terraform-aws-client-vpn
This terraform module installs a client vpn.
The following resources will be created:
- VPN Endpoint - Provides an AWS Client VPN endpoint for OpenVPN clients.
- Provides network associations for AWS Client VPN endpoints
- Generate AWS Certificate Manager(ACM) certificates
Requirements
| Name | Version |
|---|---|
| terraform | >= 0.12.0 |
Providers
| Name | Version |
|---|---|
| aws | n/a |
| tls | n/a |
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| active_directory_id | The ID of the Active Directory to be used for authentication. If not provided, the default directory will be used. | string |
null |
no |
| allowed_access_groups | List of Access group IDs to allow access. Leave empty to allow all groups | list(string) |
[] |
no |
| allowed_cidr_ranges | List of CIDR ranges from which access is allowed | list(string) |
[] |
no |
| authentication_saml_provider_arn | (Optional) The ARN of the IAM SAML identity provider if type is federated-authentication. | any |
null |
no |
| authentication_type | The type of client authentication to be used. Specify certificate-authentication to use certificate-based authentication, directory-service-authentication to use Active Directory authentication, or federated-authentication to use Federated Authentication via SAML 2.0. | string |
"certificate-authentication" |
no |
| cidr | Network CIDR to use for clients | any |
n/a | yes |
| client_connect_options | Indicates whether client connect options are enabled | bool |
false |
no |
| connection_authorization_lambda_function_arn | The Amazon Resource Name (ARN) of the Lambda function used for connection authorization. | any |
null |
no |
| dns_servers | List of DNS Servers | list(string) |
[] |
no |
| enable_self_service_portal | Specify whether to enable the self-service portal for the Client VPN endpoint | bool |
false |
no |
| logs_retention | Retention in days for CloudWatch Log Group | number |
365 |
no |
| name | Name prefix for the resources of this stack | any |
n/a | yes |
| organization_name | Name of organization to use in private certificate | string |
"ACME, Inc" |
no |
| security_group_id | Optional security group id to use instead of the default created | string |
"" |
no |
| self_service_saml_provider_arn | (Optional) The ARN of the IAM SAML identity provider for portal if self portal is enabled. | any |
null |
no |
| split_tunnel | With split_tunnel false, all client traffic will go through the VPN. | bool |
true |
no |
| subnet_ids | Subnet ID to associate clients (each subnet passed will create an VPN association - costs involved) | list(string) |
n/a | yes |
| tags | Extra tags to attach to resources | map(string) |
{} |
no |
| vpc_id | VPC Id to create resources | string |
n/a | yes |
Outputs
| Name | Description |
|---|---|
| security_group_id | n/a |
| vpn_ca_cert | n/a |
| vpn_ca_key | n/a |
| vpn_client_cert | n/a |
| vpn_client_key | n/a |
| vpn_endpoint_id | n/a |
| vpn_server_cert | n/a |
| vpn_server_key | n/a |
Author
Module managed by DNX Solutions.
License
Apache 2 Licensed. See LICENSE for full details.