Strata Cloud Manager v0.4.3 published on Saturday, Nov 8, 2025 by Pulumi
Strata Cloud Manager v0.4.3 published on Saturday, Nov 8, 2025 by Pulumi
ServiceConnection resource
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as scm from "@pulumi/scm";
const config = new pulumi.Config();
// The folder scope for the SCM resource (e.g., 'Shared', 'Predefined', or a specific folder name).
const folderScope = config.get("folderScope") || "Service Connections";
//# 1. Define the IKE Crypto Profile (IKE Phase 1)
// Note: The resource name is plural: "scm_ike_crypto_profile"
const example = new scm.IkeCryptoProfile("example", {
name: "example-ike-crypto",
folder: folderScope,
hashes: ["sha256"],
dhGroups: ["group14"],
encryptions: ["aes-256-cbc"],
});
//# 2. Define the IPsec Crypto Profile (IKE Phase 2)
// Note: The resource name is plural and nested blocks now use an equals sign (=).
const exampleIpsecCryptoProfile = new scm.IpsecCryptoProfile("example", {
name: "panw-IPSec-Crypto",
folder: folderScope,
esp: {
encryptions: ["aes-256-gcm"],
authentications: ["sha256"],
},
dhGroup: "group14",
lifetime: {
hours: 8,
},
});
//# 3. Define the IKE Gateway
// Note: The resource name is plural and nested blocks now use an equals sign (=).
const exampleIkeGateway = new scm.IkeGateway("example", {
name: "example-gateway",
folder: folderScope,
peerAddress: {
ip: "1.1.1.1",
},
authentication: {
preSharedKey: {
key: "secret",
},
},
protocol: {
ikev1: {
ikeCryptoProfile: example.name,
},
},
});
//# 4. Define the IPsec Tunnel
// Note: Nested 'auto_key' block uses an equals sign (=).
const exampleIpsecTunnel = new scm.IpsecTunnel("example", {
name: "example-tunnel",
folder: folderScope,
tunnelInterface: "tunnel",
antiReplay: true,
copyTos: false,
enableGreEncapsulation: false,
autoKey: {
ikeGateways: [{
name: exampleIkeGateway.name,
}],
ipsecCryptoProfile: exampleIpsecCryptoProfile.name,
},
}, {
dependsOn: [exampleIkeGateway],
});
const siteAVpnSc = new scm.ServiceConnection("site_a_vpn_sc", {
name: "creating_a_service_connection",
region: "us-west-1",
ipsecTunnel: exampleIpsecTunnel.name,
subnets: [
"10.1.0.0/16",
"172.16.0.0/24",
],
sourceNat: true,
});
import pulumi
import pulumi_scm as scm
config = pulumi.Config()
# The folder scope for the SCM resource (e.g., 'Shared', 'Predefined', or a specific folder name).
folder_scope = config.get("folderScope")
if folder_scope is None:
folder_scope = "Service Connections"
## 1. Define the IKE Crypto Profile (IKE Phase 1)
# Note: The resource name is plural: "scm_ike_crypto_profile"
example = scm.IkeCryptoProfile("example",
name="example-ike-crypto",
folder=folder_scope,
hashes=["sha256"],
dh_groups=["group14"],
encryptions=["aes-256-cbc"])
## 2. Define the IPsec Crypto Profile (IKE Phase 2)
# Note: The resource name is plural and nested blocks now use an equals sign (=).
example_ipsec_crypto_profile = scm.IpsecCryptoProfile("example",
name="panw-IPSec-Crypto",
folder=folder_scope,
esp={
"encryptions": ["aes-256-gcm"],
"authentications": ["sha256"],
},
dh_group="group14",
lifetime={
"hours": 8,
})
## 3. Define the IKE Gateway
# Note: The resource name is plural and nested blocks now use an equals sign (=).
example_ike_gateway = scm.IkeGateway("example",
name="example-gateway",
folder=folder_scope,
peer_address={
"ip": "1.1.1.1",
},
authentication={
"pre_shared_key": {
"key": "secret",
},
},
protocol={
"ikev1": {
"ike_crypto_profile": example.name,
},
})
## 4. Define the IPsec Tunnel
# Note: Nested 'auto_key' block uses an equals sign (=).
example_ipsec_tunnel = scm.IpsecTunnel("example",
name="example-tunnel",
folder=folder_scope,
tunnel_interface="tunnel",
anti_replay=True,
copy_tos=False,
enable_gre_encapsulation=False,
auto_key={
"ike_gateways": [{
"name": example_ike_gateway.name,
}],
"ipsec_crypto_profile": example_ipsec_crypto_profile.name,
},
opts = pulumi.ResourceOptions(depends_on=[example_ike_gateway]))
site_a_vpn_sc = scm.ServiceConnection("site_a_vpn_sc",
name="creating_a_service_connection",
region="us-west-1",
ipsec_tunnel=example_ipsec_tunnel.name,
subnets=[
"10.1.0.0/16",
"172.16.0.0/24",
],
source_nat=True)
package main
import (
"github.com/pulumi/pulumi-scm/sdk/go/scm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
cfg := config.New(ctx, "")
// The folder scope for the SCM resource (e.g., 'Shared', 'Predefined', or a specific folder name).
