id | text | =, !=, ~~, ~~*, !~~, !~~* | The Alicloud Account ID in which the resource is located. |
| akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
| create_time | timestamp with time zone | The time when the IPsec-VPN connection was created. | |
| customer_gateway_id | text | The ID of the customer gateway. | |
| effect_immediately | boolean | Indicates whether IPsec-VPN negotiations are initiated immediately. | |
| enable_dpd | boolean | Indicates whether dead peer detection (DPD) is enabled. | |
| enable_nat_traversal | boolean | Indicates whether to enable the NAT traversal feature. | |
| ike_config | jsonb | The configurations of Phase 1 negotiations. | |
| ipsec_config | jsonb | The configurations for Phase 2 negotiations. | |
| local_subnet | cidr | The CIDR block of the virtual private cloud (VPC). | |
| name | text | The name of the IPsec-VPN connection. | |
| region | text | The Alicloud region in which the resource is located. | |
| remote_subnet | cidr | The CIDR block of the on-premises data center. | |
| sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
| sp_ctx | jsonb | Steampipe context in JSON form. | |
| status | text | The status of the IPsec-VPN connection. | |
| title | text | Title of the resource. | |
| vco_health_check | jsonb | The health check configurations. | |
| vpn_bgp_config | jsonb | BGP configuration information. | |
| vpn_connection_id | text | = | The ID of the IPsec-VPN connection. |
| vpn_gateway_id | text | The ID of the VPN gateway. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- alicloudYou can pass the configuration to the command with the --config argument:
steampipe_export_alicloud --config '<your_config>' alicloud_vpc_vpn_connection