You can get information about one or more of your VPN connections.

By default, this action describes all your VPN connections.

If you exceed the number of identical requests allowed for a configured time period, the RequestLimitExceeded error message is returned.

This procedure uses AWS CLI only. Information about these resources is also available from Cockpit. For more information, see VPN Connections User Interface.


  • To get information about one or more VPN connections, use the describe-vpn-connections command following this syntax:

    Request sample
    $ aws ec2 describe-vpn-connections \
        --profile YOUR_PROFILE \
    	[--filters NOT_SPECIFIED] \
        --endpoint https://fcu.eu-west-2.outscale.com

    This command contains the following attributes that you need to specify:

    • (optional) profile: The named profile you want to use, created when configuring AWS CLI. For more information, see Installing and Configuring AWS CLI.
    • (optional) vpn-connection-ids: The ID of one or more VPN connections you want to get information about. 
    • (optional) filters: One or more filters, in the "Name=X,Values=Y" format.

      You can specify several values for a same filter using the "Name=X,Values=Y, Z" format.

      The following filters are available:

      • customer-gateway-configuration: Example configuration for the customer gateway, in XML format. For more information, see Tutorial: Setting up a VPN Connection.
      • customer-gateway-id: The ID of the Customer Gateway used in the VPN connection. 
      • state: The state of the VPN connection (pendingavailabledeletingdeleted). For more information, see About VPN Connections
      • option.static-routes-only: If true, the VPN connection uses static routes only. If false, it uses static and dynamic routes. For more information, see About VPN Connections
      • route.destination-cidr-blockThe destination range of IP addresses of the route, in CIDR notation.
      • bgp-asn: The Border Gateway Protocol (BGP) Autonomous System Number (ASN) associated with the VPN connection. 
      • tag-key: The key of a tag associated with the resource.

      • tag-value: The value of a tag associated with the resource.

      • tag:XXXX: The value of a tag associated with the resource, where XXXX is the key of the tag.

        To filter a tag whose key is XXXX and value is YYYY, you can therefore use either of the following two formats:

        • --filters Name=tag-key,Values=XXXX Name=tag-value,Values=YYYY

        • --filters Name=tag:XXXX,Values=YYYY


      • type: The type of VPN connection (always Ipsec.1).
      • vpn-connection-id: The ID of the VPN connection. 
      • vpn-gateway-id: The ID of the virtual private gateway used in the VPN connection. 
    • endpoint: The endpoint corresponding to the Region you want to send the request to.



    The describe-vpn-connections command returns the following elements:

    • VpnConnections: Information about one or more VPN connections. This element contains the following information: 

      • VpnConnectionId: The ID of the VPN connection. 

      • Tags: One or more tags associated with the VPN connection. This element contains the following information: 
        • Key: The key of the tag. 
        • Value: The value of the tag. 
      • CustomerGatewayConfiguration: Example configuration for the customer gateway, in XML format. For more information, see Tutorial: Setting up a VPN Connection.
      • Routes: Information about the static routes of the VPN connection, if any. This element contains the following information: 
        • DestinationCidrBlock: The destination range of IP addresses of the route, in CIDR notation.
        • Source: The type of route (always static). 
        • State: The state of the static route (pending | available | deleting | deleted).
      • VgwTelemetry: Information about the state of the VPN tunnel. This element contains the following information: 
        • Status: The state of the IPSEC tunnel (UP | DOWN). For more information, see About VPN Connections.
        • AcceptedRouteCount: The number of accepted routes through the Border Gateway Protocol (BGP) route exchanges. 
        • OutsideIpAddress: The IP address on the external interface of the virtual private gateway. 
        • LastStatusChange: The date and time of the last state change of the IPSEC tunnel. 
        • StatusMessage: A description of the current state of the tunnel. 
      • State: The state of the VPN connection (pending | available | deleting | deleted). For more information, see About VPN Connections
      • VpnGatewayId: The ID of the virtual private gateway.  
      • CustomerGatewayId: The ID of the customer gateway. 
      • Type: The type of VPN connection (always Ipsec.1).
      • Options: Information about the routing options of the VPN connection. This element contains the following information: 
        • StaticRoutesOnlyBy default or if set to false, the VPN connection uses dynamic routing with Border Gateway Protocol (BGP). If set to true, it uses static routing. For more information, see About VPN Connections and Creating a VPN Connection Route.   
    Result sample
     {
        "VpnConnections": [
            {
                "VpnConnectionId": "vpn-c750ea06", 
                "Tags": [], 
                "CustomerGatewayConfiguration": "...configuration information...", 
                "Routes": [], 
                "VgwTelemetry": [
                    {
                        "Status": "DOWN", 
                        "AcceptedRouteCount": 0, 
                        "OutsideIpAddress": "171.33.67.245", 
                        "LastStatusChange": "2017-02-01T14:08:51.649Z", 
                        "StatusMessage": "IPSEC IS DOWN"
                    }
                ], 
                "State": "available", 
                "VpnGatewayId": "vgw-00ac2c82", 
                "CustomerGatewayId": "cgw-f491f6d9", 
                "Type": "ipsec.1", 
                "Options": {
                    "StaticRoutesOnly": false
                }
            }
        ]
    }
    
Corresponding API Method


AWS™ and Amazon Web Services™ are trademarks of Amazon Technologies, Inc or its affiliates in the United States and/or other countries.