folderScope := "Service Connections"
if param := cfg.Get("folderScope"); param != "" {
folderScope = param
}
// # 1. Define the IKE Crypto Profile (IKE Phase 1)
// Note: The resource name is plural: "scm_ike_crypto_profile"
example, err := scm.NewIkeCryptoProfile(ctx, "example", &scm.IkeCryptoProfileArgs{
Name: pulumi.String("example-ike-crypto"),
Folder: pulumi.String(folderScope),
Hashes: pulumi.StringArray{
pulumi.String("sha256"),
},
DhGroups: pulumi.StringArray{
pulumi.String("group14"),
},
Encryptions: pulumi.StringArray{
pulumi.String("aes-256-cbc"),
},
})
if err != nil {
return err
}
// # 2. Define the IPsec Crypto Profile (IKE Phase 2)
// Note: The resource name is plural and nested blocks now use an equals sign (=).
exampleIpsecCryptoProfile, err := scm.NewIpsecCryptoProfile(ctx, "example", &scm.IpsecCryptoProfileArgs{
Name: pulumi.String("panw-IPSec-Crypto"),
Folder: pulumi.String(folderScope),
Esp: &scm.IpsecCryptoProfileEspArgs{
Encryptions: pulumi.StringArray{
pulumi.String("aes-256-gcm"),
},
Authentications: pulumi.StringArray{
pulumi.String("sha256"),
},
},
DhGroup: pulumi.String("group14"),
Lifetime: &scm.IpsecCryptoProfileLifetimeArgs{
Hours: pulumi.Int(8),
},
})
if err != nil {
return err
}
// # 3. Define the IKE Gateway
// Note: The resource name is plural and nested blocks now use an equals sign (=).
exampleIkeGateway, err := scm.NewIkeGateway(ctx, "example", &scm.IkeGatewayArgs{
Name: pulumi.String("example-gateway"),
Folder: pulumi.String(folderScope),
PeerAddress: &scm.IkeGatewayPeerAddressArgs{
Ip: pulumi.String("1.1.1.1"),
},
Authentication: &scm.IkeGatewayAuthenticationArgs{
PreSharedKey: &scm.IkeGatewayAuthenticationPreSharedKeyArgs{
Key: pulumi.String("secret"),
},
},
Protocol: &scm.IkeGatewayProtocolArgs{
Ikev1: &scm.IkeGatewayProtocolIkev1Args{
IkeCryptoProfile: example.Name,
},
},
})
if err != nil {
return err
}
// # 4. Define the IPsec Tunnel
// Note: Nested 'auto_key' block uses an equals sign (=).
exampleIpsecTunnel, err := scm.NewIpsecTunnel(ctx, "example", &scm.IpsecTunnelArgs{
Name: pulumi.String("example-tunnel"),
Folder: pulumi.String(folderScope),
TunnelInterface: pulumi.String("tunnel"),
AntiReplay: pulumi.Bool(true),
CopyTos: pulumi.Bool(false),
EnableGreEncapsulation: pulumi.Bool(false),
AutoKey: &scm.IpsecTunnelAutoKeyArgs{
IkeGateways: scm.IpsecTunnelAutoKeyIkeGatewayArray{
&scm.IpsecTunnelAutoKeyIkeGatewayArgs{
Name: exampleIkeGateway.Name,
},
},
IpsecCryptoProfile: exampleIpsecCryptoProfile.Name,
},
}, pulumi.DependsOn([]pulumi.Resource{
exampleIkeGateway,
}))
if err != nil {
return err
}
_, err = scm.NewServiceConnection(ctx, "site_a_vpn_sc", &scm.ServiceConnectionArgs{
Name: pulumi.String("creating_a_service_connection"),
Region: pulumi.String("us-west-1"),
IpsecTunnel: exampleIpsecTunnel.Name,
Subnets: pulumi.StringArray{
pulumi.String("10.1.0.0/16"),
pulumi.String("172.16.0.0/24"),
},
SourceNat: pulumi.Bool(true),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Scm = Pulumi.Scm;
return await Deployment.RunAsync(() =>
{
var config = new Config();
// The folder scope for the SCM resource (e.g., 'Shared', 'Predefined', or a specific folder name).
var folderScope = config.Get("folderScope") ?? "Service Connections";
//# 1. Define the IKE Crypto Profile (IKE Phase 1)
// Note: The resource name is plural: "scm_ike_crypto_profile"
var example = new Scm.IkeCryptoProfile("example", new()
{
Name = "example-ike-crypto",
Folder = folderScope,
Hashes = new[]
{
"sha256",
},
DhGroups = new[]
{
"group14",
},
Encryptions = new[]
{
"aes-256-cbc",
},
});
//# 2. Define the IPsec Crypto Profile (IKE Phase 2)
// Note: The resource name is plural and nested blocks now use an equals sign (=).
var exampleIpsecCryptoProfile = new Scm.IpsecCryptoProfile("example", new()
{
Name = "panw-IPSec-Crypto",
Folder = folderScope,
Esp = new Scm.Inputs.IpsecCryptoProfileEspArgs
{
Encryptions = new[]
{
"aes-256-gcm",
},
Authentications = new[]
{
"sha256",
},
},
DhGroup = "group14",
Lifetime = new Scm.Inputs.IpsecCryptoProfileLifetimeArgs
{
Hours = 8,
},
});
//# 3. Define the IKE Gateway
// Note: The resource name is plural and nested blocks now use an equals sign (=).
var exampleIkeGateway = new Scm.IkeGateway("example", new()
{
Name = "example-gateway",
Folder = folderScope,
PeerAddress = new Scm.Inputs.IkeGatewayPeerAddressArgs
{
Ip = "1.1.1.1",
},
Authentication = new Scm.Inputs.IkeGatewayAuthenticationArgs
{
PreSharedKey = new Scm.Inputs.IkeGatewayAuthenticationPreSharedKeyArgs
{
Key = "secret",
},
},
Protocol = new Scm.Inputs.IkeGatewayProtocolArgs
{
Ikev1 = new Scm.Inputs.IkeGatewayProtocolIkev1Args
{
IkeCryptoProfile = example.Name,
},
},
});
//# 4. Define the IPsec Tunnel
// Note: Nested 'auto_key' block uses an equals sign (=).
var exampleIpsecTunnel = new Scm.IpsecTunnel("example", new()
{
Name = "example-tunnel",
Folder = folderScope,
TunnelInterface = "tunnel",
AntiReplay = true,
CopyTos = false,
EnableGreEncapsulation = false,
AutoKey = new Scm.Inputs.IpsecTunnelAutoKeyArgs
{
IkeGateways = new[]
{
new Scm.Inputs.IpsecTunnelAutoKeyIkeGatewayArgs
{
Name = exampleIkeGateway.Name,
},
},
IpsecCryptoProfile = exampleIpsecCryptoProfile.Name,
},
}, new CustomResourceOptions
{
DependsOn =
{
exampleIkeGateway,
},
});
var siteAVpnSc = new Scm.ServiceConnection("site_a_vpn_sc", new()
{
Name = "creating_a_service_connection",
Region = "us-west-1",
IpsecTunnel = exampleIpsecTunnel.Name,
Subnets = new[]
{
"10.1.0.0/16",
"172.16.0.0/24",
},
SourceNat = true,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.scm.IkeCryptoProfile;
import com.pulumi.scm.IkeCryptoProfileArgs;
import com.pulumi.scm.IpsecCryptoProfile;
import com.pulumi.scm.IpsecCryptoProfileArgs;
import com.pulumi.scm.inputs.IpsecCryptoProfileEspArgs;
import com.pulumi.scm.inputs.IpsecCryptoProfileLifetimeArgs;
import com.pulumi.scm.IkeGateway;
import com.pulumi.scm.IkeGatewayArgs;
import com.pulumi.scm.inputs.IkeGatewayPeerAddressArgs;
import com.pulumi.scm.inputs.IkeGatewayAuthenticationArgs;
import com.pulumi.scm.inputs.IkeGatewayAuthenticationPreSharedKeyArgs;
import com.pulumi.scm.inputs.IkeGatewayProtocolArgs;
import com.pulumi.scm.inputs.IkeGatewayProtocolIkev1Args;
import com.pulumi.scm.IpsecTunnel;
import com.pulumi.scm.IpsecTunnelArgs;
import com.pulumi.scm.inputs.IpsecTunnelAutoKeyArgs;
import com.pulumi.scm.ServiceConnection;
import com.pulumi.scm.ServiceConnectionArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var config = ctx.config();
final var folderScope = config.get("folderScope").orElse("Service Connections");
//# 1. Define the IKE Crypto Profile (IKE Phase 1)
// Note: The resource name is plural: "scm_ike_crypto_profile"
var example = new IkeCryptoProfile("example", IkeCryptoProfileArgs.builder()
.name("example-ike-crypto")
.folder(folderScope)
.hashes("sha256")
.dhGroups("group14")
.encryptions("aes-256-cbc")
.build());
//# 2. Define the IPsec Crypto Profile (IKE Phase 2)
// Note: The resource name is plural and nested blocks now use an equals sign (=).
var exampleIpsecCryptoProfile = new IpsecCryptoProfile("exampleIpsecCryptoProfile", IpsecCryptoProfileArgs.builder()
.name("panw-IPSec-Crypto")
.folder(folderScope)
.esp(IpsecCryptoProfileEspArgs.builder()
.encryptions("aes-256-gcm")
.authentications("sha256")
.build())
.dhGroup("group14")
.lifetime(IpsecCryptoProfileLifetimeArgs.builder()
.hours(8)
.build())
.build());
//# 3. Define the IKE Gateway
// Note: The resource name is plural and nested blocks now use an equals sign (=).
var exampleIkeGateway = new IkeGateway("exampleIkeGateway", IkeGatewayArgs.builder()
.name("example-gateway")
.folder(folderScope)
.peerAddress(IkeGatewayPeerAddressArgs.builder()
.ip("1.1.1.1")
.build())
.authentication(IkeGatewayAuthenticationArgs.builder()
.preSharedKey(IkeGatewayAuthenticationPreSharedKeyArgs.builder()
.key("secret")
.build())
.build())
.protocol(IkeGatewayProtocolArgs.builder()
.ikev1(IkeGatewayProtocolIkev1Args.builder()
.ikeCryptoProfile(example.name())
.build())
.build())
.build());
//# 4. Define the IPsec Tunnel
// Note: Nested 'auto_key' block uses an equals sign (=).
