feat(client-ec2): This release adds support for Private IP VPNs, a new feature allowing S2S VPN connections to use private ip addresses as the tunnel outside ip address over Direct Connect as transport.

awstools · awstools · commit 8f2eb0cff232 · 2022-06-21T18:18:48.000Z
diff --git a/clients/client-ec2/src/EC2.ts b/clients/client-ec2/src/EC2.ts
@@ -4536,10 +4536,9 @@ export class EC2 extends EC2Client {
   }
 
   /**
-   * <p>Provides information to Amazon Web Services about your VPN customer gateway device. The
-   *             customer gateway is the appliance at your end of the VPN connection. (The device on the
-   *                 Amazon Web Services side of the VPN connection is the virtual private gateway.) You
-   *             must provide the internet-routable IP address of the customer gateway's external
+   * <p>Provides information to Amazon Web Services about your customer gateway device. The
+   *             customer gateway device is the appliance at your end of the VPN connection. You
+   *             must provide the IP address of the customer gateway device’s external
    *             interface. The IP address must be static and can be behind a device performing network
    *             address translation (NAT).</p>
    *         <p>For devices that use Border Gateway Protocol (BGP), you can also provide the device's
diff --git a/clients/client-ec2/src/commands/CreateCustomerGatewayCommand.ts b/clients/client-ec2/src/commands/CreateCustomerGatewayCommand.ts
@@ -23,10 +23,9 @@ export interface CreateCustomerGatewayCommandInput extends CreateCustomerGateway
 export interface CreateCustomerGatewayCommandOutput extends CreateCustomerGatewayResult, __MetadataBearer {}
 
 /**
- * <p>Provides information to Amazon Web Services about your VPN customer gateway device. The
- *             customer gateway is the appliance at your end of the VPN connection. (The device on the
- *                 Amazon Web Services side of the VPN connection is the virtual private gateway.) You
- *             must provide the internet-routable IP address of the customer gateway's external
+ * <p>Provides information to Amazon Web Services about your customer gateway device. The
+ *             customer gateway device is the appliance at your end of the VPN connection. You
+ *             must provide the IP address of the customer gateway device’s external
  *             interface. The IP address must be static and can be behind a device performing network
  *             address translation (NAT).</p>
  *         <p>For devices that use Border Gateway Protocol (BGP), you can also provide the device's
diff --git a/clients/client-ec2/src/models/models_0.ts b/clients/client-ec2/src/models/models_0.ts
@@ -8112,7 +8112,8 @@ export interface CreateCustomerGatewayRequest {
   BgpAsn: number | undefined;
 
   /**
-   * <p>The Internet-routable IP address for the customer gateway's outside interface. The
+   * <p>
+   *             <i>This member has been deprecated.</i> The Internet-routable IP address for the customer gateway's outside interface. The
    *             address must be static.</p>
    */
   PublicIp?: string;
@@ -8139,6 +8140,13 @@ export interface CreateCustomerGatewayRequest {
    */
   DeviceName?: string;
 
+  /**
+   * <p>
+   *             IPv4 address for the customer gateway device's outside interface. The address must be static.
+   *         </p>
+   */
+  IpAddress?: string;
+
   /**
    * <p>Checks whether you have the required permissions for the action, without actually
    *             making the request, and provides an error response. If you have the required
@@ -8173,7 +8181,7 @@ export interface CustomerGateway {
   CustomerGatewayId?: string;
 
   /**
-   * <p>The Internet-routable IP address of the customer gateway's outside interface.</p>
+   * <p>The IP address of the customer gateway device's outside interface.</p>
    */
   IpAddress?: string;
 
diff --git a/clients/client-ec2/src/models/models_2.ts b/clients/client-ec2/src/models/models_2.ts
@@ -2675,6 +2675,21 @@ export interface VpnConnectionOptionsSpecification {
    *          </p>
    */
   RemoteIpv6NetworkCidr?: string;
+
+  /**
+   * <p>The type of IPv4 address assigned to the outside interface of the customer gateway device.</p>
+   *         <p>Valid values: <code>PrivateIpv4</code> | <code>PublicIpv4</code>
+   *          </p>
+   *         <p>Default: <code>PublicIpv4</code>
+   *          </p>
+   */
+  OutsideIpAddressType?: string;
+
+  /**
+   * <p>The transit gateway attachment ID to use for the VPN tunnel.</p>
+   *         <p>Required if <code>OutsideIpAddressType</code> is set to <code>PrivateIpv4</code>.</p>
+   */
+  TransportTransitGatewayAttachmentId?: string;
 }
 
 export namespace VpnConnectionOptionsSpecification {
@@ -3033,6 +3048,20 @@ export interface VpnConnectionOptions {
    */
   RemoteIpv6NetworkCidr?: string;
 
