By using AWS re:Post, you agree to the AWS re:Post Terms of Use

AWS SitetoSite VPN update using Cloud formation

0

I want to update DH group options in the VPN Tunnel options in existing site to site VPN connection using cloud formation. I'm getting an error as "There already exists a VpnConnection with different tunnel option valueIKEVersions between customer gateway"

1 Answer
0

Hi, have a look at this issue https://github.com/aws-cloudformation/cloudformation-coverage-roadmap/issues/429 in the CloudFormation Coverage Roadmap. It looks to me from the comments that for a long time there was no CloudFormation support for setting these options but some was added about a year ago. Yet the issue wasn't closed off which means maybe there are still problems with it.

Note that in https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpnconnection.html VpnTunnelOptionsSpecifications and its subproperties are marked "Update requires: Replacement", meaning usually CloudFormation creates the replacement resource first, changes references from other dependent resources to point to the replacement resource, and then deletes the old resource. I could see that approach leading to the error you're seeing, so perhaps that's where remaining problems lie.

You could try doing your update in two steps. First remove the AWS::EC2::VPNConnection object (and anything depending on it) from your template and do a Stack update, then add it back in with the new VpnTunnelOptionsSpecifications values and do a second Stack update.

EXPERT
answered 13 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions