cfn-vpn configuration can be managed through a YAML file using the modify
command to apply the config changes to the vpn stack
run the modify
command and supply the yaml file to apply the changes
cfn-vpn routes [name] --params-yaml cfnvpn.[name].yaml
the following command will take the current config of a cfn-vpn stack and dump the contents into a YAML file named cfnvpn.[name].yaml
cfn-vpn params [name] --dump
region: ap-southeast-2
subnet_ids:
- subnet-abc123
- subnet-def456
cidr: 10.250.0.0/16
dns_servers:
- 10.250.0.2
split_tunnel: true
protocol: udp
bucket: my-vpn-bucket
server_cert_arn: arn:aws:acm:us-east-1:000000000000:certificate/123456
type: certificate
type: federated
saml_arn: arn:aws:iam::000000000000:saml-provider/VpnSamlRole
saml_self_service_arn: arn:aws:iam::000000000000:saml-provider/VpnSelfServiceSamlRole
type: active-directory
directory_id: d-a1b2c3d4e5
Static CIDR Route
routes:
- cidr: 10.151.0.0/16
desc: route to dev peered vpc
groups:
- devs
- ops
DNS Lookup Route
routes:
- dns: example.com
desc: my dev alb
schedule: rate(10 minutes)
groups:
- dev
Cloud Lookup Route
routes:
- cloud: aws
schedule: rate(1 hour)
groups:
- ops
filters:
- name: region
values:
- ap-southeast-2
- name: service
values:
- API_GATEWAY
default_groups:
- group-a
auto_limit_increase: true
slack_webhook_url: https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX