:doc:`EC2 <../../ec2>` / Client / describe_vpn_connections

************************
describe_vpn_connections
************************



.. py:method:: EC2.Client.describe_vpn_connections(**kwargs)

  

  Describes one or more of your VPN connections.

   

  For more information, see `Amazon Web Services Site-to-Site VPN <https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html>`__ in the *Amazon Web Services Site-to-Site VPN User Guide*.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeVpnConnections>`_  


  **Request Syntax**
  ::

    response = client.describe_vpn_connections(
        Filters=[
            {
                'Name': 'string',
                'Values': [
                    'string',
                ]
            },
        ],
        VpnConnectionIds=[
            'string',
        ],
        DryRun=True|False
    )
    
  :type Filters: list
  :param Filters: 

    One or more filters.

     

    
    * ``customer-gateway-configuration`` - The configuration information for the customer gateway.
     
    * ``customer-gateway-id`` - The ID of a customer gateway associated with the VPN connection.
     
    * ``state`` - The state of the VPN connection ( ``pending`` | ``available`` | ``deleting`` | ``deleted``).
     
    * ``option.static-routes-only`` - Indicates whether the connection has static routes only. Used for devices that do not support Border Gateway Protocol (BGP).
     
    * ``route.destination-cidr-block`` - The destination CIDR block. This corresponds to the subnet used in a customer data center.
     
    * ``bgp-asn`` - The BGP Autonomous System Number (ASN) associated with a BGP device.
     
    * ``tag``:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key ``Owner`` and the value ``TeamA``, specify ``tag:Owner`` for the filter name and ``TeamA`` for the filter value.
     
    * ``tag-key`` - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
     
    * ``type`` - The type of VPN connection. Currently the only supported type is ``ipsec.1``.
     
    * ``vpn-connection-id`` - The ID of the VPN connection.
     
    * ``vpn-gateway-id`` - The ID of a virtual private gateway associated with the VPN connection.
     
    * ``transit-gateway-id`` - The ID of a transit gateway associated with the VPN connection.
    

    

  
    - *(dict) --* 

      A filter name and value pair that is used to return a more specific list of results from a describe operation. Filters can be used to match a set of resources by specific criteria, such as tags, attributes, or IDs.

       

      If you specify multiple filters, the filters are joined with an ``AND``, and the request returns only results that match all of the specified filters.

       

      For more information, see `List and filter using the CLI and API <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html#Filtering_Resources_CLI>`__ in the *Amazon EC2 User Guide*.

      

    
      - **Name** *(string) --* 

        The name of the filter. Filter names are case-sensitive.

        

      
      - **Values** *(list) --* 

        The filter values. Filter values are case-sensitive. If you specify multiple values for a filter, the values are joined with an ``OR``, and the request returns all results that match any of the specified values.

        

      
        - *(string) --* 

        
    
    

  :type VpnConnectionIds: list
  :param VpnConnectionIds: 

    One or more VPN connection IDs.

     

    Default: Describes your VPN connections.

    

  
    - *(string) --* 

    

  :type DryRun: boolean
  :param DryRun: 

    Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is ``DryRunOperation``. Otherwise, it is ``UnauthorizedOperation``.

    

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'VpnConnections': [
              {
                  'Category': 'string',
                  'TransitGatewayId': 'string',
                  'VpnConcentratorId': 'string',
                  'CoreNetworkArn': 'string',
                  'CoreNetworkAttachmentArn': 'string',
                  'GatewayAssociationState': 'associated'|'not-associated'|'associating'|'disassociating',
                  'Options': {
                      'EnableAcceleration': True|False,
                      'StaticRoutesOnly': True|False,
                      'LocalIpv4NetworkCidr': 'string',
                      'RemoteIpv4NetworkCidr': 'string',
                      'LocalIpv6NetworkCidr': 'string',
                      'RemoteIpv6NetworkCidr': 'string',
                      'OutsideIpAddressType': 'string',
                      'TransportTransitGatewayAttachmentId': 'string',
                      'TunnelInsideIpVersion': 'ipv4'|'ipv6',
                      'TunnelOptions': [
                          {
                              'OutsideIpAddress': 'string',
                              'TunnelInsideCidr': 'string',
                              'TunnelInsideIpv6Cidr': 'string',
                              'PreSharedKey': 'string',
                              'Phase1LifetimeSeconds': 123,
                              'Phase2LifetimeSeconds': 123,
                              'RekeyMarginTimeSeconds': 123,
                              'RekeyFuzzPercentage': 123,
                              'ReplayWindowSize': 123,
                              'DpdTimeoutSeconds': 123,
                              'DpdTimeoutAction': 'string',
                              'Phase1EncryptionAlgorithms': [
                                  {
                                      'Value': 'string'
                                  },
                              ],
                              'Phase2EncryptionAlgorithms': [
                                  {
                                      'Value': 'string'
                                  },
                              ],
                              'Phase1IntegrityAlgorithms': [
                                  {
                                      'Value': 'string'
                                  },
                              ],
                              'Phase2IntegrityAlgorithms': [
                                  {
                                      'Value': 'string'
                                  },
                              ],
                              'Phase1DHGroupNumbers': [
                                  {
                                      'Value': 123
                                  },
                              ],
                              'Phase2DHGroupNumbers': [
                                  {
                                      'Value': 123
                                  },
                              ],
                              'IkeVersions': [
                                  {
                                      'Value': 'string'
                                  },
                              ],
                              'StartupAction': 'string',
                              'LogOptions': {
                                  'CloudWatchLogOptions': {
                                      'LogEnabled': True|False,
                                      'LogGroupArn': 'string',
                                      'LogOutputFormat': 'string',
                                      'BgpLogEnabled': True|False,
                                      'BgpLogGroupArn': 'string',
                                      'BgpLogOutputFormat': 'string'
                                  }
                              },
                              'EnableTunnelLifecycleControl': True|False
                          },
                      ],
                      'TunnelBandwidth': 'standard'|'large'
                  },
                  'Routes': [
                      {
                          'DestinationCidrBlock': 'string',
                          'Source': 'Static',
                          'State': 'pending'|'available'|'deleting'|'deleted'
                      },
                  ],
                  'Tags': [
                      {
                          'Key': 'string',
                          'Value': 'string'
                      },
                  ],
                  'VgwTelemetry': [
                      {
                          'AcceptedRouteCount': 123,
                          'LastStatusChange': datetime(2015, 1, 1),
                          'OutsideIpAddress': 'string',
                          'Status': 'UP'|'DOWN',
                          'StatusMessage': 'string',
                          'CertificateArn': 'string'
                      },
                  ],
                  'PreSharedKeyArn': 'string',
                  'VpnConnectionId': 'string',
                  'State': 'pending'|'available'|'deleting'|'deleted',
                  'CustomerGatewayConfiguration': 'string',
                  'Type': 'ipsec.1',
                  'CustomerGatewayId': 'string',
                  'VpnGatewayId': 'string'
              },
          ]
      }
      
    **Response Structure**

    

    - *(dict) --* 

      Contains the output of DescribeVpnConnections.

      
      

      - **VpnConnections** *(list) --* 

        Information about one or more VPN connections.

        
        

        - *(dict) --* 

          Describes a VPN connection.

          
          

          - **Category** *(string) --* 

            The category of the VPN connection. A value of ``VPN`` indicates an Amazon Web Services VPN connection. A value of ``VPN-Classic`` indicates an Amazon Web Services Classic VPN connection.

            
          

          - **TransitGatewayId** *(string) --* 

            The ID of the transit gateway associated with the VPN connection.

            
          

          - **VpnConcentratorId** *(string) --* 

            The ID of the VPN concentrator associated with the VPN connection.

            
          

          - **CoreNetworkArn** *(string) --* 

            The ARN of the core network.

            
          

          - **CoreNetworkAttachmentArn** *(string) --* 

            The ARN of the core network attachment.

            
          

          - **GatewayAssociationState** *(string) --* 

            The current state of the gateway association.

            
          

          - **Options** *(dict) --* 

            The VPN connection options.

            
            

            - **EnableAcceleration** *(boolean) --* 

              Indicates whether acceleration is enabled for the VPN connection.

              
            

            - **StaticRoutesOnly** *(boolean) --* 

              Indicates whether the VPN connection uses static routes only. Static routes must be used for devices that don't support BGP.

              
            

            - **LocalIpv4NetworkCidr** *(string) --* 

              The IPv4 CIDR on the customer gateway (on-premises) side of the VPN connection.

              
            

            - **RemoteIpv4NetworkCidr** *(string) --* 

              The IPv4 CIDR on the Amazon Web Services side of the VPN connection.

              
            

            - **LocalIpv6NetworkCidr** *(string) --* 

              The IPv6 CIDR on the customer gateway (on-premises) side of the VPN connection.

              
            

            - **RemoteIpv6NetworkCidr** *(string) --* 

              The IPv6 CIDR on the Amazon Web Services side of the VPN connection.

              
            

            - **OutsideIpAddressType** *(string) --* 

              The type of IPv4 address assigned to the outside interface of the customer gateway.

               

              Valid values: ``PrivateIpv4`` | ``PublicIpv4`` | ``Ipv6``

               

              Default: ``PublicIpv4``

              
            

            - **TransportTransitGatewayAttachmentId** *(string) --* 

              The transit gateway attachment ID in use for the VPN tunnel.

