aws-sdk-ec2 1.106.0 → 1.107.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -8093,6 +8093,47 @@ module Aws::EC2
8093
8093
  # {
8094
8094
  # tunnel_inside_cidr: "String",
8095
8095
  # pre_shared_key: "String",
8096
+ # phase_1_lifetime_seconds: 1,
8097
+ # phase_2_lifetime_seconds: 1,
8098
+ # rekey_margin_time_seconds: 1,
8099
+ # rekey_fuzz_percentage: 1,
8100
+ # replay_window_size: 1,
8101
+ # dpd_timeout_seconds: 1,
8102
+ # phase_1_encryption_algorithms: [
8103
+ # {
8104
+ # value: "String",
8105
+ # },
8106
+ # ],
8107
+ # phase_2_encryption_algorithms: [
8108
+ # {
8109
+ # value: "String",
8110
+ # },
8111
+ # ],
8112
+ # phase_1_integrity_algorithms: [
8113
+ # {
8114
+ # value: "String",
8115
+ # },
8116
+ # ],
8117
+ # phase_2_integrity_algorithms: [
8118
+ # {
8119
+ # value: "String",
8120
+ # },
8121
+ # ],
8122
+ # phase_1_dh_group_numbers: [
8123
+ # {
8124
+ # value: 1,
8125
+ # },
8126
+ # ],
8127
+ # phase_2_dh_group_numbers: [
8128
+ # {
8129
+ # value: 1,
8130
+ # },
8131
+ # ],
8132
+ # ike_versions: [
8133
+ # {
8134
+ # value: "String",
8135
+ # },
8136
+ # ],
8096
8137
  # },
8097
8138
  # ],
8098
8139
  # },
@@ -22529,6 +22570,39 @@ module Aws::EC2
22529
22570
  include Aws::Structure
22530
22571
  end
22531
22572
 
22573
+ # The internet key exchange (IKE) version permitted for the VPN tunnel.
22574
+ #
22575
+ # @!attribute [rw] value
22576
+ # The IKE version.
22577
+ # @return [String]
22578
+ #
22579
+ # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/IKEVersionsListValue AWS API Documentation
22580
+ #
22581
+ class IKEVersionsListValue < Struct.new(
22582
+ :value)
22583
+ include Aws::Structure
22584
+ end
22585
+
22586
+ # The IKE version that is permitted for the VPN tunnel.
22587
+ #
22588
+ # @note When making an API call, you may pass IKEVersionsRequestListValue
22589
+ # data as a hash:
22590
+ #
22591
+ # {
22592
+ # value: "String",
22593
+ # }
22594
+ #
22595
+ # @!attribute [rw] value
22596
+ # The IKE version.
22597
+ # @return [String]
22598
+ #
22599
+ # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/IKEVersionsRequestListValue AWS API Documentation
22600
+ #
22601
+ class IKEVersionsRequestListValue < Struct.new(
22602
+ :value)
22603
+ include Aws::Structure
22604
+ end
22605
+
22532
22606
  # Describes an IAM instance profile.
22533
22607
  #
22534
22608
  # @!attribute [rw] arn
@@ -29248,6 +29322,308 @@ module Aws::EC2
29248
29322
  include Aws::Structure
29249
29323
  end
29250
29324
 
29325
+ # @note When making an API call, you may pass ModifyVpnTunnelOptionsRequest
29326
+ # data as a hash:
29327
+ #
29328
+ # {
29329
+ # vpn_connection_id: "String", # required
29330
+ # vpn_tunnel_outside_ip_address: "String", # required
29331
+ # tunnel_options: { # required
29332
+ # tunnel_inside_cidr: "String",
29333
+ # pre_shared_key: "String",
29334
+ # phase_1_lifetime_seconds: 1,
29335
+ # phase_2_lifetime_seconds: 1,
29336
+ # rekey_margin_time_seconds: 1,
29337
+ # rekey_fuzz_percentage: 1,
29338
+ # replay_window_size: 1,
29339
+ # dpd_timeout_seconds: 1,
29340
+ # phase_1_encryption_algorithms: [
29341
+ # {
29342
+ # value: "String",
29343
+ # },
29344
+ # ],
29345
+ # phase_2_encryption_algorithms: [
29346
+ # {
29347
+ # value: "String",
29348
+ # },
29349
+ # ],
29350
+ # phase_1_integrity_algorithms: [
29351
+ # {
29352
+ # value: "String",
29353
+ # },
29354
+ # ],
29355
+ # phase_2_integrity_algorithms: [
29356
+ # {
29357
+ # value: "String",
29358
+ # },
29359
+ # ],
29360
+ # phase_1_dh_group_numbers: [
29361
+ # {
29362
+ # value: 1,
29363
+ # },
29364
+ # ],
29365
+ # phase_2_dh_group_numbers: [
29366
+ # {
29367
+ # value: 1,
29368
+ # },
29369
+ # ],
29370
+ # ike_versions: [
29371
+ # {
29372
+ # value: "String",
29373
+ # },
29374
+ # ],
29375
+ # },
29376
+ # dry_run: false,
29377
+ # }
29378
+ #
29379
+ # @!attribute [rw] vpn_connection_id
29380
+ # The ID of the AWS Site-to-Site VPN connection.
29381
+ # @return [String]
29382
+ #
29383
+ # @!attribute [rw] vpn_tunnel_outside_ip_address
29384
+ # The external IP address of the VPN tunnel.
29385
+ # @return [String]
29386
+ #
29387
+ # @!attribute [rw] tunnel_options
29388
+ # The tunnel options to modify.
29389
+ # @return [Types::ModifyVpnTunnelOptionsSpecification]
29390
+ #
29391
+ # @!attribute [rw] dry_run
29392
+ # Checks whether you have the required permissions for the action,
29393
+ # without actually making the request, and provides an error response.
29394
+ # If you have the required permissions, the error response is
29395
+ # `DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.
29396
+ # @return [Boolean]
29397
+ #
29398
+ # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVpnTunnelOptionsRequest AWS API Documentation
29399
+ #
29400
+ class ModifyVpnTunnelOptionsRequest < Struct.new(
29401
+ :vpn_connection_id,
29402
+ :vpn_tunnel_outside_ip_address,
29403
+ :tunnel_options,
29404
+ :dry_run)
29405
+ include Aws::Structure
29406
+ end
29407
+
29408
+ # @!attribute [rw] vpn_connection
29409
+ # Describes a VPN connection.
29410
+ # @return [Types::VpnConnection]
29411
+ #
29412
+ # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVpnTunnelOptionsResult AWS API Documentation
29413
+ #
29414
+ class ModifyVpnTunnelOptionsResult < Struct.new(
29415
+ :vpn_connection)
29416
+ include Aws::Structure
29417
+ end
29418
+
29419
+ # The AWS Site-to-Site VPN tunnel options to modify.
29420
+ #
29421
+ # @note When making an API call, you may pass ModifyVpnTunnelOptionsSpecification
29422
+ # data as a hash:
29423
+ #
29424
+ # {
29425
+ # tunnel_inside_cidr: "String",
29426
+ # pre_shared_key: "String",
29427
+ # phase_1_lifetime_seconds: 1,
29428
+ # phase_2_lifetime_seconds: 1,
29429
+ # rekey_margin_time_seconds: 1,
29430
+ # rekey_fuzz_percentage: 1,
29431
+ # replay_window_size: 1,
29432
+ # dpd_timeout_seconds: 1,
29433
+ # phase_1_encryption_algorithms: [
29434
+ # {
29435
+ # value: "String",
29436
+ # },
29437
+ # ],
29438
+ # phase_2_encryption_algorithms: [
29439
+ # {
29440
+ # value: "String",
29441
+ # },
29442
+ # ],
29443
+ # phase_1_integrity_algorithms: [
29444
+ # {
29445
+ # value: "String",
29446
+ # },
29447
+ # ],
29448
+ # phase_2_integrity_algorithms: [
29449
+ # {
29450
+ # value: "String",
29451
+ # },
29452
+ # ],
29453
+ # phase_1_dh_group_numbers: [
29454
+ # {
29455
+ # value: 1,
29456
+ # },
29457
+ # ],
29458
+ # phase_2_dh_group_numbers: [
29459
+ # {
29460
+ # value: 1,
29461
+ # },
29462
+ # ],
29463
+ # ike_versions: [
29464
+ # {
29465
+ # value: "String",
29466
+ # },
29467
+ # ],
29468
+ # }
29469
+ #
29470
+ # @!attribute [rw] tunnel_inside_cidr
29471
+ # The range of inside IP addresses for the tunnel. Any specified CIDR
29472
+ # blocks must be unique across all VPN connections that use the same
29473
+ # virtual private gateway.
29474
+ #
29475
+ # Constraints: A size /30 CIDR block from the `169.254.0.0/16` range.
29476
+ # The following CIDR blocks are reserved and cannot be used:
29477
+ #
29478
+ # * `169.254.0.0/30`
29479
+ #
29480
+ # * `169.254.1.0/30`
29481
+ #
29482
+ # * `169.254.2.0/30`
29483
+ #
29484
+ # * `169.254.3.0/30`
29485
+ #
29486
+ # * `169.254.4.0/30`
29487
+ #
29488
+ # * `169.254.5.0/30`
29489
+ #
29490
+ # * `169.254.169.252/30`
29491
+ # @return [String]
29492
+ #
29493
+ # @!attribute [rw] pre_shared_key
29494
+ # The pre-shared key (PSK) to establish initial authentication between
29495
+ # the virtual private gateway and the customer gateway.
29496
+ #
29497
+ # Constraints: Allowed characters are alphanumeric characters, periods
29498
+ # (.), and underscores (\_). Must be between 8 and 64 characters in
29499
+ # length and cannot start with zero (0).
29500
+ # @return [String]
29501
+ #
29502
+ # @!attribute [rw] phase_1_lifetime_seconds
29503
+ # The lifetime for phase 1 of the IKE negotiation, in seconds.
29504
+ #
29505
+ # Constraints: A value between 900 and 28,800.
