turbot/alicloud
steampipe plugin install alicloud

Table: alicloud_vpc_vpn_gateway - Query Alicloud VPC VPN Gateways using SQL

An Alicloud VPC VPN Gateway is a component of Alibaba Cloud's Virtual Private Cloud (VPC) service. It is used to establish a secure, encrypted communication tunnel between a VPC and an on-premises data center or between VPCs. It supports both IPsec-VPN connections and GRE-VPN connections, and is designed to facilitate secure and convenient cloud network deployment.

Table Usage Guide

The alicloud_vpc_vpn_gateway table provides insights into VPN Gateways within Alibaba Cloud's VPC service. As a network administrator or cloud architect, you can explore gateway-specific details through this table, including its ID, description, status, bandwidth, and associated VPC information. Use it to monitor the status of your VPN gateways, analyze bandwidth usage, and manage your secure network connections.

Examples

Basic info

Explore the status and billing methods of your VPN gateways across different regions. This is useful for managing resource allocation and understanding the operational health of your network infrastructure.

select
name,
vpn_gateway_id,
status,
description,
internet_ip,
billing_method,
business_status,
region
from
alicloud_vpc_vpn_gateway;
select
name,
vpn_gateway_id,
status,
description,
internet_ip,
billing_method,
business_status,
region
from
alicloud_vpc_vpn_gateway;

Get the VPC and VSwitch info of VPN gateway

Determine the areas in which the VPN gateway is connected by identifying the associated VPC and VSwitch. This aids in network management and understanding the connectivity of your virtual private network.

select
name,
vpn_gateway_id,
vpc_id vswitch_id
from
alicloud_vpc_vpn_gateway;
select
name,
vpn_gateway_id,
vpc_id as vswitch_id
from
alicloud_vpc_vpn_gateway;

Get the vpn gateways where SSL VPN is enabled

Determine the areas in your network where SSL VPN is enabled, allowing you to assess security measures and manage potential vulnerabilities. This query is useful for identifying and mitigating potential security risks in your network infrastructure.

select
name,
vpn_gateway_id,
ssl_vpn,
ssl_max_connections
from
alicloud_vpc_vpn_gateway
where
ssl_vpn = 'enable';
select
name,
vpn_gateway_id,
ssl_vpn,
ssl_max_connections
from
alicloud_vpc_vpn_gateway
where
ssl_vpn = 'enable';

VPN gateway count by VPC ID

Identify the number of VPN gateways associated with each VPC to better manage network resources and optimize security configurations.

select
vpc_id,
count(vpn_gateway_id) as vpn_gateway_count
from
alicloud_vpc_vpn_gateway
group by
vpc_id;
select
vpc_id,
count(vpn_gateway_id) as vpn_gateway_count
from
alicloud_vpc_vpn_gateway
group by
vpc_id;

List of VPN gateways without application tag key

Discover the segments that are missing application tags in VPN gateways. This is useful for identifying untagged resources that may need to be categorized for better resource management.

select
vpn_gateway_id,
tags
from
alicloud_vpc_vpn_gateway
where
tags -> 'application' is null;
select
vpn_gateway_id,
tags
from
alicloud_vpc_vpn_gateway
where
json_extract(tags, '$.application') is null;

List inactive VPN gateways

Identify instances where VPN gateways are not active in your Alicloud VPC. This can be useful to audit and manage your network resources effectively by pinpointing potential network vulnerabilities or unnecessary costs.

select
vpn_gateway_id,
status,
create_time,
jsonb_pretty(tags)
from
alicloud_vpc_vpn_gateway
where
status <> 'active';
select
vpn_gateway_id,
status,
create_time,
tags
from
alicloud_vpc_vpn_gateway
where
status <> 'active';

Schema for alicloud_vpc_vpn_gateway

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
account_idtext=, !=, ~~, ~~*, !~~, !~~*The Alicloud Account ID in which the resource is located.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
auto_propagatebooleanIndicates whether auto propagate is enabled, or not.
billing_methodtextThe billing method of the VPN gateway.
business_statustextThe business state of the VPN gateway.
create_timetimestamp with time zoneThe time when the VPN gateway was created.
descriptiontextThe description of the VPN gateway.
enable_bgpbooleanIndicates whether bgp is enabled.
end_timetimestamp with time zoneThe creation time of the VPC.
internet_ipinetThe public IP address of the VPN gateway.
ipsec_vpntextIndicates whether the IPsec-VPN feature is enabled.
nametextThe name of the VPN gateway.
regiontextThe Alicloud region in which the resource is located.
reservation_datajsonbA set of reservation details.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
spectextThe maximum bandwidth of the VPN gateway.
ssl_max_connectionsbigintThe maximum number of concurrent SSL-VPN connections.
ssl_vpntextIndicates whether the SSL-VPN feature is enabled.
statustextThe status of the VPN gateway.
tagtextThe tag of the VPN gateway.
tagsjsonbA map of tags for the resource.
tags_srcjsonbA list of tags attached with the resource.
titletextTitle of the resource.
vpc_idtextThe ID of the VPC for which the VPN gateway is created.
vpn_gateway_idtext=The ID of the VPN gateway.
vswitch_idtextThe ID of the VSwitch to which the VPN gateway belongs.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- alicloud

You can pass the configuration to the command with the --config argument:

steampipe_export_alicloud --config '<your_config>' alicloud_vpc_vpn_gateway