Skip to content

OnRamp

Source: src/Cloudflare/MagicCloudNetworking/OnRamp.ts

A Magic Cloud Networking on-ramp — connects cloud VPCs/VNets to Magic WAN by provisioning VPN/Transit-Gateway constructs inside the cloud account registered via a CloudIntegration.

On-ramps are heavily eventually consistent: after create/update the on-ramp goes through plan/apply phases that provision real cloud infrastructure (minutes). This resource creates and patches the on-ramp configuration and returns immediately; the apply lifecycle is driven by Cloudflare.

name, description, vpc, route-installation flags, and attachments are patched in place; cloudType, type, dynamicRouting, region, cloudAsn, and hub identity force a replacement.

Magic Cloud Networking is an entitlement-gated add-on (Magic WAN family). On accounts without the entitlement every API call fails with the typed FeatureNotEnabled error (Cloudflare code 1012, “feature not enabled”).

Connecting a single VPC

Section titled “Connecting a single VPC”
const onramp = yield* Cloudflare.OnRamp("ProdVpc", {
  cloudType: "AWS",
  type: "OnrampTypeSingle",
  region: "us-east-1",
  vpc: discoveredVpcId,
  dynamicRouting: false,
  installRoutesInCloud: true,
  installRoutesInMagicWan: true,
});

Hub topologies

Section titled “Hub topologies”
yield* Cloudflare.OnRamp("TgwHub", {
  cloudType: "AWS",
  type: "OnrampTypeHub",
  region: "us-east-1",
  dynamicRouting: true,
  installRoutesInCloud: false,
  installRoutesInMagicWan: false,
  attachedVpcs: [vpcA, vpcB],
  manageVpcToHubAttachments: true,
});

Destroy behavior

Section titled “Destroy behavior”
yield* Cloudflare.OnRamp("ProdVpc", {
  cloudType: "AWS",
  type: "OnrampTypeSingle",
  region: "us-east-1",
  vpc: discoveredVpcId,
  dynamicRouting: false,
  installRoutesInCloud: true,
  installRoutesInMagicWan: true,
  destroyOnDelete: true,
});