              
            

            - **TunnelInsideIpVersion** *(string) --* 

              Indicates whether the VPN tunnels process IPv4 or IPv6 traffic.

              
            

            - **TunnelOptions** *(list) --* 

              Indicates the VPN tunnel options.

              
              

              - *(dict) --* 

                The VPN tunnel options.

                
                

                - **OutsideIpAddress** *(string) --* 

                  The external IP address of the VPN tunnel.

                  
                

                - **TunnelInsideCidr** *(string) --* 

                  The range of inside IPv4 addresses for the tunnel.

                  
                

                - **TunnelInsideIpv6Cidr** *(string) --* 

                  The range of inside IPv6 addresses for the tunnel.

                  
                

                - **PreSharedKey** *(string) --* 

                  The pre-shared key (PSK) to establish initial authentication between the virtual private gateway and the customer gateway.

                  
                

                - **Phase1LifetimeSeconds** *(integer) --* 

                  The lifetime for phase 1 of the IKE negotiation, in seconds.

                  
                

                - **Phase2LifetimeSeconds** *(integer) --* 

                  The lifetime for phase 2 of the IKE negotiation, in seconds.

                  
                

                - **RekeyMarginTimeSeconds** *(integer) --* 

                  The margin time, in seconds, before the phase 2 lifetime expires, during which the Amazon Web Services side of the VPN connection performs an IKE rekey.

                  
                

                - **RekeyFuzzPercentage** *(integer) --* 

                  The percentage of the rekey window determined by ``RekeyMarginTimeSeconds`` during which the rekey time is randomly selected.

                  
                

                - **ReplayWindowSize** *(integer) --* 

                  The number of packets in an IKE replay window.

                  
                

                - **DpdTimeoutSeconds** *(integer) --* 

                  The number of seconds after which a DPD timeout occurs.

                  
                

                - **DpdTimeoutAction** *(string) --* 

                  The action to take after a DPD timeout occurs.

                  
                

                - **Phase1EncryptionAlgorithms** *(list) --* 

                  The permitted encryption algorithms for the VPN tunnel for phase 1 IKE negotiations.

                  
                  

                  - *(dict) --* 

                    The encryption algorithm for phase 1 IKE negotiations.

                    
                    

                    - **Value** *(string) --* 

                      The value for the encryption algorithm.

                      
                
              
                

                - **Phase2EncryptionAlgorithms** *(list) --* 

                  The permitted encryption algorithms for the VPN tunnel for phase 2 IKE negotiations.

                  
                  

                  - *(dict) --* 

                    The encryption algorithm for phase 2 IKE negotiations.

                    
                    

                    - **Value** *(string) --* 

                      The encryption algorithm.

                      
                
              
                

                - **Phase1IntegrityAlgorithms** *(list) --* 

                  The permitted integrity algorithms for the VPN tunnel for phase 1 IKE negotiations.

                  
                  

                  - *(dict) --* 

                    The integrity algorithm for phase 1 IKE negotiations.

                    
                    

                    - **Value** *(string) --* 

                      The value for the integrity algorithm.

                      
                
              
                

                - **Phase2IntegrityAlgorithms** *(list) --* 

                  The permitted integrity algorithms for the VPN tunnel for phase 2 IKE negotiations.

                  
                  

                  - *(dict) --* 

                    The integrity algorithm for phase 2 IKE negotiations.

                    
                    

                    - **Value** *(string) --* 

                      The integrity algorithm.

                      
                
              
                

                - **Phase1DHGroupNumbers** *(list) --* 

                  The permitted Diffie-Hellman group numbers for the VPN tunnel for phase 1 IKE negotiations.

                  
                  

                  - *(dict) --* 

                    The Diffie-Hellmann group number for phase 1 IKE negotiations.

                    
                    

                    - **Value** *(integer) --* 

                      The Diffie-Hellmann group number.

                      
                
              
                

                - **Phase2DHGroupNumbers** *(list) --* 

                  The permitted Diffie-Hellman group numbers for the VPN tunnel for phase 2 IKE negotiations.

                  
                  

                  - *(dict) --* 

                    The Diffie-Hellmann group number for phase 2 IKE negotiations.

                    
                    

                    - **Value** *(integer) --* 

                      The Diffie-Hellmann group number.

                      
                
              
                

                - **IkeVersions** *(list) --* 

                  The IKE versions that are permitted for the VPN tunnel.

                  
                  

                  - *(dict) --* 

                    The internet key exchange (IKE) version permitted for the VPN tunnel.

                    
                    

                    - **Value** *(string) --* 

                      The IKE version.

                      
                
              
                

                - **StartupAction** *(string) --* 

                  The action to take when the establishing the VPN tunnels for a VPN connection.