+  /**
+   * <p>The type of IPv4 address assigned to the outside interface of the customer gateway.</p>
+   *         <p>Valid values: <code>PrivateIpv4</code> | <code>PublicIpv4</code>
+   *          </p>
+   *         <p>Default: <code>PublicIpv4</code>
+   *          </p>
+   */
+  OutsideIpAddressType?: string;
+
+  /**
+   * <p>The transit gateway attachment ID in use for the VPN tunnel.</p>
+   */
+  TransportTransitGatewayAttachmentId?: string;
+
   /**
    * <p>Indicates whether the VPN tunnels process IPv4 or IPv6 traffic.</p>
    */
diff --git a/clients/client-ec2/src/models/models_3.ts b/clients/client-ec2/src/models/models_3.ts
@@ -675,8 +675,8 @@ export interface DescribeCustomerGatewaysRequest {
    *             </li>
    *             <li>
    *                 <p>
-   *                   <code>ip-address</code> - The IP address of the customer gateway's
-   *                     Internet-routable external interface.</p>
+   *                   <code>ip-address</code> - The IP address of the customer gateway
+   *                     device's external interface.</p>
    *             </li>
    *             <li>
    *                 <p>
diff --git a/clients/client-ec2/src/protocols/Aws_ec2.ts b/clients/client-ec2/src/protocols/Aws_ec2.ts
@@ -34642,7 +34642,7 @@ const serializeAws_ec2CreateCustomerGatewayRequest = (
     entries["BgpAsn"] = input.BgpAsn;
   }
   if (input.PublicIp !== undefined && input.PublicIp !== null) {
-    entries["IpAddress"] = input.PublicIp;
+    entries["PublicIp"] = input.PublicIp;
   }
   if (input.CertificateArn !== undefined && input.CertificateArn !== null) {
     entries["CertificateArn"] = input.CertificateArn;
@@ -34660,6 +34660,9 @@ const serializeAws_ec2CreateCustomerGatewayRequest = (
   if (input.DeviceName !== undefined && input.DeviceName !== null) {
     entries["DeviceName"] = input.DeviceName;
   }
+  if (input.IpAddress !== undefined && input.IpAddress !== null) {
+    entries["IpAddress"] = input.IpAddress;
+  }
   if (input.DryRun !== undefined && input.DryRun !== null) {
     entries["DryRun"] = input.DryRun;
   }
@@ -53501,6 +53504,12 @@ const serializeAws_ec2VpnConnectionOptionsSpecification = (
   if (input.RemoteIpv6NetworkCidr !== undefined && input.RemoteIpv6NetworkCidr !== null) {
     entries["RemoteIpv6NetworkCidr"] = input.RemoteIpv6NetworkCidr;
   }
+  if (input.OutsideIpAddressType !== undefined && input.OutsideIpAddressType !== null) {
+    entries["OutsideIpAddressType"] = input.OutsideIpAddressType;
+  }
+  if (input.TransportTransitGatewayAttachmentId !== undefined && input.TransportTransitGatewayAttachmentId !== null) {
+    entries["TransportTransitGatewayAttachmentId"] = input.TransportTransitGatewayAttachmentId;
+  }
   return entries;
 };
 
@@ -81457,6 +81466,8 @@ const deserializeAws_ec2VpnConnectionOptions = (output: any, context: __SerdeCon
     RemoteIpv4NetworkCidr: undefined,
     LocalIpv6NetworkCidr: undefined,
     RemoteIpv6NetworkCidr: undefined,
+    OutsideIpAddressType: undefined,
+    TransportTransitGatewayAttachmentId: undefined,
     TunnelInsideIpVersion: undefined,
     TunnelOptions: undefined,
   };
@@ -81478,6 +81489,12 @@ const deserializeAws_ec2VpnConnectionOptions = (output: any, context: __SerdeCon
   if (output["remoteIpv6NetworkCidr"] !== undefined) {
     contents.RemoteIpv6NetworkCidr = __expectString(output["remoteIpv6NetworkCidr"]);
   }
+  if (output["outsideIpAddressType"] !== undefined) {
+    contents.OutsideIpAddressType = __expectString(output["outsideIpAddressType"]);
+  }
+  if (output["transportTransitGatewayAttachmentId"] !== undefined) {
+    contents.TransportTransitGatewayAttachmentId = __expectString(output["transportTransitGatewayAttachmentId"]);
+  }
   if (output["tunnelInsideIpVersion"] !== undefined) {
     contents.TunnelInsideIpVersion = __expectString(output["tunnelInsideIpVersion"]);
   }
diff --git a/codegen/sdk-codegen/aws-models/ec2.json b/codegen/sdk-codegen/aws-models/ec2.json
@@ -10506,7 +10506,7 @@
         "target": "com.amazonaws.ec2#CreateCustomerGatewayResult"
       },
       "traits": {
-        "smithy.api#documentation": "<p>Provides information to Amazon Web Services about your VPN customer gateway device. The\n            customer gateway is the appliance at your end of the VPN connection. (The device on the\n                Amazon Web Services side of the VPN connection is the virtual private gateway.) You\n            must provide the internet-routable IP address of the customer gateway's external\n            interface. The IP address must be static and can be behind a device performing network\n            address translation (NAT).</p>\n        <p>For devices that use Border Gateway Protocol (BGP), you can also provide the device's\n            BGP Autonomous System Number (ASN). You can use an existing ASN assigned to your network.\n            If you don't have an ASN already, you can use a private ASN. For more information, see \n            <a href=\"https://docs.aws.amazon.com/vpn/latest/s2svpn/cgw-options.html\">Customer gateway \n                options for your Site-to-Site VPN connection</a> in the <i>Amazon Web Services Site-to-Site VPN User Guide</i>.</p>\n        <p>To create more than one customer gateway with the same VPN type, IP address, and\n            BGP ASN, specify a unique device name for each customer gateway. An identical request\n            returns information about the existing customer gateway; it doesn't create a new customer\n            gateway.</p>"
+        "smithy.api#documentation": "<p>Provides information to Amazon Web Services about your customer gateway device. The\n            customer gateway device is the appliance at your end of the VPN connection. You\n            must provide the IP address of the customer gateway device’s external\n            interface. The IP address must be static and can be behind a device performing network\n            address translation (NAT).</p>\n        <p>For devices that use Border Gateway Protocol (BGP), you can also provide the device's\n            BGP Autonomous System Number (ASN). You can use an existing ASN assigned to your network.\n            If you don't have an ASN already, you can use a private ASN. For more information, see \n            <a href=\"https://docs.aws.amazon.com/vpn/latest/s2svpn/cgw-options.html\">Customer gateway \n                options for your Site-to-Site VPN connection</a> in the <i>Amazon Web Services Site-to-Site VPN User Guide</i>.</p>\n        <p>To create more than one customer gateway with the same VPN type, IP address, and\n            BGP ASN, specify a unique device name for each customer gateway. An identical request\n            returns information about the existing customer gateway; it doesn't create a new customer\n            gateway.</p>"
       }
     },
     "com.amazonaws.ec2#CreateCustomerGatewayRequest": {
@@ -10522,8 +10522,7 @@
         "PublicIp": {
           "target": "com.amazonaws.ec2#String",
           "traits": {
-            "smithy.api#documentation": "<p>The Internet-routable IP address for the customer gateway's outside interface. The\n            address must be static.</p>",
-            "smithy.api#xmlName": "IpAddress"
+            "smithy.api#documentation": "<p>\n            <i>This member has been deprecated.</i> The Internet-routable IP address for the customer gateway's outside interface. The\n            address must be static.</p>"
           }
         },
         "CertificateArn": {
@@ -10552,6 +10551,12 @@
             "smithy.api#documentation": "<p>A name for the customer gateway device.</p>\n        <p>Length Constraints: Up to 255 characters.</p>"
           }
         },
+        "IpAddress": {
+          "target": "com.amazonaws.ec2#String",
+          "traits": {
+            "smithy.api#documentation": "<p>\n            IPv4 address for the customer gateway device's outside interface. The address must be static.\n        </p>"
+          }
+        },
         "DryRun": {
           "target": "com.amazonaws.ec2#Boolean",
           "traits": {
@@ -15679,7 +15684,7 @@
           "target": "com.amazonaws.ec2#String",
           "traits": {
             "aws.protocols#ec2QueryName": "IpAddress",
-            "smithy.api#documentation": "<p>The Internet-routable IP address of the customer gateway's outside interface.</p>",
+            "smithy.api#documentation": "<p>The IP address of the customer gateway device's outside interface.</p>",
             "smithy.api#xmlName": "ipAddress"
           }
         },
@@ -20616,7 +20621,7 @@
         "Filters": {
           "target": "com.amazonaws.ec2#FilterList",
           "traits": {
-            "smithy.api#documentation": "<p>One or more filters.</p>\n        <ul>\n            <li>\n                <p>\n                  <code>bgp-asn</code> - The customer gateway's Border Gateway Protocol (BGP)\n                    Autonomous System Number (ASN).</p>\n            </li>\n            <li>\n                <p>\n                  <code>customer-gateway-id</code> - The ID of the customer gateway.</p>\n            </li>\n            <li>\n                <p>\n                  <code>ip-address</code> - The IP address of the customer gateway's\n                    Internet-routable external interface.</p>\n            </li>\n            <li>\n                <p>\n                  <code>state</code> - The state of the customer gateway (<code>pending</code> |\n                        <code>available</code> | <code>deleting</code> |\n                    <code>deleted</code>).</p>\n            </li>\n            <li>\n                <p>\n                  <code>type</code> - The type of customer gateway. Currently, the only\n                    supported type is <code>ipsec.1</code>.</p>\n            </li>\n            <li> \n               <p>\n                  <code>tag</code>:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value.\n    For example, to find all resources that have a tag with the key <code>Owner</code> and the value <code>TeamA</code>, specify <code>tag:Owner</code> for the filter name and <code>TeamA</code> for the filter value.</p> \n            </li>\n            <li> \n               <p>\n                  <code>tag-key</code> - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.</p> \n            </li>\n         </ul>",
+            "smithy.api#documentation": "<p>One or more filters.</p>\n        <ul>\n            <li>\n                <p>\n                  <code>bgp-asn</code> - The customer gateway's Border Gateway Protocol (BGP)\n                    Autonomous System Number (ASN).</p>\n            </li>\n            <li>\n                <p>\n                  <code>customer-gateway-id</code> - The ID of the customer gateway.</p>\n            </li>\n            <li>\n                <p>\n                  <code>ip-address</code> - The IP address of the customer gateway\n                    device's external interface.</p>\n            </li>\n            <li>\n                <p>\n                  <code>state</code> - The state of the customer gateway (<code>pending</code> |\n                        <code>available</code> | <code>deleting</code> |\n                    <code>deleted</code>).</p>\n            </li>\n            <li>\n                <p>\n                  <code>type</code> - The type of customer gateway. Currently, the only\n                    supported type is <code>ipsec.1</code>.</p>\n            </li>\n            <li> \n               <p>\n                  <code>tag</code>:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value.\n    For example, to find all resources that have a tag with the key <code>Owner</code> and the value <code>TeamA</code>, specify <code>tag:Owner</code> for the filter name and <code>TeamA</code> for the filter value.</p> \n            </li>\n            <li> \n               <p>\n                  <code>tag-key</code> - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.</p> \n            </li>\n         </ul>",
             "smithy.api#xmlName": "Filter"
           }
         },
@@ -80085,6 +80090,22 @@
             "smithy.api#xmlName": "remoteIpv6NetworkCidr"
           }
         },
+        "OutsideIpAddressType": {
+          "target": "com.amazonaws.ec2#String",
+          "traits": {
+            "aws.protocols#ec2QueryName": "OutsideIpAddressType",
+            "smithy.api#documentation": "<p>The type of IPv4 address assigned to the outside interface of the customer gateway.</p>\n        <p>Valid values: <code>PrivateIpv4</code> | <code>PublicIpv4</code>\n         </p>\n        <p>Default: <code>PublicIpv4</code>\n         </p>",
+            "smithy.api#xmlName": "outsideIpAddressType"
+          }
+        },
+        "TransportTransitGatewayAttachmentId": {
+          "target": "com.amazonaws.ec2#String",
+          "traits": {
+            "aws.protocols#ec2QueryName": "TransportTransitGatewayAttachmentId",
+            "smithy.api#documentation": "<p>The transit gateway attachment ID in use for the VPN tunnel.</p>",
+            "smithy.api#xmlName": "transportTransitGatewayAttachmentId"
+          }
+        },
         "TunnelInsideIpVersion": {
           "target": "com.amazonaws.ec2#TunnelInsideIpVersion",
           "traits": {
@@ -80158,6 +80179,18 @@
           "traits": {
             "smithy.api#documentation": "<p>The IPv6 CIDR on the Amazon Web Services side of the VPN connection.</p>\n        <p>Default: <code>::/0</code>\n         </p>"
           }
+        },
+        "OutsideIpAddressType": {
+          "target": "com.amazonaws.ec2#String",
+          "traits": {
+            "smithy.api#documentation": "<p>The type of IPv4 address assigned to the outside interface of the customer gateway device.</p>\n        <p>Valid values: <code>PrivateIpv4</code> | <code>PublicIpv4</code>\n         </p>\n        <p>Default: <code>PublicIpv4</code>\n         </p>"
+          }
+        },
+        "TransportTransitGatewayAttachmentId": {
+          "target": "com.amazonaws.ec2#TransitGatewayAttachmentId",
+          "traits": {
+            "smithy.api#documentation": "<p>The transit gateway attachment ID to use for the VPN tunnel.</p>\n        <p>Required if <code>OutsideIpAddressType</code> is set to <code>PrivateIpv4</code>.</p>"
+          }
         }
       },
       "traits": {