29506
+ #
29507
+ # Default: `28800`
29508
+ # @return [Integer]
29509
+ #
29510
+ # @!attribute [rw] phase_2_lifetime_seconds
29511
+ # The lifetime for phase 2 of the IKE negotiation, in seconds.
29512
+ #
29513
+ # Constraints: A value between 900 and 3,600. The value must be less
29514
+ # than the value for `Phase1LifetimeSeconds`.
29515
+ #
29516
+ # Default: `3600`
29517
+ # @return [Integer]
29518
+ #
29519
+ # @!attribute [rw] rekey_margin_time_seconds
29520
+ # The margin time, in seconds, before the phase 2 lifetime expires,
29521
+ # during which the AWS side of the VPN connection performs an IKE
29522
+ # rekey. The exact time of the rekey is randomly selected based on the
29523
+ # value for `RekeyFuzzPercentage`.
29524
+ #
29525
+ # Constraints: A value between 60 and half of `Phase2LifetimeSeconds`.
29526
+ #
29527
+ # Default: `540`
29528
+ # @return [Integer]
29529
+ #
29530
+ # @!attribute [rw] rekey_fuzz_percentage
29531
+ # The percentage of the rekey window (determined by
29532
+ # `RekeyMarginTimeSeconds`) during which the rekey time is randomly
29533
+ # selected.
29534
+ #
29535
+ # Constraints: A value between 0 and 100.
29536
+ #
29537
+ # Default: `100`
29538
+ # @return [Integer]
29539
+ #
29540
+ # @!attribute [rw] replay_window_size
29541
+ # The number of packets in an IKE replay window.
29542
+ #
29543
+ # Constraints: A value between 64 and 2048.
29544
+ #
29545
+ # Default: `1024`
29546
+ # @return [Integer]
29547
+ #
29548
+ # @!attribute [rw] dpd_timeout_seconds
29549
+ # The number of seconds after which a DPD timeout occurs.
29550
+ #
29551
+ # Constraints: A value between 0 and 30.
29552
+ #
29553
+ # Default: `30`
29554
+ # @return [Integer]
29555
+ #
29556
+ # @!attribute [rw] phase_1_encryption_algorithms
29557
+ # One or more encryption algorithms that are permitted for the VPN
29558
+ # tunnel for phase 1 IKE negotiations.
29559
+ #
29560
+ # Valid values: `AES128` \| `AES256`
29561
+ # @return [Array<Types::Phase1EncryptionAlgorithmsRequestListValue>]
29562
+ #
29563
+ # @!attribute [rw] phase_2_encryption_algorithms
29564
+ # One or more encryption algorithms that are permitted for the VPN
29565
+ # tunnel for phase 2 IKE negotiations.
29566
+ #
29567
+ # Valid values: `AES128` \| `AES256`
29568
+ # @return [Array<Types::Phase2EncryptionAlgorithmsRequestListValue>]
29569
+ #
29570
+ # @!attribute [rw] phase_1_integrity_algorithms
29571
+ # One or more integrity algorithms that are permitted for the VPN
29572
+ # tunnel for phase 1 IKE negotiations.
29573
+ #
29574
+ # Valid values: `SHA1` \| `SHA2-256`
29575
+ # @return [Array<Types::Phase1IntegrityAlgorithmsRequestListValue>]
29576
+ #
29577
+ # @!attribute [rw] phase_2_integrity_algorithms
29578
+ # One or more integrity algorithms that are permitted for the VPN
29579
+ # tunnel for phase 2 IKE negotiations.
29580
+ #
29581
+ # Valid values: `SHA1` \| `SHA2-256`
29582
+ # @return [Array<Types::Phase2IntegrityAlgorithmsRequestListValue>]
29583
+ #
29584
+ # @!attribute [rw] phase_1_dh_group_numbers
29585
+ # One or more Diffie-Hellman group numbers that are permitted for the
29586
+ # VPN tunnel for phase 1 IKE negotiations.
29587
+ #
29588
+ # Valid values: `2` \| `14` \| `15` \| `16` \| `17` \| `18` \| `22` \|
29589
+ # `23` \| `24`
29590
+ # @return [Array<Types::Phase1DHGroupNumbersRequestListValue>]
29591
+ #
29592
+ # @!attribute [rw] phase_2_dh_group_numbers
29593
+ # One or more Diffie-Hellman group numbers that are permitted for the
29594
+ # VPN tunnel for phase 2 IKE negotiations.
29595
+ #
29596
+ # Valid values: `2` \| `5` \| `14` \| `15` \| `16` \| `17` \| `18` \|
29597
+ # `22` \| `23` \| `24`
29598
+ # @return [Array<Types::Phase2DHGroupNumbersRequestListValue>]
29599
+ #
29600
+ # @!attribute [rw] ike_versions
29601
+ # The IKE versions that are permitted for the VPN tunnel.
29602
+ #
29603
+ # Valid values: `ikev1` \| `ikev2`
29604
+ # @return [Array<Types::IKEVersionsRequestListValue>]
29605
+ #
29606
+ # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVpnTunnelOptionsSpecification AWS API Documentation
29607
+ #
29608
+ class ModifyVpnTunnelOptionsSpecification < Struct.new(
29609
+ :tunnel_inside_cidr,
29610
+ :pre_shared_key,
29611
+ :phase_1_lifetime_seconds,
29612
+ :phase_2_lifetime_seconds,
29613
+ :rekey_margin_time_seconds,
29614
+ :rekey_fuzz_percentage,
29615
+ :replay_window_size,
29616
+ :dpd_timeout_seconds,
29617
+ :phase_1_encryption_algorithms,
29618
+ :phase_2_encryption_algorithms,
29619
+ :phase_1_integrity_algorithms,
29620
+ :phase_2_integrity_algorithms,
29621
+ :phase_1_dh_group_numbers,
29622
+ :phase_2_dh_group_numbers,
29623
+ :ike_versions)
29624
+ include Aws::Structure
29625
+ end
29626
+
29251
29627
  # @note When making an API call, you may pass MonitorInstancesRequest
29252
29628
  # data as a hash:
29253
29629
  #
@@ -30151,6 +30527,210 @@ module Aws::EC2
30151
30527
  include Aws::Structure
30152
30528
  end
30153
30529
 
30530
+ # The Diffie-Hellmann group number for phase 1 IKE negotiations.
30531
+ #
30532
+ # @!attribute [rw] value
30533
+ # The Diffie-Hellmann group number.
30534
+ # @return [Integer]
30535
+ #
30536
+ # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/Phase1DHGroupNumbersListValue AWS API Documentation
30537
+ #
30538
+ class Phase1DHGroupNumbersListValue < Struct.new(
30539
+ :value)
30540
+ include Aws::Structure
30541
+ end
30542
+
30543
+ # Specifies a Diffie-Hellman group number for the VPN tunnel for phase 1
30544
+ # IKE negotiations.
30545
+ #
30546
+ # @note When making an API call, you may pass Phase1DHGroupNumbersRequestListValue
30547
+ # data as a hash:
30548
+ #
30549
+ # {
30550
+ # value: 1,
30551
+ # }
30552
+ #
30553
+ # @!attribute [rw] value
30554
+ # The Diffie-Hellmann group number.
30555
+ # @return [Integer]
30556
+ #
30557
+ # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/Phase1DHGroupNumbersRequestListValue AWS API Documentation
30558
+ #
30559
+ class Phase1DHGroupNumbersRequestListValue < Struct.new(
30560
+ :value)
30561
+ include Aws::Structure
30562
+ end
30563
+
30564
+ # The encryption algorithm for phase 1 IKE negotiations.
30565
+ #
30566
+ # @!attribute [rw] value
30567
+ # The value for the encryption algorithm.
30568
+ # @return [String]
30569
+ #
30570
+ # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/Phase1EncryptionAlgorithmsListValue AWS API Documentation
30571
+ #
30572
+ class Phase1EncryptionAlgorithmsListValue < Struct.new(
30573
+ :value)
30574
+ include Aws::Structure
30575
+ end
30576
+
30577
+ # Specifies the encryption algorithm for the VPN tunnel for phase 1 IKE
30578
+ # negotiations.
30579
+ #
30580
+ # @note When making an API call, you may pass Phase1EncryptionAlgorithmsRequestListValue
30581
+ # data as a hash:
30582
+ #
30583
+ # {
30584
+ # value: "String",
30585
+ # }
30586
+ #
30587
+ # @!attribute [rw] value
30588
+ # The value for the encryption algorithm.
30589
+ # @return [String]
30590
+ #
30591
+ # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/Phase1EncryptionAlgorithmsRequestListValue AWS API Documentation
30592
+ #
30593
+ class Phase1EncryptionAlgorithmsRequestListValue < Struct.new(
30594
+ :value)
30595
+ include Aws::Structure
30596
+ end
30597
+
30598
+ # The integrity algorithm for phase 1 IKE negotiations.
30599
+ #
30600
+ # @!attribute [rw] value
30601
+ # The value for the integrity algorithm.
30602
+ # @return [String]
30603
+ #
30604
+ # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/Phase1IntegrityAlgorithmsListValue AWS API Documentation
30605
+ #
30606
+ class Phase1IntegrityAlgorithmsListValue < Struct.new(
30607
+ :value)
30608
+ include Aws::Structure
30609
+ end
30610
+
30611
+ # Specifies the integrity algorithm for the VPN tunnel for phase 1 IKE
30612
+ # negotiations.
30613
+ #
30614
+ # @note When making an API call, you may pass Phase1IntegrityAlgorithmsRequestListValue
30615
+ # data as a hash:
30616
+ #
30617
+ # {
30618
+ # value: "String",
30619
+ # }
30620
+ #
30621
+ # @!attribute [rw] value
30622
+ # The value for the integrity algorithm.
30623
+ # @return [String]
30624
+ #
30625
+ # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/Phase1IntegrityAlgorithmsRequestListValue AWS API Documentation
30626
+ #
30627
+ class Phase1IntegrityAlgorithmsRequestListValue < Struct.new(
30628
+ :value)
30629
+ include Aws::Structure
30630
+ end
30631
+
30632
+ # The Diffie-Hellmann group number for phase 2 IKE negotiations.
30633
+ #
30634
+ # @!attribute [rw] value
30635
+ # The Diffie-Hellmann group number.
30636
+ # @return [Integer]
30637
+ #
30638
+ # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/Phase2DHGroupNumbersListValue AWS API Documentation
30639
+ #
30640
+ class Phase2DHGroupNumbersListValue < Struct.new(
30641
+ :value)
30642
+ include Aws::Structure
30643
+ end
30644
+
30645
+ # Specifies a Diffie-Hellman group number for the VPN tunnel for phase 2
30646
+ # IKE negotiations.
30647
+ #
30648
+ # @note When making an API call, you may pass Phase2DHGroupNumbersRequestListValue
30649
+ # data as a hash:
30650
+ #
30651
+ # {
30652
+ # value: 1,
30653
+ # }
30654
+ #
30655
+ # @!attribute [rw] value
30656
+ # The Diffie-Hellmann group number.
30657
+ # @return [Integer]
30658
+ #
30659
+ # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/Phase2DHGroupNumbersRequestListValue AWS API Documentation
30660
+ #
30661
+ class Phase2DHGroupNumbersRequestListValue < Struct.new(
30662
+ :value)
30663
+ include Aws::Structure
30664
+ end
30665
+
30666
+ # The encryption algorithm for phase 2 IKE negotiations.
30667
+ #
30668
+ # @!attribute [rw] value
30669
+ # The encryption algorithm.
30670
+ # @return [String]
30671
+ #
30672
+ # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/Phase2EncryptionAlgorithmsListValue AWS API Documentation
30673
+ #
30674
+ class Phase2EncryptionAlgorithmsListValue < Struct.new(
30675
+ :value)
30676
+ include Aws::Structure
30677
+ end
30678
+
30679
+ # Specifies the encryption algorithm for the VPN tunnel for phase 2 IKE
30680
+ # negotiations.
30681
+ #
30682
+ # @note When making an API call, you may pass Phase2EncryptionAlgorithmsRequestListValue
30683
+ # data as a hash:
30684
+ #
30685
+ # {
30686
+ # value: "String",
30687
+ # }
30688
+ #
30689
+ # @!attribute [rw] value
30690
+ # The encryption algorithm.
30691
+ # @return [String]
30692
+ #
30693
+ # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/Phase2EncryptionAlgorithmsRequestListValue AWS API Documentation
30694
+ #
30695
+ class Phase2EncryptionAlgorithmsRequestListValue < Struct.new(
30696
+ :value)
30697
+ include Aws::Structure
30698
+ end
30699
+
30700
+ # The integrity algorithm for phase 2 IKE negotiations.
30701
+ #
30702
+ # @!attribute [rw] value
30703
+ # The integrity algorithm.
30704
+ # @return [String]
30705
+ #
30706
+ # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/Phase2IntegrityAlgorithmsListValue AWS API Documentation
30707
+ #
30708
+ class Phase2IntegrityAlgorithmsListValue < Struct.new(
30709
+ :value)
30710
+ include Aws::Structure
30711
+ end
30712
+
30713
+ # Specifies the integrity algorithm for the VPN tunnel for phase 2 IKE
30714
+ # negotiations.
30715
+ #
30716
+ # @note When making an API call, you may pass Phase2IntegrityAlgorithmsRequestListValue
30717
+ # data as a hash:
30718
+ #
30719
+ # {
30720
+ # value: "String",
30721
+ # }
30722
+ #
30723
+ # @!attribute [rw] value
30724
+ # The integrity algorithm.
30725
+ # @return [String]
30726
+ #
30727
+ # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/Phase2IntegrityAlgorithmsRequestListValue AWS API Documentation
30728
+ #
30729
+ class Phase2IntegrityAlgorithmsRequestListValue < Struct.new(
30730
+ :value)
30731
+ include Aws::Structure
30732
+ end
30733
+
30154
30734
  # Describes the placement of an instance.
30155
30735
  #
30156
30736
  # @note When making an API call, you may pass Placement
@@ -39302,6 +39882,105 @@ module Aws::EC2
39302
39882
  include Aws::Structure
39303
39883
  end
39304
39884
 
39885
+ # The VPN tunnel options.
39886
+ #
39887
+ # @!attribute [rw] outside_ip_address
39888
+ # The external IP address of the VPN tunnel.
39889
+ # @return [String]
39890
+ #
39891
+ # @!attribute [rw] tunnel_inside_cidr
39892
+ # The range of inside IP addresses for the tunnel.
39893
+ # @return [String]
39894
+ #
39895
+ # @!attribute [rw] pre_shared_key
39896
+ # The pre-shared key (PSK) to establish initial authentication between
39897
+ # the virtual private gateway and the customer gateway.
39898
+ # @return [String]
39899
+ #
39900
+ # @!attribute [rw] phase_1_lifetime_seconds
39901
+ # The lifetime for phase 1 of the IKE negotiation, in seconds.
