[ aws . iotsecuretunneling ]



Creates a new tunnel, and returns two client access tokens for clients to use to connect to the AWS IoT Secure Tunneling proxy server. .

See also: AWS API Documentation

See ‘aws help’ for descriptions of global parameters.


[--description <value>]
[--tags <value>]
[--destination-config <value>]
[--timeout-config <value>]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
[--cli-auto-prompt <value>]


--description (string)

A short text description of the tunnel.

--tags (list)

A collection of tag metadata.


An arbitary key/value pair used to add searchable metadata to secure tunnel resources.

key -> (string)

The key of the tag.

value -> (string)

The value of the tag.

Shorthand Syntax:

key=string,value=string ...

JSON Syntax:

    "key": "string",
    "value": "string"

--destination-config (structure)

The destination configuration for the OpenTunnel request.

thingName -> (string)

The name of the IoT thing to which you want to connect.

services -> (list)

A list of service names that identity the target application. Currently, you can only specify a single name. The AWS IoT client running on the destination device reads this value and uses it to look up a port or an IP address and a port. The AWS IoT client instantiates the local proxy which uses this information to connect to the destination application.


Shorthand Syntax:


JSON Syntax:

  "thingName": "string",
  "services": ["string", ...]

--timeout-config (structure)

Timeout configuration for a tunnel.

maxLifetimeTimeoutMinutes -> (integer)

The maximum amount of time (in minutes) a tunnel can remain open. If not specified, maxLifetimeTimeoutMinutes defaults to 720 minutes. Valid values are from 1 minute to 12 hours (720 minutes)

Shorthand Syntax:


JSON Syntax:

  "maxLifetimeTimeoutMinutes": integer

--cli-input-json | --cli-input-yaml (string) Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. Similarly, if provided yaml-input it will print a sample input YAML that can be used with --cli-input-yaml. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command.

--cli-auto-prompt (boolean) Automatically prompt for CLI input parameters.

See ‘aws help’ for descriptions of global parameters.


tunnelId -> (string)

A unique alpha-numeric tunnel ID.

tunnelArn -> (string)

The Amazon Resource Name for the tunnel. The tunnel ARN format is arn:aws:tunnel:<region>:<account-id>:tunnel/<tunnel-id>

sourceAccessToken -> (string)

The access token the source local proxy uses to connect to AWS IoT Secure Tunneling.

destinationAccessToken -> (string)

The access token the destination local proxy uses to connect to AWS IoT Secure Tunneling.