:doc:`EC2 <../../ec2>` / Client / modify_vpn_tunnel_certificate

*****************************
modify_vpn_tunnel_certificate
*****************************



.. py:method:: EC2.Client.modify_vpn_tunnel_certificate(**kwargs)

  

  Modifies the VPN tunnel endpoint certificate.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVpnTunnelCertificate>`_  


  **Request Syntax**
  ::

    response = client.modify_vpn_tunnel_certificate(
        VpnConnectionId='string',
        VpnTunnelOutsideIpAddress='string',
        DryRun=True|False
    )
    
  :type VpnConnectionId: string
  :param VpnConnectionId: **[REQUIRED]** 

    The ID of the Amazon Web Services Site-to-Site VPN connection.

    

  
  :type VpnTunnelOutsideIpAddress: string
  :param VpnTunnelOutsideIpAddress: **[REQUIRED]** 

    The external IP address of the VPN tunnel.

    

  
  :type DryRun: boolean
  :param DryRun: 

    Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is ``DryRunOperation``. Otherwise, it is ``UnauthorizedOperation``.

    

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'VpnConnection': {
              'Category': 'string',
              'TransitGatewayId': 'string',
              'VpnConcentratorId': 'string',
              'CoreNetworkArn': 'string',
              'CoreNetworkAttachmentArn': 'string',
              'GatewayAssociationState': 'associated'|'not-associated'|'associating'|'disassociating',
              'Options': {
                  'EnableAcceleration': True|False,
                  'StaticRoutesOnly': True|False,
                  'LocalIpv4NetworkCidr': 'string',
                  'RemoteIpv4NetworkCidr': 'string',
                  'LocalIpv6NetworkCidr': 'string',
                  'RemoteIpv6NetworkCidr': 'string',
                  'OutsideIpAddressType': 'string',
                  'TransportTransitGatewayAttachmentId': 'string',
                  'TunnelInsideIpVersion': 'ipv4'|'ipv6',
                  'TunnelOptions': [
                      {
                          'OutsideIpAddress': 'string',
                          'TunnelInsideCidr': 'string',
                          'TunnelInsideIpv6Cidr': 'string',
                          'PreSharedKey': 'string',
                          'Phase1LifetimeSeconds': 123,
                          'Phase2LifetimeSeconds': 123,
                          'RekeyMarginTimeSeconds': 123,
                          'RekeyFuzzPercentage': 123,
                          'ReplayWindowSize': 123,
                          'DpdTimeoutSeconds': 123,
                          'DpdTimeoutAction': 'string',
                          'Phase1EncryptionAlgorithms': [
                              {
                                  'Value': 'string'
                              },
                          ],
                          'Phase2EncryptionAlgorithms': [
                              {
                                  'Value': 'string'
                              },
                          ],
                          'Phase1IntegrityAlgorithms': [
                              {
                                  'Value': 'string'
                              },
                          ],
                          'Phase2IntegrityAlgorithms': [
                              {
                                  'Value': 'string'
                              },
                          ],
                          'Phase1DHGroupNumbers': [
                              {
                                  'Value': 123
                              },
                          ],
                          'Phase2DHGroupNumbers': [
                              {
                                  'Value': 123
                              },
                          ],
                          'IkeVersions': [
                              {
                                  'Value': 'string'
                              },
                          ],
                          'StartupAction': 'string',
                          'LogOptions': {
                              'CloudWatchLogOptions': {
                                  'LogEnabled': True|False,
                                  'LogGroupArn': 'string',
                                  'LogOutputFormat': 'string',
                                  'BgpLogEnabled': True|False,
                                  'BgpLogGroupArn': 'string',
                                  'BgpLogOutputFormat': 'string'
                              }
                          },
                          'EnableTunnelLifecycleControl': True|False
                      },
                  ],
                  'TunnelBandwidth': 'standard'|'large'
              },
              'Routes': [
                  {
                      'DestinationCidrBlock': 'string',
                      'Source': 'Static',
                      'State': 'pending'|'available'|'deleting'|'deleted'
                  },
              ],
              'Tags': [
                  {
                      'Key': 'string',
                      'Value': 'string'
                  },
              ],
              'VgwTelemetry': [
                  {
                      'AcceptedRouteCount': 123,
                      'LastStatusChange': datetime(2015, 1, 1),
                      'OutsideIpAddress': 'string',
                      'Status': 'UP'|'DOWN',
                      'StatusMessage': 'string',
                      'CertificateArn': 'string'
                  },
              ],
              'PreSharedKeyArn': 'string',
              'VpnConnectionId': 'string',
              'State': 'pending'|'available'|'deleting'|'deleted',
              'CustomerGatewayConfiguration': 'string',
              'Type': 'ipsec.1',
              'CustomerGatewayId': 'string',
              'VpnGatewayId': 'string'
          }
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **VpnConnection** *(dict) --* 

        Information about the VPN connection.

        
        

        - **Category** *(string) --* 

          The category of the VPN connection. A value of ``VPN`` indicates an Amazon Web Services VPN connection. A value of ``VPN-Classic`` indicates an Amazon Web Services Classic VPN connection.

          
        

        - **TransitGatewayId** *(string) --* 

          The ID of the transit gateway associated with the VPN connection.

          
        

        - **VpnConcentratorId** *(string) --* 

          The ID of the VPN concentrator associated with the VPN connection.

          
        

        - **CoreNetworkArn** *(string) --* 

          The ARN of the core network.

          
        

        - **CoreNetworkAttachmentArn** *(string) --* 

          The ARN of the core network attachment.

          
        

        - **GatewayAssociationState** *(string) --* 

          The current state of the gateway association.

          
        

        - **Options** *(dict) --* 

          The VPN connection options.

          
          

          - **EnableAcceleration** *(boolean) --* 

            Indicates whether acceleration is enabled for the VPN connection.

            
          

          - **StaticRoutesOnly** *(boolean) --* 

            Indicates whether the VPN connection uses static routes only. Static routes must be used for devices that don't support BGP.

            
          

          - **LocalIpv4NetworkCidr** *(string) --* 

            The IPv4 CIDR on the customer gateway (on-premises) side of the VPN connection.

            
          

          - **RemoteIpv4NetworkCidr** *(string) --* 

            The IPv4 CIDR on the Amazon Web Services side of the VPN connection.

            
          

          - **LocalIpv6NetworkCidr** *(string) --* 

            The IPv6 CIDR on the customer gateway (on-premises) side of the VPN connection.

            
          

          - **RemoteIpv6NetworkCidr** *(string) --* 

            The IPv6 CIDR on the Amazon Web Services side of the VPN connection.

            
          

          - **OutsideIpAddressType** *(string) --* 

            The type of IPv4 address assigned to the outside interface of the customer gateway.

             

            Valid values: ``PrivateIpv4`` | ``PublicIpv4`` | ``Ipv6``

             

            Default: ``PublicIpv4``

            
          

          - **TransportTransitGatewayAttachmentId** *(string) --* 

            The transit gateway attachment ID in use for the VPN tunnel.

            
          

          - **TunnelInsideIpVersion** *(string) --* 

            Indicates whether the VPN tunnels process IPv4 or IPv6 traffic.

            
          

          - **TunnelOptions** *(list) --* 

            Indicates the VPN tunnel options.

            
            

            - *(dict) --* 

              The VPN tunnel options.

              
              

              - **OutsideIpAddress** *(string) --* 

                The external IP address of the VPN tunnel.

                
              

              - **TunnelInsideCidr** *(string) --* 

                The range of inside IPv4 addresses for the tunnel.

                
              

              - **TunnelInsideIpv6Cidr** *(string) --* 

                The range of inside IPv6 addresses for the tunnel.

                
              

              - **PreSharedKey** *(string) --* 

                The pre-shared key (PSK) to establish initial authentication between the virtual private gateway and the customer gateway.

                
              

              - **Phase1LifetimeSeconds** *(integer) --* 

                The lifetime for phase 1 of the IKE negotiation, in seconds.

                
              

              - **Phase2LifetimeSeconds** *(integer) --* 

                The lifetime for phase 2 of the IKE negotiation, in seconds.

