Static Policy-Based (Unmapped) External Connection (Terraform Example)

Connect to a remote site that supports policy-based VPN connectivity with static configuration (unmapped) from an Aviatrix gateway.

Currently, Aviatrix CoPilot does not offer an option to create Static Policy-Based Unmapped connections through its UI.You can create Static Policy-Based Unmapped connections by using the Aviatrix Terraform Provider, instead. This document describes how to create a Static Policy-Based Unmapped external connection using the Aviatrix Terraform resource, aviatrix_site2cloud.

Supported Gateways

Spoke Gateway that is not BGP enabled in AWS, Azure, and GCP
Speciality Gateway (not applicable to Public Subnet Filtering Gateway)

External Connection Settings

For information about the options that you can configure for a Site2Cloud (S2C) external connection, refer to About External Connection Settings.

Terraform Script

terraform {
  required_providers {
    aviatrix = {
      source  = "AviatrixSystems/aviatrix"
      version = ">= 3.1.0"
    }
  }
}

provider "aviatrix" {
  controller_ip = var.controller_ip
  username      = var.username
  password      = var.password
}

variable "controller_ip" { type = string }
variable "username" { type = string }
variable "password" { type = string }
variable "local_gw_name" { type = string }
variable "remote_gw_ip" { type = string }
variable "local_subnet_cidr" { type = string }
variable "remote_subnet_cidr" { type = string }

resource "aviatrix_site2cloud" "policy_based_unmapped" {
  connection_name            = "policy-based-unmapped"
  vpc_id                     = aviatrix_gateway.local.id
  primary_cloud_gateway_name = var.local_gw_name
  remote_gateway_type        = "generic"
  tunnel_type                = "policy"
  connection_type            = "unmapped"
  remote_gateway_ip          = var.remote_gw_ip
  local_subnet_cidr          = var.local_subnet_cidr
  remote_subnet_cidr         = var.remote_subnet_cidr
}

Terraform Variable Keys and Descriptions

Key	Description
controller_ip	Aviatrix Controller IP or FQDN.
username	Aviatrix Controller username.
password	Aviatrix Controller password.
local_gw_name	Name of the local Aviatrix gateway.
remote_gw_ip	Public IP address of the remote device.
local_subnet_cidr	Local subnet CIDR block (for, example, 10.0.0.0/16).
remote_subnet_cidr	Remote subnet CIDR block (for example, 192.168.0.0/16).

Key

Description

controller_ip

Aviatrix Controller IP or FQDN.

username

Aviatrix Controller username.

password

Aviatrix Controller password.

local_gw_name

Name of the local Aviatrix gateway.

remote_gw_ip

Public IP address of the remote device.

local_subnet_cidr

Local subnet CIDR block (for, example, 10.0.0.0/16).

remote_subnet_cidr

Remote subnet CIDR block (for example, 192.168.0.0/16).

For a list of the supported resource arguments, refer to aviatrix_site2cloud.

You must define or import the Aviatrix gateway resource for the local gateway.
Adjust variable values in your terraform.tfvars file as needed.