                  
                

                - **LogOptions** *(dict) --* 

                  Options for logging VPN tunnel activity.

                  
                  

                  - **CloudWatchLogOptions** *(dict) --* 

                    Options for sending VPN tunnel logs to CloudWatch.

                    
                    

                    - **LogEnabled** *(boolean) --* 

                      Status of VPN tunnel logging feature. Default value is ``False``.

                       

                      Valid values: ``True`` | ``False``

                      
                    

                    - **LogGroupArn** *(string) --* 

                      The Amazon Resource Name (ARN) of the CloudWatch log group to send logs to.

                      
                    

                    - **LogOutputFormat** *(string) --* 

                      Configured log format. Default format is ``json``.

                       

                      Valid values: ``json`` | ``text``

                      
                    

                    - **BgpLogEnabled** *(boolean) --* 

                      Indicates whether Border Gateway Protocol (BGP) logging is enabled for the VPN connection. Default value is ``False``.

                       

                      Valid values: ``True`` | ``False``

                      
                    

                    - **BgpLogGroupArn** *(string) --* 

                      The Amazon Resource Name (ARN) of the CloudWatch log group for BGP logs.

                      
                    

                    - **BgpLogOutputFormat** *(string) --* 

                      The output format for BGP logs sent to CloudWatch. Default format is ``json``.

                       

                      Valid values: ``json`` | ``text``

                      
                
              
                

                - **EnableTunnelLifecycleControl** *(boolean) --* 

                  Status of tunnel endpoint lifecycle control feature.

                  
            
          
            

            - **TunnelBandwidth** *(string) --* 

              The configured bandwidth for the VPN tunnel. Represents the current throughput capacity setting for the tunnel connection. ``standard`` tunnel bandwidth supports up to 1.25 Gbps per tunnel while ``large`` supports up to 5 Gbps per tunnel. If no tunnel bandwidth was specified for the connection, ``standard`` is used as the default value.

              
        
          

          - **Routes** *(list) --* 

            The static routes associated with the VPN connection.

            
            

            - *(dict) --* 

              Describes a static route for a VPN connection.

              
              

              - **DestinationCidrBlock** *(string) --* 

                The CIDR block associated with the local subnet of the customer data center.

                
              

              - **Source** *(string) --* 

                Indicates how the routes were provided.

                
              

              - **State** *(string) --* 

                The current state of the static route.

                
          
        
          

          - **Tags** *(list) --* 

            Any tags assigned to the VPN connection.

            
            

            - *(dict) --* 

              Describes a tag.

              
              

              - **Key** *(string) --* 

                The key of the tag.

                 

                Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with ``aws:``.

                
              

              - **Value** *(string) --* 

                The value of the tag.

                 

                Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.

                
          
        
          

          - **VgwTelemetry** *(list) --* 

            Information about the VPN tunnel.

            
            

            - *(dict) --* 

              Describes telemetry for a VPN tunnel.

              
              

              - **AcceptedRouteCount** *(integer) --* 

                The number of accepted routes.

                
              

              - **LastStatusChange** *(datetime) --* 

                The date and time of the last change in status. This field is updated when changes in IKE (Phase 1), IPSec (Phase 2), or BGP status are detected.

                
              

              - **OutsideIpAddress** *(string) --* 

                The Internet-routable IP address of the virtual private gateway's outside interface.

                
              

              - **Status** *(string) --* 

                The status of the VPN tunnel.

                
              

              - **StatusMessage** *(string) --* 

                If an error occurs, a description of the error.

                
              

              - **CertificateArn** *(string) --* 

                The Amazon Resource Name (ARN) of the VPN tunnel endpoint certificate.

                
          
        
          

          - **PreSharedKeyArn** *(string) --* 

            The Amazon Resource Name (ARN) of the Secrets Manager secret storing the pre-shared key(s) for the VPN connection.

            
          

          - **VpnConnectionId** *(string) --* 

            The ID of the VPN connection.

            
          

          - **State** *(string) --* 

            The current state of the VPN connection.

            
          

          - **CustomerGatewayConfiguration** *(string) --* 

            The configuration information for the VPN connection's customer gateway (in the native XML format). This element is always present in the  CreateVpnConnection response; however, it's present in the  DescribeVpnConnections response only if the VPN connection is in the ``pending`` or ``available`` state.

            
          

          - **Type** *(string) --* 

            The type of VPN connection.

            
          

          - **CustomerGatewayId** *(string) --* 

            The ID of the customer gateway at your end of the VPN connection.

            
          

          - **VpnGatewayId** *(string) --* 

            The ID of the virtual private gateway at the Amazon Web Services side of the VPN connection.

            
      
    
  