var exampleIpsecTunnel = new IpsecTunnel("exampleIpsecTunnel", IpsecTunnelArgs.builder()
.name("example-tunnel")
.folder(folderScope)
.tunnelInterface("tunnel")
.antiReplay(true)
.copyTos(false)
.enableGreEncapsulation(false)
.autoKey(IpsecTunnelAutoKeyArgs.builder()
.ikeGateways(IpsecTunnelAutoKeyIkeGatewayArgs.builder()
.name(exampleIkeGateway.name())
.build())
.ipsecCryptoProfile(exampleIpsecCryptoProfile.name())
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(exampleIkeGateway)
.build());
var siteAVpnSc = new ServiceConnection("siteAVpnSc", ServiceConnectionArgs.builder()
.name("creating_a_service_connection")
.region("us-west-1")
.ipsecTunnel(exampleIpsecTunnel.name())
.subnets(
"10.1.0.0/16",
"172.16.0.0/24")
.sourceNat(true)
.build());
}
}
configuration:
folderScope:
type: string
default: Service Connections
resources:
## 1. Define the IKE Crypto Profile (IKE Phase 1)
# Note: The resource name is plural: "scm_ike_crypto_profile"
example:
type: scm:IkeCryptoProfile
properties:
name: example-ike-crypto
folder: ${folderScope}
hashes:
- sha256
dhGroups:
- group14
encryptions:
- aes-256-cbc
## 2. Define the IPsec Crypto Profile (IKE Phase 2)
# Note: The resource name is plural and nested blocks now use an equals sign (=).
exampleIpsecCryptoProfile:
type: scm:IpsecCryptoProfile
name: example
properties:
name: panw-IPSec-Crypto
folder: ${folderScope}
esp:
encryptions:
- aes-256-gcm
authentications:
- sha256
dhGroup: group14
lifetime:
hours: 8
## 3. Define the IKE Gateway
# Note: The resource name is plural and nested blocks now use an equals sign (=).
exampleIkeGateway:
type: scm:IkeGateway
name: example
properties:
name: example-gateway
folder: ${folderScope}
peerAddress:
ip: 1.1.1.1
authentication:
preSharedKey:
key: secret
protocol:
ikev1:
ikeCryptoProfile: ${example.name}
## 4. Define the IPsec Tunnel
# Note: Nested 'auto_key' block uses an equals sign (=).
exampleIpsecTunnel:
type: scm:IpsecTunnel
name: example
properties:
name: example-tunnel
folder: ${folderScope}
tunnelInterface: tunnel
antiReplay: true
copyTos: false
enableGreEncapsulation: false
autoKey:
ikeGateways:
- name: ${exampleIkeGateway.name}
ipsecCryptoProfile: ${exampleIpsecCryptoProfile.name}
options:
dependsOn:
- ${exampleIkeGateway}
siteAVpnSc:
type: scm:ServiceConnection
name: site_a_vpn_sc
properties:
name: creating_a_service_connection
region: us-west-1
ipsecTunnel: ${exampleIpsecTunnel.name}
subnets:
- 10.1.0.0/16
- 172.16.0.0/24
sourceNat: true
Create ServiceConnection Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ServiceConnection(name: string, args: ServiceConnectionArgs, opts?: CustomResourceOptions);@overload
def ServiceConnection(resource_name: str,
args: ServiceConnectionArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ServiceConnection(resource_name: str,
opts: Optional[ResourceOptions] = None,
ipsec_tunnel: Optional[str] = None,
region: Optional[str] = None,
name: Optional[str] = None,
backup_sc: Optional[str] = None,
nat_pool: Optional[str] = None,
no_export_community: Optional[str] = None,
onboarding_type: Optional[str] = None,
protocol: Optional[ServiceConnectionProtocolArgs] = None,
qos: Optional[ServiceConnectionQosArgs] = None,
bgp_peer: Optional[ServiceConnectionBgpPeerArgs] = None,
secondary_ipsec_tunnel: Optional[str] = None,
source_nat: Optional[bool] = None,
subnets: Optional[Sequence[str]] = None)func NewServiceConnection(ctx *Context, name string, args ServiceConnectionArgs, opts ...ResourceOption) (*ServiceConnection, error)public ServiceConnection(string name, ServiceConnectionArgs args, CustomResourceOptions? opts = null)
public ServiceConnection(String name, ServiceConnectionArgs args)
public ServiceConnection(String name, ServiceConnectionArgs args, CustomResourceOptions options)
type: scm:ServiceConnection
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ServiceConnectionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ServiceConnectionArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ServiceConnectionArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ServiceConnectionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ServiceConnectionArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var serviceConnectionResource = new Scm.ServiceConnection("serviceConnectionResource", new()
{
IpsecTunnel = "string",
Region = "string",
Name = "string",
BackupSc = "string",
NatPool = "string",
NoExportCommunity = "string",
OnboardingType = "string",
Protocol = new Scm.Inputs.ServiceConnectionProtocolArgs
{
Bgp = new Scm.Inputs.ServiceConnectionProtocolBgpArgs
{
DoNotExportRoutes = false,
Enable = false,
FastFailover = false,
LocalIpAddress = "string",
OriginateDefaultRoute = false,
PeerAs = "string",
PeerIpAddress = "string",
Secret = "string",
SummarizeMobileUserRoutes = false,
},
},
Qos = new Scm.Inputs.ServiceConnectionQosArgs
{
Enable = false,
QosProfile = "string",
},
BgpPeer = new Scm.Inputs.ServiceConnectionBgpPeerArgs
{
LocalIpAddress = "string",
LocalIpv6Address = "string",
PeerIpAddress = "string",
PeerIpv6Address = "string",
Secret = "string",
},
SecondaryIpsecTunnel = "string",
SourceNat = false,
Subnets = new[]
{
"string",
},
});
example, err := scm.NewServiceConnection(ctx, "serviceConnectionResource", &scm.ServiceConnectionArgs{
IpsecTunnel: pulumi.String("string"),
Region: pulumi.String("string"),
Name: pulumi.String("string"),
BackupSc: pulumi.String("string"),
NatPool: pulumi.String("string"),
NoExportCommunity: pulumi.String("string"),
OnboardingType: pulumi.String("string"),
Protocol: &scm.ServiceConnectionProtocolArgs{
Bgp: &scm.ServiceConnectionProtocolBgpArgs{
DoNotExportRoutes: pulumi.Bool(false),
Enable: pulumi.Bool(false),
FastFailover: pulumi.Bool(false),
LocalIpAddress: pulumi.String("string"),
OriginateDefaultRoute: pulumi.Bool(false),
PeerAs: pulumi.String("string"),
PeerIpAddress: pulumi.String("string"),
Secret: pulumi.String("string"),
SummarizeMobileUserRoutes: pulumi.Bool(false),
},
},
Qos: &scm.ServiceConnectionQosArgs{
Enable: pulumi.Bool(false),
QosProfile: pulumi.String("string"),
},
BgpPeer: &scm.ServiceConnectionBgpPeerArgs{
LocalIpAddress: pulumi.String("string"),
LocalIpv6Address: pulumi.String("string"),
PeerIpAddress: pulumi.String("string"),
PeerIpv6Address: pulumi.String("string"),
Secret: pulumi.String("string"),
},
SecondaryIpsecTunnel: pulumi.String("string"),
SourceNat: pulumi.Bool(false),
Subnets: pulumi.StringArray{
pulumi.String("string"),
},
})
var serviceConnectionResource = new ServiceConnection("serviceConnectionResource", ServiceConnectionArgs.builder()
.ipsecTunnel("string")
.region("string")
.name("string")
.backupSc("string")
.natPool("string")
.noExportCommunity("string")
.onboardingType("string")
.protocol(ServiceConnectionProtocolArgs.builder()
.bgp(ServiceConnectionProtocolBgpArgs.builder()
.doNotExportRoutes(false)
.enable(false)
.fastFailover(false)
.localIpAddress("string")
.originateDefaultRoute(false)
.peerAs("string")
.peerIpAddress("string")
.secret("string")
.summarizeMobileUserRoutes(false)
.build())
.build())
.qos(ServiceConnectionQosArgs.builder()
.enable(false)
.qosProfile("string")
.build())
.bgpPeer(ServiceConnectionBgpPeerArgs.builder()
.localIpAddress("string")
.localIpv6Address("string")
.peerIpAddress("string")
.peerIpv6Address("string")
.secret("string")
.build())
.secondaryIpsecTunnel("string")
.sourceNat(false)
.subnets("string")
.build());
service_connection_resource = scm.ServiceConnection("serviceConnectionResource",
ipsec_tunnel="string",
region="string",
name="string",
backup_sc="string",
nat_pool="string",
no_export_community="string",
onboarding_type="string",
protocol={
"bgp": {
"do_not_export_routes": False,
"enable": False,
"fast_failover": False,
"local_ip_address": "string",
"originate_default_route": False,
"peer_as": "string",
"peer_ip_address": "string",
"secret": "string",
"summarize_mobile_user_routes": False,
},
},
qos={
"enable": False,
"qos_profile": "string",
},
bgp_peer={
"local_ip_address": "string",
"local_ipv6_address": "string",
"peer_ip_address": "string",
"peer_ipv6_address": "string",
"secret": "string",
},
secondary_ipsec_tunnel="string",
source_nat=False,
subnets=["string"])
const serviceConnectionResource = new scm.ServiceConnection("serviceConnectionResource", {
ipsecTunnel: "string",
region: "string",
name: "string",
backupSc: "string",
natPool: "string",
noExportCommunity: "string",
onboardingType: "string",
protocol: {
bgp: {
doNotExportRoutes: false,
enable: false,
fastFailover: false,
localIpAddress: "string",
originateDefaultRoute: false,
peerAs: "string",
peerIpAddress: "string",
secret: "string",
summarizeMobileUserRoutes: false,
},
},
qos: {
enable: false,
qosProfile: "string",
},
bgpPeer: {
localIpAddress: "string",
localIpv6Address: "string",
peerIpAddress: "string",
peerIpv6Address: "string",
secret: "string",
},
secondaryIpsecTunnel: "string",
sourceNat: false,
subnets: ["string"],
});
type: scm:ServiceConnection
properties:
backupSc: string
bgpPeer:
localIpAddress: string
localIpv6Address: string
peerIpAddress: string
peerIpv6Address: string
secret: string
ipsecTunnel: string
name: string
natPool: string
noExportCommunity: string
onboardingType: string
protocol:
bgp:
doNotExportRoutes: false
enable: false
fastFailover: false
localIpAddress: string
originateDefaultRoute: false
peerAs: string
peerIpAddress: string
secret: string
summarizeMobileUserRoutes: false
qos:
enable: false
qosProfile: string
region: string
secondaryIpsecTunnel: string
sourceNat: false
subnets:
- string
ServiceConnection Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ServiceConnection resource accepts the following input properties:
- Ipsec
Tunnel string - Ipsec tunnel
- Region string
- Region
- Backup
Sc string - Backup s c
- Bgp
Peer ServiceConnection Bgp Peer - Bgp peer
- Name string
- The name of the service connection
- Nat
Pool string - Nat pool
- No
Export stringCommunity - No export community
- Onboarding
Type string - Onboarding type
- Protocol
Service
Connection Protocol - Protocol
- Qos
Service
Connection Qos - Qos
- Secondary
Ipsec stringTunnel - Secondary ipsec tunnel
- Source
Nat bool - Source nat
- Subnets List<string>
- Subnets
- Ipsec
Tunnel string - Ipsec tunnel
- Region string
- Region
- Backup
Sc string - Backup s c
- Bgp
Peer ServiceConnection Bgp Peer Args - Bgp peer
- Name string
- The name of the service connection
- Nat
Pool string - Nat pool
- No
Export stringCommunity - No export community
- Onboarding
Type string - Onboarding type
- Protocol
Service
Connection Protocol Args - Protocol
- Qos
Service
Connection Qos Args - Qos
- Secondary
Ipsec stringTunnel - Secondary ipsec tunnel
- Source
Nat bool - Source nat
- Subnets []string
- Subnets
- ipsec
Tunnel String - Ipsec tunnel
- region String
- Region
- backup
Sc String - Backup s c
- bgp
Peer ServiceConnection Bgp Peer - Bgp peer
- name String
- The name of the service connection
- nat
Pool String - Nat pool
- no
Export StringCommunity - No export community
- onboarding
Type String - Onboarding type
- protocol
Service
Connection Protocol - Protocol
- qos
Service
Connection Qos - Qos
- secondary
Ipsec StringTunnel - Secondary ipsec tunnel
- source
Nat Boolean - Source nat
- subnets List<String>
- Subnets
- ipsec
Tunnel string - Ipsec tunnel
- region string
- Region
- backup
Sc string - Backup s c
- bgp
Peer ServiceConnection Bgp Peer - Bgp peer
- name string
- The name of the service connection
- nat
Pool string - Nat pool
- no
Export stringCommunity - No export community
- onboarding
Type string - Onboarding type
- protocol
Service
Connection Protocol - Protocol
- qos
Service
Connection Qos - Qos
- secondary
Ipsec stringTunnel - Secondary ipsec tunnel
- source
Nat boolean - Source nat
- subnets string[]
- Subnets
- ipsec_
tunnel str - Ipsec tunnel
- region str
- Region
- backup_
sc str - Backup s c
- bgp_
peer ServiceConnection Bgp Peer Args - Bgp peer
- name str
- The name of the service connection
- nat_
pool str - Nat pool
- no_
export_ strcommunity - No export community
- onboarding_
type str - Onboarding type
- protocol
Service
Connection Protocol Args - Protocol
- qos
Service
Connection Qos Args - Qos
- secondary_
ipsec_ strtunnel - Secondary ipsec tunnel
- source_
nat bool - Source nat
- subnets Sequence[str]
- Subnets
- ipsec
Tunnel String - Ipsec tunnel
- region String
- Region
- backup
Sc String - Backup s c
- bgp
Peer Property Map - Bgp peer
- name String
- The name of the service connection
- nat
Pool String - Nat pool
- no
Export StringCommunity - No export community
- onboarding
Type String - Onboarding type
- protocol Property Map
- Protocol
- qos Property Map
- Qos
- secondary
Ipsec StringTunnel - Secondary ipsec tunnel
- source
Nat Boolean - Source nat
- subnets List<String>
- Subnets
Outputs
All input properties are implicitly available as output properties. Additionally, the ServiceConnection resource produces the following output properties:
- Encrypted
Values Dictionary<string, string> - Map of sensitive values returned from the API.
- Id string
- The provider-assigned unique ID for this managed resource.
- Tfid string
- Encrypted
Values map[string]string - Map of sensitive values returned from the API.
- Id string
- The provider-assigned unique ID for this managed resource.
- Tfid string
- encrypted
Values Map<String,String> - Map of sensitive values returned from the API.
- id String
- The provider-assigned unique ID for this managed resource.
- tfid String
- encrypted
Values {[key: string]: string} - Map of sensitive values returned from the API.
- id string
- The provider-assigned unique ID for this managed resource.
- tfid string
- encrypted_
values Mapping[str, str] - Map of sensitive values returned from the API.
- id str
- The provider-assigned unique ID for this managed resource.
- tfid str
- encrypted
Values Map<String> - Map of sensitive values returned from the API.
- id String
- The provider-assigned unique ID for this managed resource.
- tfid String
Look up Existing ServiceConnection Resource
Get an existing ServiceConnection resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ServiceConnectionState, opts?: CustomResourceOptions): ServiceConnection@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
backup_sc: Optional[str] = None,
bgp_peer: Optional[ServiceConnectionBgpPeerArgs] = None,
encrypted_values: Optional[Mapping[str, str]] = None,
ipsec_tunnel: Optional[str] = None,
name: Optional[str] = None,
nat_pool: Optional[str] = None,
no_export_community: Optional[str] = None,
onboarding_type: Optional[str] = None,
protocol: Optional[ServiceConnectionProtocolArgs] = None,
qos: Optional[ServiceConnectionQosArgs] = None,
region: Optional[str] = None,
secondary_ipsec_tunnel: Optional[str] = None,
source_nat: Optional[bool] = None,
subnets: Optional[Sequence[str]] = None,
tfid: Optional[str] = None) -> ServiceConnectionfunc GetServiceConnection(ctx *Context, name string, id IDInput, state *ServiceConnectionState, opts ...ResourceOption) (*ServiceConnection, error)public static ServiceConnection Get(string name, Input<string> id, ServiceConnectionState? state, CustomResourceOptions? opts = null)public static ServiceConnection get(String name, Output<String> id, ServiceConnectionState state, CustomResourceOptions options)resources: _: type: scm:ServiceConnection get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Backup
Sc string - Backup s c
- Bgp
Peer ServiceConnection Bgp Peer - Bgp peer
- Encrypted
Values Dictionary<string, string> - Map of sensitive values returned from the API.
- Ipsec
Tunnel string - Ipsec tunnel
- Name string
- The name of the service connection
- Nat
Pool string - Nat pool
- No
Export stringCommunity - No export community
- Onboarding
Type string - Onboarding type
- Protocol
Service
Connection Protocol - Protocol
- Qos
Service
Connection Qos - Qos
- Region string
- Region
- Secondary
Ipsec stringTunnel - Secondary ipsec tunnel
- Source
Nat bool - Source nat
- Subnets List<string>
- Subnets
- Tfid string
- Backup
Sc string - Backup s c
- Bgp
Peer ServiceConnection Bgp Peer Args - Bgp peer
- Encrypted
Values map[string]string - Map of sensitive values returned from the API.
- Ipsec
Tunnel string - Ipsec tunnel
- Name string
- The name of the service connection
- Nat
Pool string - Nat pool
- No
Export stringCommunity - No export community
- Onboarding
Type string - Onboarding type
- Protocol
Service
Connection Protocol Args - Protocol
- Qos
Service
Connection Qos Args - Qos
- Region string
- Region
- Secondary
Ipsec stringTunnel - Secondary ipsec tunnel
- Source
Nat bool - Source nat
- Subnets []string
- Subnets
- Tfid string
- backup
Sc String - Backup s c
- bgp
Peer ServiceConnection Bgp Peer - Bgp peer
- encrypted
Values Map<String,String> - Map of sensitive values returned from the API.
- ipsec
Tunnel String - Ipsec tunnel
- name String
- The name of the service connection
- nat
Pool String - Nat pool
- no
Export StringCommunity - No export community
- onboarding
Type String - Onboarding type
- protocol
Service
Connection Protocol - Protocol
- qos
Service
Connection Qos - Qos
- region String
- Region
- secondary
Ipsec StringTunnel - Secondary ipsec tunnel
- source
Nat Boolean - Source nat
- subnets List<String>
- Subnets
- tfid String
- backup
Sc string - Backup s c
- bgp
Peer ServiceConnection Bgp Peer - Bgp peer
- encrypted
Values {[key: string]: string} - Map of sensitive values returned from the API.
- ipsec
Tunnel string - Ipsec tunnel
- name string
- The name of the service connection
- nat
Pool string - Nat pool
- no
Export stringCommunity - No export community
- onboarding
Type string - Onboarding type
- protocol
Service
Connection Protocol - Protocol
- qos
Service
Connection Qos - Qos
- region string
- Region
- secondary
Ipsec stringTunnel - Secondary ipsec tunnel
- source
Nat boolean - Source nat
- subnets string[]
- Subnets
- tfid string
- backup_
sc str - Backup s c
- bgp_
peer ServiceConnection Bgp Peer Args - Bgp peer
- encrypted_
values Mapping[str, str] - Map of sensitive values returned from the API.
- ipsec_
tunnel str - Ipsec tunnel
- name str
- The name of the service connection
- nat_
pool str - Nat pool
- no_
export_ strcommunity - No export community
- onboarding_
type str - Onboarding type
- protocol
Service
Connection Protocol Args - Protocol
- qos
Service
Connection Qos Args - Qos
- region str
- Region
- secondary_
ipsec_ strtunnel - Secondary ipsec tunnel
- source_
nat bool - Source nat
- subnets Sequence[str]
- Subnets
- tfid str
- backup
Sc String - Backup s c
- bgp
Peer Property Map - Bgp peer
- encrypted
Values Map<String> - Map of sensitive values returned from the API.