39902
+ # @return [Integer]
39903
+ #
39904
+ # @!attribute [rw] phase_2_lifetime_seconds
39905
+ # The lifetime for phase 2 of the IKE negotiation, in seconds.
39906
+ # @return [Integer]
39907
+ #
39908
+ # @!attribute [rw] rekey_margin_time_seconds
39909
+ # The margin time, in seconds, before the phase 2 lifetime expires,
39910
+ # during which the AWS side of the VPN connection performs an IKE
39911
+ # rekey.
39912
+ # @return [Integer]
39913
+ #
39914
+ # @!attribute [rw] rekey_fuzz_percentage
39915
+ # The percentage of the rekey window determined by
39916
+ # `RekeyMarginTimeSeconds` during which the rekey time is randomly
39917
+ # selected.
39918
+ # @return [Integer]
39919
+ #
39920
+ # @!attribute [rw] replay_window_size
39921
+ # The number of packets in an IKE replay window.
39922
+ # @return [Integer]
39923
+ #
39924
+ # @!attribute [rw] dpd_timeout_seconds
39925
+ # The number of seconds after which a DPD timeout occurs.
39926
+ # @return [Integer]
39927
+ #
39928
+ # @!attribute [rw] phase_1_encryption_algorithms
39929
+ # The permitted encryption algorithms for the VPN tunnel for phase 1
39930
+ # IKE negotiations.
39931
+ # @return [Array<Types::Phase1EncryptionAlgorithmsListValue>]
39932
+ #
39933
+ # @!attribute [rw] phase_2_encryption_algorithms
39934
+ # The permitted encryption algorithms for the VPN tunnel for phase 2
39935
+ # IKE negotiations.
39936
+ # @return [Array<Types::Phase2EncryptionAlgorithmsListValue>]
39937
+ #
39938
+ # @!attribute [rw] phase_1_integrity_algorithms
39939
+ # The permitted integrity algorithms for the VPN tunnel for phase 1
39940
+ # IKE negotiations.
39941
+ # @return [Array<Types::Phase1IntegrityAlgorithmsListValue>]
39942
+ #
39943
+ # @!attribute [rw] phase_2_integrity_algorithms
39944
+ # The permitted integrity algorithms for the VPN tunnel for phase 2
39945
+ # IKE negotiations.
39946
+ # @return [Array<Types::Phase2IntegrityAlgorithmsListValue>]
39947
+ #
39948
+ # @!attribute [rw] phase_1_dh_group_numbers
39949
+ # The permitted Diffie-Hellman group numbers for the VPN tunnel for
39950
+ # phase 1 IKE negotiations.
39951
+ # @return [Array<Types::Phase1DHGroupNumbersListValue>]
39952
+ #
39953
+ # @!attribute [rw] phase_2_dh_group_numbers
39954
+ # The permitted Diffie-Hellman group numbers for the VPN tunnel for
39955
+ # phase 2 IKE negotiations.
39956
+ # @return [Array<Types::Phase2DHGroupNumbersListValue>]
39957
+ #
39958
+ # @!attribute [rw] ike_versions
39959
+ # The IKE versions that are permitted for the VPN tunnel.
39960
+ # @return [Array<Types::IKEVersionsListValue>]
39961
+ #
39962
+ # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/TunnelOption AWS API Documentation
39963
+ #
39964
+ class TunnelOption < Struct.new(
39965
+ :outside_ip_address,
39966
+ :tunnel_inside_cidr,
39967
+ :pre_shared_key,
39968
+ :phase_1_lifetime_seconds,
39969
+ :phase_2_lifetime_seconds,
39970
+ :rekey_margin_time_seconds,
39971
+ :rekey_fuzz_percentage,
39972
+ :replay_window_size,
39973
+ :dpd_timeout_seconds,
39974
+ :phase_1_encryption_algorithms,
39975
+ :phase_2_encryption_algorithms,
39976
+ :phase_1_integrity_algorithms,
39977
+ :phase_2_integrity_algorithms,
39978
+ :phase_1_dh_group_numbers,
39979
+ :phase_2_dh_group_numbers,
39980
+ :ike_versions)
39981
+ include Aws::Structure
39982
+ end
39983
+
39305
39984
  # @note When making an API call, you may pass UnassignIpv6AddressesRequest
39306
39985
  # data as a hash:
39307
39986
  #
@@ -40710,10 +41389,15 @@ module Aws::EC2
40710
41389
  # routes must be used for devices that don't support BGP.
40711
41390
  # @return [Boolean]
40712
41391
  #
41392
+ # @!attribute [rw] tunnel_options
41393
+ # Indicates the VPN tunnel options.
