Terraform aws vpn client module

About

This module creates AWS vpn client endpoint with 2MFA using Okta (could be disabled). It also contains script create_user.sh that make it easier to create client certificates.

Examples

## VPC
data "aws_vpc" "default" {
  filter {
    name   = "tag:Name"
    values = ["dev-vpc"]
  }
}

data "aws_subnet_ids" "public" {
  vpc_id = data.aws_vpc.default.id

  tags = {
    Name = "*public*"
  }
}

module "vpn-client" {
  source = "git::https://github.com/dmytro-dorofeiev/modules/terraform-aws-vpn-client-module"
  cidr = var.vpn_cidr
  auth_target_network_cidr = var.target_network_cidr
  name = var.vpn_name
  subnet_ids = data.aws_subnet_ids.public.ids
  vpc_id = data.aws_vpc.default.id
}

output "client_vpn_endpoint_id" {
  description = "The ID of the Client VPN endpoint."
  value       = module.vpn-client.client_vpn_endpoint_id
}

Requirements

Name	Version
terraform	>= 0.13
aws	~> 3.0

Providers

Name	Version
aws	3.32.0
tls	3.1.0

Modules

No modules.

Resources

Name	Type
aws_acm_certificate.ca	resource
aws_acm_certificate.server	resource
aws_cloudwatch_log_group.vpn	resource
aws_cloudwatch_log_stream.vpn	resource
aws_ec2_client_vpn_authorization_rule.default	resource
aws_ec2_client_vpn_endpoint.default	resource
aws_ec2_client_vpn_network_association.default	resource
aws_iam_saml_provider.okta_provider	resource
aws_secretsmanager_secret.ca_key	resource
aws_secretsmanager_secret_version.ca_key	resource
aws_security_group.client_vpn_access	resource
tls_cert_request.server	resource
tls_locally_signed_cert.server	resource
tls_private_key.ca	resource
tls_private_key.server	resource
tls_self_signed_cert.ca	resource

Inputs

Name	Description	Type	Default	Required
auth_settings	VPN authentication options	`map(any)`	`{}`	no
auth_target_network_cidr	The IPv4 address range, in CIDR notation, of the network to which the authorization rule applies	`string`	`"0.0.0.0/0"`	no
cidr	Network CIDR to use for clients	`any`	n/a	yes
logs_retention	Retention in days for CloudWatch Log Group	`number`	`365`	no
name	Name prefix for the resources of this stack	`any`	n/a	yes
organization_name	Name of organization to use in private certificate	`string`	`"ACME, Inc"`	no
split_tunnel	Indicates whether split-tunnel is enabled on VPN endpoint	`bool`	`true`	no
subnet_ids	Subnet ID to associate clients	`list(string)`	n/a	yes
tags	Extra tags to attach to resources	`map(string)`	`{}`	no
vpc_id	VPC id	`string`	n/a	yes

Outputs

Name	Description
client_vpn_endpoint_arn	The ARN of the Client VPN endpoint.
client_vpn_endpoint_id	The ID of the Client VPN endpoint.
okta_provider_arn	The ID of the Client VPN endpoint.

Name		Name	Last commit message	Last commit date
Latest commit History 5 Commits
files		files
.gitignore		.gitignore
.pre-commit-config.yaml		.pre-commit-config.yaml
.terraform.lock.hcl		.terraform.lock.hcl
LICENSE		LICENSE
README.md		README.md
acm-certificate-ca.tf		acm-certificate-ca.tf
acm-certificate-server.tf		acm-certificate-server.tf
cloudwatch.tf		cloudwatch.tf
output.tf		output.tf
provider.tf		provider.tf
sg.tf		sg.tf
variables.tf		variables.tf
vpn-endpoint.tf		vpn-endpoint.tf

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Terraform aws vpn client module

About

Examples

Requirements

Providers

Modules

Resources

Inputs

Outputs

About

Releases

Packages

Languages

License

dmytro-dorofeiev/terraform-aws-vpn-client-module

Folders and files

Latest commit

History

Repository files navigation

Terraform aws vpn client module

About

Examples

Requirements

Providers

Modules

Resources

Inputs

Outputs

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages