Skip to content

Documentation for scw vpc-gw

This API allows you to manage your Public Gateways.

Public Gateway management

Public Gateways are building blocks for your infrastructure on Scaleway's shared public cloud. They provide a set of managed network services and features for Scaleway's Private Networks such NAT and PAT rules.

Create a Public Gateway

Create a new Public Gateway in the specified Scaleway Project, defining its name, type and other configuration details such as whether to enable SSH bastion.

Usage:

scw vpc-gw gateway create [arg=value ...]

Args:

Name Description
project-id Project ID to use. If none is passed the default project ID will be used
name Default: <generated> Name for the gateway
tags.{index} Tags for the gateway
type Default: VPC-GW-S Gateway type (commercial offer type)
ip-id Existing IP address to attach to the gateway
enable-smtp Defines whether SMTP traffic should be allowed pass through the gateway
enable-bastion Defines whether SSH bastion should be enabled the gateway
bastion-port Port of the SSH bastion
zone Default: fr-par-1
One of: fr-par-1, fr-par-2, nl-ams-1, nl-ams-2, nl-ams-3, pl-waw-1, pl-waw-2, pl-waw-3		 Zone to target. If none is passed will use default zone from the config

Delete a Public Gateway

Delete an existing Public Gateway, specified by its gateway ID. This action is irreversible.

Usage:

scw vpc-gw gateway delete <gateway-id ...> [arg=value ...]

Args:

Name Description
gateway-id Required ID of the gateway to delete
delete-ip Defines whether the PGW's IP should be deleted
zone Default: fr-par-1
One of: fr-par-1, fr-par-2, nl-ams-1, nl-ams-2, nl-ams-3, pl-waw-1, pl-waw-2, pl-waw-3		 Zone to target. If none is passed will use default zone from the config

Get a Public Gateway

Get details of a Public Gateway, specified by its gateway ID. The response object contains full details of the gateway, including its name, type, status and more.

Usage:

scw vpc-gw gateway get <gateway-id ...> [arg=value ...]

Args:

Name Description
gateway-id Required ID of the gateway to fetch
zone Default: fr-par-1
One of: fr-par-1, fr-par-2, nl-ams-1, nl-ams-2, nl-ams-3, pl-waw-1, pl-waw-2, pl-waw-3		 Zone to target. If none is passed will use default zone from the config

List Public Gateways

List Public Gateways in a given Scaleway Organization or Project. By default, results are displayed in ascending order of creation date.

Usage:

scw vpc-gw gateway list [arg=value ...]

Args:

Name Description
order-by One of: created_at_asc, created_at_desc, name_asc, name_desc, type_asc, type_desc, status_asc, status_desc Order in which to return results
project-id Include only gateways in this Project
name Filter for gateways which have this search term in their name
tags.{index} Filter for gateways with these tags
types.{index} Filter for gateways of these types
status.{index} One of: unknown_status, stopped, allocating, configuring, running, stopping, failed, deleting, locked Filter for gateways with these status. Use unknown to include all statuses
private-network-ids.{index} Filter for gateways attached to these Private Networks
include-legacy Include also legacy gateways
organization-id Include only gateways in this Organization
zone Default: fr-par-1
One of: fr-par-1, fr-par-2, nl-ams-1, nl-ams-2, nl-ams-3, pl-waw-1, pl-waw-2, pl-waw-3, all		 Zone to target. If none is passed will use default zone from the config

Refresh a Public Gateway's SSH keys

Refresh the SSH keys of a given Public Gateway, specified by its gateway ID. This adds any new SSH keys in the gateway's Scaleway Project to the gateway itself.

Usage:

scw vpc-gw gateway refresh-ssh-keys <gateway-id ...> [arg=value ...]

Args:

Name Description
gateway-id Required ID of the gateway to refresh SSH keys on
zone Default: fr-par-1
One of: fr-par-1, fr-par-2, nl-ams-1, nl-ams-2, nl-ams-3, pl-waw-1, pl-waw-2, pl-waw-3		 Zone to target. If none is passed will use default zone from the config

Update a Public Gateway

Update the parameters of an existing Public Gateway, for example, its name, tags, SSH bastion configuration, and DNS servers.

Usage:

scw vpc-gw gateway update <gateway-id ...> [arg=value ...]

Args:

Name Description
gateway-id Required ID of the gateway to update
name Name for the gateway
tags.{index} Tags for the gateway
enable-bastion Defines whether SSH bastion should be enabled the gateway
bastion-port Port of the SSH bastion
enable-smtp Defines whether SMTP traffic should be allowed to pass through the gateway
zone Default: fr-par-1
One of: fr-par-1, fr-par-2, nl-ams-1, nl-ams-2, nl-ams-3, pl-waw-1, pl-waw-2, pl-waw-3		 Zone to target. If none is passed will use default zone from the config

Upgrade a Public Gateway to the latest version and/or to a different commercial offer type

Upgrade a given Public Gateway to the newest software version or to a different commercial offer type. This applies the latest bugfixes and features to your Public Gateway. Note that gateway service will be interrupted during the update.

Usage:

scw vpc-gw gateway upgrade <gateway-id ...> [arg=value ...]

Args:

Name Description
gateway-id Required ID of the gateway to upgrade
type Gateway type (commercial offer)
zone Default: fr-par-1
One of: fr-par-1, fr-par-2, nl-ams-1, nl-ams-2, nl-ams-3, pl-waw-1, pl-waw-2, pl-waw-3		 Zone to target. If none is passed will use default zone from the config

Gateway Networks management

A Gateway Network represents the connection of a Private Network to a Public Gateway.

Attach a Public Gateway to a Private Network

Attach a specific Public Gateway to a specific Private Network (create a GatewayNetwork). You can configure parameters for the connection including whether to enable masquerade (dynamic NAT), and more.

Usage:

scw vpc-gw gateway-network create [arg=value ...]

Args:

Name Description
gateway-id Public Gateway to connect
private-network-id Private Network to connect
enable-masquerade Defines whether to enable masquerade (dynamic NAT) on the GatewayNetwork.
push-default-route Enabling the default route also enables masquerading
ipam-ip-id Use this IPAM-booked IP ID as the Gateway's IP in this Private Network
zone Default: fr-par-1
One of: fr-par-1, fr-par-2, nl-ams-1, nl-ams-2, nl-ams-3, pl-waw-1, pl-waw-2, pl-waw-3		 Zone to target. If none is passed will use default zone from the config

Detach a Public Gateway from a Private Network

Detach a given Public Gateway from a given Private Network, i.e. delete a GatewayNetwork specified by a gateway_network_id.

Usage:

scw vpc-gw gateway-network delete <gateway-network-id ...> [arg=value ...]

Args:

Name Description
gateway-network-id Required ID of the GatewayNetwork to delete
zone Default: fr-par-1
One of: fr-par-1, fr-par-2, nl-ams-1, nl-ams-2, nl-ams-3, pl-waw-1, pl-waw-2, pl-waw-3		 Zone to target. If none is passed will use default zone from the config

Get a Public Gateway connection to a Private Network

Get details of a given connection between a Public Gateway and a Private Network (this connection = a GatewayNetwork), specified by its gateway_network_id. The response object contains details of the connection including the IDs of the Public Gateway and Private Network, the dates the connection was created/updated and its configuration settings.

Usage:

scw vpc-gw gateway-network get <gateway-network-id ...> [arg=value ...]

Args:

Name Description
gateway-network-id Required ID of the GatewayNetwork to fetch
zone Default: fr-par-1
One of: fr-par-1, fr-par-2, nl-ams-1, nl-ams-2, nl-ams-3, pl-waw-1, pl-waw-2, pl-waw-3		 Zone to target. If none is passed will use default zone from the config

List Public Gateway connections to Private Networks

List the connections between Public Gateways and Private Networks (a connection = a GatewayNetwork). You can choose to filter by gateway-id to list all Private Networks attached to the specified Public Gateway, or by private_network_id to list all Public Gateways attached to the specified Private Network. Other query parameters are also available. The result is an array of GatewayNetwork objects, each giving details of the connection between a given Public Gateway and a given Private Network.

Usage:

scw vpc-gw gateway-network list [arg=value ...]

Args:

Name Description
order-by One of: created_at_asc, created_at_desc, status_asc, status_desc Order in which to return results
status.{index} One of: unknown_status, created, attaching, configuring, ready, detaching Filter for GatewayNetworks with these status. Use unknown to include all statuses
gateway-ids.{index} Filter for GatewayNetworks connected to these gateways
private-network-ids.{index} Filter for GatewayNetworks connected to these Private Networks
masquerade-enabled Filter for GatewayNetworks with this enable_masquerade setting
zone Default: fr-par-1
One of: fr-par-1, fr-par-2, nl-ams-1, nl-ams-2, nl-ams-3, pl-waw-1, pl-waw-2, pl-waw-3, all		 Zone to target. If none is passed will use default zone from the config

Update a Public Gateway's connection to a Private Network

Update the configuration parameters of a connection between a given Public Gateway and Private Network (the connection = a GatewayNetwork). Updatable parameters include whether to enable traffic masquerade (dynamic NAT).

Usage:

scw vpc-gw gateway-network update <gateway-network-id ...> [arg=value ...]

Args:

Name Description
gateway-network-id Required ID of the GatewayNetwork to update
enable-masquerade Defines whether to enable masquerade (dynamic NAT) on the GatewayNetwork.
push-default-route Enabling the default route also enables masquerading
ipam-ip-id Use this IPAM-booked IP ID as the Gateway's IP in this Private Network
zone Default: fr-par-1
One of: fr-par-1, fr-par-2, nl-ams-1, nl-ams-2, nl-ams-3, pl-waw-1, pl-waw-2, pl-waw-3		 Zone to target. If none is passed will use default zone from the config

Gateway types information

Public Gateways come in various shapes, sizes and prices, which are described by gateway types. They represent the different commercial offer types for Public Gateways available at Scaleway.

List Public Gateway types

List the different Public Gateway commercial offer types available at Scaleway. The response is an array of objects describing the name and technical details of each available gateway type.

Usage:

scw vpc-gw gateway-type list [arg=value ...]

Args:

Name Description
zone Default: fr-par-1
One of: fr-par-1, fr-par-2, nl-ams-1, nl-ams-2, nl-ams-3, pl-waw-1, pl-waw-2, pl-waw-3		 Zone to target. If none is passed will use default zone from the config

IP address management

Public, flexible IP addresses for Public Gateways, allowing the gateway to reach the public internet, as well as forward (masquerade) traffic from member devices of attached Private Networks.

Reserve an IP

Create (reserve) a new flexible IP address that can be used for a Public Gateway in a specified Scaleway Project.

Usage:

scw vpc-gw ip create [arg=value ...]

Args:

Name Description
project-id Project ID to use. If none is passed the default project ID will be used
tags.{index} Tags to give to the IP address
zone Default: fr-par-1
One of: fr-par-1, fr-par-2, nl-ams-1, nl-ams-2, nl-ams-3, pl-waw-1, pl-waw-2, pl-waw-3		 Zone to target. If none is passed will use default zone from the config

Delete an IP

Delete a flexible IP address from your account. This action is irreversible.

Usage:

scw vpc-gw ip delete <ip-id ...> [arg=value ...]

Args:

Name Description
ip-id Required ID of the IP address to delete
zone Default: fr-par-1
One of: fr-par-1, fr-par-2, nl-ams-1, nl-ams-2, nl-ams-3, pl-waw-1, pl-waw-2, pl-waw-3		 Zone to target. If none is passed will use default zone from the config

Get an IP

Get details of a Public Gateway flexible IP address, identified by its IP ID. The response object contains information including which (if any) Public Gateway using this IP address, the reverse and various other metadata.

Usage:

scw vpc-gw ip get <ip-id ...> [arg=value ...]

Args:

Name Description
ip-id Required ID of the IP address to get
zone Default: fr-par-1
One of: fr-par-1, fr-par-2, nl-ams-1, nl-ams-2, nl-ams-3, pl-waw-1, pl-waw-2, pl-waw-3		 Zone to target. If none is passed will use default zone from the config

List IPs

List Public Gateway flexible IP addresses. A number of filter options are available for limiting results in the response.

Usage:

scw vpc-gw ip list [arg=value ...]

Args:

Name Description
order-by One of: created_at_asc, created_at_desc, address_asc, address_desc, reverse_asc, reverse_desc Order in which to return results
project-id Filter for IP addresses in this Project
tags.{index} Filter for IP addresses with these tags
reverse Filter for IP addresses that have a reverse containing this string
is-free Filter based on whether the IP is attached to a gateway or not
organization-id Include only gateways in this Organization
zone Default: fr-par-1
One of: fr-par-1, fr-par-2, nl-ams-1, nl-ams-2, nl-ams-3, pl-waw-1, pl-waw-2, pl-waw-3, all		 Zone to target. If none is passed will use default zone from the config

Update an IP

Update details of an existing flexible IP address, including its tags, reverse and the Public Gateway it is assigned to.

Usage:

scw vpc-gw ip update <ip-id ...> [arg=value ...]

Args:

Name Description
ip-id Required ID of the IP address to update
tags.{index} Tags to give to the IP address
reverse Reverse to set on the address. Empty string to unset
gateway-id Gateway to attach the IP address to. Empty string to detach
zone Default: fr-par-1
One of: fr-par-1, fr-par-2, nl-ams-1, nl-ams-2, nl-ams-3, pl-waw-1, pl-waw-2, pl-waw-3		 Zone to target. If none is passed will use default zone from the config

PAT rules management

PAT (Port Address Translation) rules, aka static NAT rules, belong to a specified Public Gateway. They define the forwarding of a public port to a specific device on a Private Network, enabling enables ingress traffic from the public Internet to reach the correct device in the Private Network.

Create a PAT rule

Create a new PAT rule on a specified Public Gateway, defining the protocol to use, public port to listen on, and private port / IP address to map to.

Usage:

scw vpc-gw pat-rule create [arg=value ...]

Args:

Name Description
gateway-id ID of the Gateway on which to create the rule
public-port Public port to listen on
private-ip Private IP to forward data to
private-port Private port to translate to
protocol One of: unknown_protocol, both, tcp, udp Protocol the rule should apply to
zone Default: fr-par-1
One of: fr-par-1, fr-par-2, nl-ams-1, nl-ams-2, nl-ams-3, pl-waw-1, pl-waw-2, pl-waw-3		 Zone to target. If none is passed will use default zone from the config

Delete a PAT rule

Delete a PAT rule, identified by its PAT rule ID. This action is irreversible.

Usage:

scw vpc-gw pat-rule delete <pat-rule-id ...> [arg=value ...]

Args:

Name Description
pat-rule-id Required ID of the PAT rule to delete
zone Default: fr-par-1
One of: fr-par-1, fr-par-2, nl-ams-1, nl-ams-2, nl-ams-3, pl-waw-1, pl-waw-2, pl-waw-3		 Zone to target. If none is passed will use default zone from the config

Edit all PAT rules of a Public Gateway

This command starts your default editor to edit a marshaled version of your resource Default editor will be taken from $VISUAL, then $EDITOR or an editor based on your system

Usage:

scw vpc-gw pat-rule edit <gateway-id ...> [arg=value ...]

Args:

Name Description
gateway-id Required ID of the PAT rules' Public Gateway
mode Default: yaml
One of: yaml, json		 marshaling used when editing data
zone Default: fr-par-1 Zone to target. If none is passed will use default zone from the config

Get a PAT rule

Get a PAT rule, specified by its PAT rule ID. The response object gives full details of the PAT rule, including the Public Gateway it belongs to and the configuration settings in terms of public / private ports, private IP and protocol.

Usage:

scw vpc-gw pat-rule get <pat-rule-id ...> [arg=value ...]

Args:

Name Description
pat-rule-id Required ID of the PAT rule to get
zone Default: fr-par-1
One of: fr-par-1, fr-par-2, nl-ams-1, nl-ams-2, nl-ams-3, pl-waw-1, pl-waw-2, pl-waw-3		 Zone to target. If none is passed will use default zone from the config

List PAT rules

List PAT rules. You can filter by gateway ID to list all PAT rules for a particular gateway, or filter for PAT rules targeting a specific IP address or using a specific protocol.

Usage:

scw vpc-gw pat-rule list [arg=value ...]

Args:

Name Description
order-by One of: created_at_asc, created_at_desc, public_port_asc, public_port_desc Order in which to return results
gateway-ids.{index} Filter for PAT rules on these gateways
private-ips.{index} Filter for PAT rules targeting these private ips
protocol One of: unknown_protocol, both, tcp, udp Filter for PAT rules with this protocol
zone Default: fr-par-1
One of: fr-par-1, fr-par-2, nl-ams-1, nl-ams-2, nl-ams-3, pl-waw-1, pl-waw-2, pl-waw-3, all		 Zone to target. If none is passed will use default zone from the config

Set all PAT rules

Set a definitive list of PAT rules attached to a Public Gateway. Each rule is identified by its public port and protocol. This will sync the current PAT rule list on the gateway with the new list, creating, updating or deleting PAT rules accordingly.

Usage:

scw vpc-gw pat-rule set [arg=value ...]

Args:

Name Description
gateway-id ID of the gateway on which to set the PAT rules
pat-rules.{index}.public-port Public port to listen on
pat-rules.{index}.private-ip Private IP to forward data to
pat-rules.{index}.private-port Private port to translate to
pat-rules.{index}.protocol One of: unknown_protocol, both, tcp, udp Protocol the rule should apply to
zone Default: fr-par-1
One of: fr-par-1, fr-par-2, nl-ams-1, nl-ams-2, nl-ams-3, pl-waw-1, pl-waw-2, pl-waw-3		 Zone to target. If none is passed will use default zone from the config

Update a PAT rule

Update a PAT rule, specified by its PAT rule ID. Configuration settings including private/public port, private IP address and protocol can all be updated.

Usage:

scw vpc-gw pat-rule update <pat-rule-id ...> [arg=value ...]

Args:

Name Description
pat-rule-id Required ID of the PAT rule to update
public-port Public port to listen on
private-ip Private IP to forward data to
private-port Private port to translate to
protocol One of: unknown_protocol, both, tcp, udp Protocol the rule should apply to
zone Default: fr-par-1
One of: fr-par-1, fr-par-2, nl-ams-1, nl-ams-2, nl-ams-3, pl-waw-1, pl-waw-2, pl-waw-3		 Zone to target. If none is passed will use default zone from the config