41394
+ # @return [Array<Types::TunnelOption>]
41395
+ #
40713
41396
  # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/VpnConnectionOptions AWS API Documentation
40714
41397
  #
40715
41398
  class VpnConnectionOptions < Struct.new(
40716
- :static_routes_only)
41399
+ :static_routes_only,
41400
+ :tunnel_options)
40717
41401
  include Aws::Structure
40718
41402
  end
40719
41403
 
@@ -40728,6 +41412,47 @@ module Aws::EC2
40728
41412
  # {
40729
41413
  # tunnel_inside_cidr: "String",
40730
41414
  # pre_shared_key: "String",
41415
+ # phase_1_lifetime_seconds: 1,
41416
+ # phase_2_lifetime_seconds: 1,
41417
+ # rekey_margin_time_seconds: 1,
41418
+ # rekey_fuzz_percentage: 1,
41419
+ # replay_window_size: 1,
41420
+ # dpd_timeout_seconds: 1,
41421
+ # phase_1_encryption_algorithms: [
41422
+ # {
41423
+ # value: "String",
41424
+ # },
41425
+ # ],
41426
+ # phase_2_encryption_algorithms: [
41427
+ # {
41428
+ # value: "String",
41429
+ # },
41430
+ # ],
41431
+ # phase_1_integrity_algorithms: [
41432
+ # {
41433
+ # value: "String",
41434
+ # },
41435
+ # ],
41436
+ # phase_2_integrity_algorithms: [
41437
+ # {
41438
+ # value: "String",
41439
+ # },
41440
+ # ],
41441
+ # phase_1_dh_group_numbers: [
41442
+ # {
41443
+ # value: 1,
41444
+ # },
41445
+ # ],
41446
+ # phase_2_dh_group_numbers: [
41447
+ # {
41448
+ # value: 1,
41449
+ # },
41450
+ # ],
41451
+ # ike_versions: [
41452
+ # {
41453
+ # value: "String",
41454
+ # },
41455
+ # ],
40731
41456
  # },
40732
41457
  # ],
40733
41458
  # }
@@ -40830,6 +41555,47 @@ module Aws::EC2
40830
41555
  # {
40831
41556
  # tunnel_inside_cidr: "String",
40832
41557
  # pre_shared_key: "String",
41558
+ # phase_1_lifetime_seconds: 1,
41559
+ # phase_2_lifetime_seconds: 1,
41560
+ # rekey_margin_time_seconds: 1,
41561
+ # rekey_fuzz_percentage: 1,
41562
+ # replay_window_size: 1,
41563
+ # dpd_timeout_seconds: 1,
41564
+ # phase_1_encryption_algorithms: [
41565
+ # {
41566
+ # value: "String",
41567
+ # },
41568
+ # ],
41569
+ # phase_2_encryption_algorithms: [
41570
+ # {
41571
+ # value: "String",
41572
+ # },
41573
+ # ],
41574
+ # phase_1_integrity_algorithms: [
41575
+ # {
41576
+ # value: "String",
41577
+ # },
41578
+ # ],
41579
+ # phase_2_integrity_algorithms: [
41580
+ # {
41581
+ # value: "String",
41582
+ # },
41583
+ # ],
41584
+ # phase_1_dh_group_numbers: [
41585
+ # {
41586
+ # value: 1,
41587
+ # },
41588
+ # ],
41589
+ # phase_2_dh_group_numbers: [
41590
+ # {
41591
+ # value: 1,
41592
+ # },
41593
+ # ],
41594
+ # ike_versions: [
41595
+ # {
41596
+ # value: "String",
41597
+ # },
41598
+ # ],
40833
41599
  # }
40834
41600
  #
40835
41601
  # @!attribute [rw] tunnel_inside_cidr
@@ -40859,16 +41625,133 @@ module Aws::EC2
40859
41625
  # The pre-shared key (PSK) to establish initial authentication between
40860
41626
  # the virtual private gateway and customer gateway.
40861
41627
  #
40862
- # Constraints: Allowed characters are alphanumeric characters and .\_.
40863
- # Must be between 8 and 64 characters in length and cannot start with
40864
- # zero (0).
41628
+ # Constraints: Allowed characters are alphanumeric characters, periods
41629
+ # (.), and underscores (\_). Must be between 8 and 64 characters in
41630
+ # length and cannot start with zero (0).
40865
41631
  # @return [String]
40866
41632
  #
41633
+ # @!attribute [rw] phase_1_lifetime_seconds
41634
+ # The lifetime for phase 1 of the IKE negotiation, in seconds.
41635
+ #
41636
+ # Constraints: A value between 900 and 28,800.
41637
+ #
41638
+ # Default: `28800`
41639
+ # @return [Integer]
41640
+ #
41641
+ # @!attribute [rw] phase_2_lifetime_seconds
41642
+ # The lifetime for phase 2 of the IKE negotiation, in seconds.
41643
+ #
41644
+ # Constraints: A value between 900 and 3,600. The value must be less
41645
+ # than the value for `Phase1LifetimeSeconds`.
41646
+ #
41647
+ # Default: `3600`
41648
+ # @return [Integer]
41649
+ #
41650
+ # @!attribute [rw] rekey_margin_time_seconds
41651
+ # The margin time, in seconds, before the phase 2 lifetime expires,
41652
+ # during which the AWS side of the VPN connection performs an IKE
41653
+ # rekey. The exact time of the rekey is randomly selected based on the
41654
+ # value for `RekeyFuzzPercentage`.
41655
+ #
41656
+ # Constraints: A value between 60 and half of `Phase2LifetimeSeconds`.
41657
+ #
41658
+ # Default: `540`
41659
+ # @return [Integer]
41660
+ #
41661
+ # @!attribute [rw] rekey_fuzz_percentage
41662
+ # The percentage of the rekey window (determined by
41663
+ # `RekeyMarginTimeSeconds`) during which the rekey time is randomly
41664
+ # selected.
41665
+ #
41666
+ # Constraints: A value between 0 and 100.
41667
+ #
41668
+ # Default: `100`
41669
+ # @return [Integer]
41670
+ #
41671
+ # @!attribute [rw] replay_window_size
41672
+ # The number of packets in an IKE replay window.
41673
+ #
41674
+ # Constraints: A value between 64 and 2048.
41675
+ #
41676
+ # Default: `1024`
41677
+ # @return [Integer]
41678
+ #
41679
+ # @!attribute [rw] dpd_timeout_seconds
41680
+ # The number of seconds after which a DPD timeout occurs.
41681
+ #
41682
+ # Constraints: A value between 0 and 30.
41683
+ #
41684
+ # Default: `30`
41685
+ # @return [Integer]
41686
+ #
41687
+ # @!attribute [rw] phase_1_encryption_algorithms
41688
+ # One or more encryption algorithms that are permitted for the VPN
41689
+ # tunnel for phase 1 IKE negotiations.
41690
+ #
41691
+ # Valid values: `AES128` \| `AES256`
41692
+ # @return [Array<Types::Phase1EncryptionAlgorithmsRequestListValue>]
41693
+ #
41694
+ # @!attribute [rw] phase_2_encryption_algorithms
41695
+ # One or more encryption algorithms that are permitted for the VPN
41696
+ # tunnel for phase 2 IKE negotiations.
41697
+ #
41698
+ # Valid values: `AES128` \| `AES256`
41699
+ # @return [Array<Types::Phase2EncryptionAlgorithmsRequestListValue>]
41700
+ #
41701
+ # @!attribute [rw] phase_1_integrity_algorithms
41702
+ # One or more integrity algorithms that are permitted for the VPN
41703
+ # tunnel for phase 1 IKE negotiations.
41704
+ #
41705
+ # Valid values: `SHA1` \| `SHA2-256`
41706
+ # @return [Array<Types::Phase1IntegrityAlgorithmsRequestListValue>]
41707
+ #
41708
+ # @!attribute [rw] phase_2_integrity_algorithms
41709
+ # One or more integrity algorithms that are permitted for the VPN
41710
+ # tunnel for phase 2 IKE negotiations.
41711
+ #
41712
+ # Valid values: `SHA1` \| `SHA2-256`
41713
+ # @return [Array<Types::Phase2IntegrityAlgorithmsRequestListValue>]
41714
+ #
41715
+ # @!attribute [rw] phase_1_dh_group_numbers
41716
+ # One or more Diffie-Hellman group numbers that are permitted for the
41717
+ # VPN tunnel for phase 1 IKE negotiations.
41718
+ #
41719
+ # Valid values: `2` \| `14` \| `15` \| `16` \| `17` \| `18` \| `22` \|
41720
+ # `23` \| `24`
41721
+ # @return [Array<Types::Phase1DHGroupNumbersRequestListValue>]
41722
+ #
41723
+ # @!attribute [rw] phase_2_dh_group_numbers
41724
+ # One or more Diffie-Hellman group numbers that are permitted for the
41725
+ # VPN tunnel for phase 2 IKE negotiations.
41726
+ #
41727
+ # Valid values: `2` \| `5` \| `14` \| `15` \| `16` \| `17` \| `18` \|
41728
+ # `22` \| `23` \| `24`
41729
+ # @return [Array<Types::Phase2DHGroupNumbersRequestListValue>]
41730
+ #
41731
+ # @!attribute [rw] ike_versions
41732
+ # The IKE versions that are permitted for the VPN tunnel.
41733
+ #
41734
+ # Valid values: `ikev1` \| `ikev2`
41735
+ # @return [Array<Types::IKEVersionsRequestListValue>]
41736
+ #
40867
41737
  # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/VpnTunnelOptionsSpecification AWS API Documentation
40868
41738
  #
40869
41739
  class VpnTunnelOptionsSpecification < Struct.new(
40870
41740
  :tunnel_inside_cidr,
40871
- :pre_shared_key)
41741
+ :pre_shared_key,
41742
+ :phase_1_lifetime_seconds,
41743
+ :phase_2_lifetime_seconds,
41744
+ :rekey_margin_time_seconds,
41745
+ :rekey_fuzz_percentage,
41746
+ :replay_window_size,
41747
+ :dpd_timeout_seconds,
41748
+ :phase_1_encryption_algorithms,
41749
+ :phase_2_encryption_algorithms,
41750
+ :phase_1_integrity_algorithms,
41751
+ :phase_2_integrity_algorithms,
41752
+ :phase_1_dh_group_numbers,
41753
+ :phase_2_dh_group_numbers,
41754
+ :ike_versions)
40872
41755
  include Aws::Structure
40873
41756
  end
40874
41757