                
              

              - **RekeyMarginTimeSeconds** *(integer) --* 

                The margin time, in seconds, before the phase 2 lifetime expires, during which the Amazon Web Services side of the VPN connection performs an IKE rekey.

                
              

              - **RekeyFuzzPercentage** *(integer) --* 

                The percentage of the rekey window determined by ``RekeyMarginTimeSeconds`` during which the rekey time is randomly selected.

                
              

              - **ReplayWindowSize** *(integer) --* 

                The number of packets in an IKE replay window.

                
              

              - **DpdTimeoutSeconds** *(integer) --* 

                The number of seconds after which a DPD timeout occurs.

                
              

              - **DpdTimeoutAction** *(string) --* 

                The action to take after a DPD timeout occurs.

                
              

              - **Phase1EncryptionAlgorithms** *(list) --* 

                The permitted encryption algorithms for the VPN tunnel for phase 1 IKE negotiations.

                
                

                - *(dict) --* 

                  The encryption algorithm for phase 1 IKE negotiations.

                  
                  

                  - **Value** *(string) --* 

                    The value for the encryption algorithm.

                    
              
            
              

              - **Phase2EncryptionAlgorithms** *(list) --* 

                The permitted encryption algorithms for the VPN tunnel for phase 2 IKE negotiations.

                
                

                - *(dict) --* 

                  The encryption algorithm for phase 2 IKE negotiations.

                  
                  

                  - **Value** *(string) --* 

                    The encryption algorithm.

                    
              
            
              

              - **Phase1IntegrityAlgorithms** *(list) --* 

                The permitted integrity algorithms for the VPN tunnel for phase 1 IKE negotiations.

                
                

                - *(dict) --* 

                  The integrity algorithm for phase 1 IKE negotiations.

                  
                  

                  - **Value** *(string) --* 

                    The value for the integrity algorithm.

                    
              
            
              

              - **Phase2IntegrityAlgorithms** *(list) --* 

                The permitted integrity algorithms for the VPN tunnel for phase 2 IKE negotiations.

                
                

                - *(dict) --* 

                  The integrity algorithm for phase 2 IKE negotiations.

                  
                  

                  - **Value** *(string) --* 

                    The integrity algorithm.

                    
              
            
              

              - **Phase1DHGroupNumbers** *(list) --* 

                The permitted Diffie-Hellman group numbers for the VPN tunnel for phase 1 IKE negotiations.

                
                

                - *(dict) --* 

                  The Diffie-Hellmann group number for phase 1 IKE negotiations.

                  
                  

                  - **Value** *(integer) --* 

                    The Diffie-Hellmann group number.

                    
              
            
              

              - **Phase2DHGroupNumbers** *(list) --* 

                The permitted Diffie-Hellman group numbers for the VPN tunnel for phase 2 IKE negotiations.

                
                

                - *(dict) --* 

                  The Diffie-Hellmann group number for phase 2 IKE negotiations.

                  
                  

                  - **Value** *(integer) --* 

                    The Diffie-Hellmann group number.

                    
              
            
              

              - **IkeVersions** *(list) --* 

                The IKE versions that are permitted for the VPN tunnel.

                
                

                - *(dict) --* 

                  The internet key exchange (IKE) version permitted for the VPN tunnel.

                  
                  

                  - **Value** *(string) --* 

                    The IKE version.

                    
              
            
              

              - **StartupAction** *(string) --* 

                The action to take when the establishing the VPN tunnels for a VPN connection.

                
              

              - **LogOptions** *(dict) --* 

                Options for logging VPN tunnel activity.

                
                

                - **CloudWatchLogOptions** *(dict) --* 

                  Options for sending VPN tunnel logs to CloudWatch.

                  
                  

                  - **LogEnabled** *(boolean) --* 

                    Status of VPN tunnel logging feature. Default value is ``False``.

                     

                    Valid values: ``True`` | ``False``

                    
                  

                  - **LogGroupArn** *(string) --* 

                    The Amazon Resource Name (ARN) of the CloudWatch log group to send logs to.

                    
                  

                  - **LogOutputFormat** *(string) --* 

                    Configured log format. Default format is ``json``.

                     

                    Valid values: ``json`` | ``text``

                    
                  

                  - **BgpLogEnabled** *(boolean) --* 

                    Indicates whether Border Gateway Protocol (BGP) logging is enabled for the VPN connection. Default value is ``False``.

                     

                    Valid values: ``True`` | ``False``

                    
                  

                  - **BgpLogGroupArn** *(string) --* 

                    The Amazon Resource Name (ARN) of the CloudWatch log group for BGP logs.

                    
                  

                  - **BgpLogOutputFormat** *(string) --* 

                    The output format for BGP logs sent to CloudWatch. Default format is ``json``.

                     

                    Valid values: ``json`` | ``text``

                    
              
            
              

              - **EnableTunnelLifecycleControl** *(boolean) --* 

                Status of tunnel endpoint lifecycle control feature.

                
          
        
          

          - **TunnelBandwidth** *(string) --* 

            The configured bandwidth for the VPN tunnel. Represents the current throughput capacity setting for the tunnel connection. ``standard`` tunnel bandwidth supports up to 1.25 Gbps per tunnel while ``large`` supports up to 5 Gbps per tunnel. If no tunnel bandwidth was specified for the connection, ``standard`` is used as the default value.

            
      
        

        - **Routes** *(list) --* 

          The static routes associated with the VPN connection.

          
          

          - *(dict) --* 

            Describes a static route for a VPN connection.

            
            

            - **DestinationCidrBlock** *(string) --* 

              The CIDR block associated with the local subnet of the customer data center.

              
            

            - **Source** *(string) --* 

              Indicates how the routes were provided.

              
            

            - **State** *(string) --* 

              The current state of the static route.

              
        
      
        

        - **Tags** *(list) --* 

          Any tags assigned to the VPN connection.

          
          

          - *(dict) --* 

            Describes a tag.

            
            

            - **Key** *(string) --* 

              The key of the tag.

               

              Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with ``aws:``.

              
            

            - **Value** *(string) --* 

              The value of the tag.

               

              Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.

              
        
      
        

        - **VgwTelemetry** *(list) --* 

          Information about the VPN tunnel.

          
          

          - *(dict) --* 

            Describes telemetry for a VPN tunnel.

            
            

            - **AcceptedRouteCount** *(integer) --* 

              The number of accepted routes.

              
            

            - **LastStatusChange** *(datetime) --* 

              The date and time of the last change in status. This field is updated when changes in IKE (Phase 1), IPSec (Phase 2), or BGP status are detected.

              
            

            - **OutsideIpAddress** *(string) --* 

              The Internet-routable IP address of the virtual private gateway's outside interface.

              
            

            - **Status** *(string) --* 

              The status of the VPN tunnel.

              
            

            - **StatusMessage** *(string) --* 

              If an error occurs, a description of the error.

              
            

            - **CertificateArn** *(string) --* 

              The Amazon Resource Name (ARN) of the VPN tunnel endpoint certificate.

              
        
      
        

        - **PreSharedKeyArn** *(string) --* 

          The Amazon Resource Name (ARN) of the Secrets Manager secret storing the pre-shared key(s) for the VPN connection.

          
        

        - **VpnConnectionId** *(string) --* 

          The ID of the VPN connection.

          
        

        - **State** *(string) --* 

          The current state of the VPN connection.

          
        

        - **CustomerGatewayConfiguration** *(string) --* 

          The configuration information for the VPN connection's customer gateway (in the native XML format). This element is always present in the  CreateVpnConnection response; however, it's present in the  DescribeVpnConnections response only if the VPN connection is in the ``pending`` or ``available`` state.

          
        

        - **Type** *(string) --* 

          The type of VPN connection.

          
        

        - **CustomerGatewayId** *(string) --* 

          The ID of the customer gateway at your end of the VPN connection.

          
        

        - **VpnGatewayId** *(string) --* 

          The ID of the virtual private gateway at the Amazon Web Services side of the VPN connection.

          
    
  