- ipsec
Tunnel String - Ipsec tunnel
- name String
- The name of the service connection
- nat
Pool String - Nat pool
- no
Export StringCommunity - No export community
- onboarding
Type String - Onboarding type
- protocol Property Map
- Protocol
- qos Property Map
- Qos
- region String
- Region
- secondary
Ipsec StringTunnel - Secondary ipsec tunnel
- source
Nat Boolean - Source nat
- subnets List<String>
- Subnets
- tfid String
Supporting Types
ServiceConnectionBgpPeer, ServiceConnectionBgpPeerArgs
- Local
Ip stringAddress - Local ip address
- Local
Ipv6Address string - Local ipv6 address
- Peer
Ip stringAddress - Peer ip address
- Peer
Ipv6Address string - Peer ipv6 address
- Secret string
- Secret
- Local
Ip stringAddress - Local ip address
- Local
Ipv6Address string - Local ipv6 address
- Peer
Ip stringAddress - Peer ip address
- Peer
Ipv6Address string - Peer ipv6 address
- Secret string
- Secret
- local
Ip StringAddress - Local ip address
- local
Ipv6Address String - Local ipv6 address
- peer
Ip StringAddress - Peer ip address
- peer
Ipv6Address String - Peer ipv6 address
- secret String
- Secret
- local
Ip stringAddress - Local ip address
- local
Ipv6Address string - Local ipv6 address
- peer
Ip stringAddress - Peer ip address
- peer
Ipv6Address string - Peer ipv6 address
- secret string
- Secret
- local_
ip_ straddress - Local ip address
- local_
ipv6_ straddress - Local ipv6 address
- peer_
ip_ straddress - Peer ip address
- peer_
ipv6_ straddress - Peer ipv6 address
- secret str
- Secret
- local
Ip StringAddress - Local ip address
- local
Ipv6Address String - Local ipv6 address
- peer
Ip StringAddress - Peer ip address
- peer
Ipv6Address String - Peer ipv6 address
- secret String
- Secret
ServiceConnectionProtocol, ServiceConnectionProtocolArgs
- bgp Property Map
- Bgp
ServiceConnectionProtocolBgp, ServiceConnectionProtocolBgpArgs
- Do
Not boolExport Routes - Do not export routes
- Enable bool
- Enable
- Fast
Failover bool - Fast failover
- Local
Ip stringAddress - Local ip address
- Originate
Default boolRoute - Originate default route
- Peer
As string - Peer as
- Peer
Ip stringAddress - Peer ip address
- Secret string
- Secret
- Summarize
Mobile boolUser Routes - Summarize mobile user routes
- Do
Not boolExport Routes - Do not export routes
- Enable bool
- Enable
- Fast
Failover bool - Fast failover
- Local
Ip stringAddress - Local ip address
- Originate
Default boolRoute - Originate default route
- Peer
As string - Peer as
- Peer
Ip stringAddress - Peer ip address
- Secret string
- Secret
- Summarize
Mobile boolUser Routes - Summarize mobile user routes
- do
Not BooleanExport Routes - Do not export routes
- enable Boolean
- Enable
- fast
Failover Boolean - Fast failover
- local
Ip StringAddress - Local ip address
- originate
Default BooleanRoute - Originate default route
- peer
As String - Peer as
- peer
Ip StringAddress - Peer ip address
- secret String
- Secret
- summarize
Mobile BooleanUser Routes - Summarize mobile user routes
- do
Not booleanExport Routes - Do not export routes
- enable boolean
- Enable
- fast
Failover boolean - Fast failover
- local
Ip stringAddress - Local ip address
- originate
Default booleanRoute - Originate default route
- peer
As string - Peer as
- peer
Ip stringAddress - Peer ip address
- secret string
- Secret
- summarize
Mobile booleanUser Routes - Summarize mobile user routes
- do_
not_ boolexport_ routes - Do not export routes
- enable bool
- Enable
- fast_
failover bool - Fast failover
- local_
ip_ straddress - Local ip address
- originate_
default_ boolroute - Originate default route
- peer_
as str - Peer as
- peer_
ip_ straddress - Peer ip address
- secret str
- Secret
- summarize_
mobile_ booluser_ routes - Summarize mobile user routes
- do
Not BooleanExport Routes - Do not export routes
- enable Boolean
- Enable
- fast
Failover Boolean - Fast failover
- local
Ip StringAddress - Local ip address
- originate
Default BooleanRoute - Originate default route
- peer
As String - Peer as
- peer
Ip StringAddress - Peer ip address
- secret String
- Secret
- summarize
Mobile BooleanUser Routes - Summarize mobile user routes
ServiceConnectionQos, ServiceConnectionQosArgs
- Enable bool
- Enable
- Qos
Profile string - Qos profile
- Enable bool
- Enable
- Qos
Profile string - Qos profile
- enable Boolean
- Enable
- qos
Profile String - Qos profile
- enable boolean
- Enable
- qos
Profile string - Qos profile
- enable bool
- Enable
- qos_
profile str - Qos profile
- enable Boolean
- Enable
- qos
Profile String - Qos profile
Package Details
- Repository
- scm pulumi/pulumi-scm
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
scmTerraform Provider.
Strata Cloud Manager v0.4.3 published on Saturday, Nov 8, 2025 by Pulumi
