Requirements

Name	Version
terraform	>= 1
aws	~> 4

Providers

Name	Version
aws	4.60.0

Modules

Name	Source	Version
resolver_sg	terraform-aws-modules/security-group/aws	4.17.1
sg	terraform-aws-modules/security-group/aws	4.17.1

Resources

Name	Type
aws_ec2_client_vpn_authorization_rule.auth	resource
aws_ec2_client_vpn_authorization_rule.internet	resource
aws_ec2_client_vpn_endpoint.vpn	resource
aws_ec2_client_vpn_network_association.associations	resource
aws_ec2_client_vpn_route.internet	resource
aws_ec2_client_vpn_route.routes	resource
aws_iam_saml_provider.vpn	resource
aws_iam_saml_provider.vpn_portal	resource
aws_route53_resolver_endpoint.vpn_dns	resource
aws_vpc.selected	data source

Inputs

Name	Description	Type	Default	Required
auth_rules	List of CIDR blocks, and IDP groups to authorize access for.	list(object({ cidr = string groups = list(string) description = string }))	n/a	yes
client_cidr_block	CIDR Block used for assigning IP's to clients, must not overlap with any of the connected networks.	string	n/a	yes
cloudwatch_log_group_name	(Optional) CloudWatch log group name for VPN connection logging.	string	""	no
cloudwatch_log_stream_name	(Optional) CloudWatch log stream name for VPN connection logging.	string	""	no
dns_servers	(Optional) Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the connecting device is used.	list(string)	[]	no
name	Name of the VPN	string	n/a	yes
private_subnets	List of private subnets	list(string)	n/a	yes
server_certificate_arn	ARN of the ACM certificate the server will use.	string	n/a	yes
split_tunnel	To split the VPN tunnel, or not, defaults to false	bool	false	no
tags	(Optional) Map of resource tags for all AWS resources. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.	map(string)	{}	no
vpc_id	VPC ID For the VPN SG	string	n/a	yes
vpn_portal_saml_metadata	VPN SelfService Portal XML document generated by an identity provider that supports SAML 2.0.	string	n/a	yes
vpn_saml_metadata	VPN XML document generated by an identity provider that supports SAML 2.0.	string	n/a	yes

Outputs

Name	Description
aws_route53_resolver_endpoint	The Route53 DNS resolver endpoint.
resolver_security_group	The AWS security group used to controll ingress traffic to the Route 53 DNS resolver endpoint.
security_group	The AWS security group used to controll ingress traffic to the Client VPN self-service-portal.
vpn	The Client VPN endpoint.

About

We are Blackbird Cloud, Amsterdam based cloud consultancy, and cloud management service provider. We help companies build secure, cost efficient, and scale-able solutions.

Checkout our other 👉 terraform modules

Copyright

Copyright © 2017-2023 Blackbird Cloud

Requirements

Name	Version
terraform	>= 1
aws	~> 4

Providers

Name	Version
aws	~> 4

Modules

Name	Source	Version
resolver_sg	terraform-aws-modules/security-group/aws	4.17.1
sg	terraform-aws-modules/security-group/aws	4.17.1

Resources

Name	Type
aws_ec2_client_vpn_authorization_rule.auth	resource
aws_ec2_client_vpn_authorization_rule.internet	resource
aws_ec2_client_vpn_endpoint.vpn	resource
aws_ec2_client_vpn_network_association.associations	resource
aws_ec2_client_vpn_route.internet	resource
aws_ec2_client_vpn_route.routes	resource
aws_iam_saml_provider.vpn	resource
aws_iam_saml_provider.vpn_portal	resource
aws_route53_resolver_endpoint.vpn_dns	resource
aws_vpc.selected	data source

Inputs

Name	Description	Type	Default	Required
auth_rules	List of CIDR blocks, and IDP groups to authorize access for.	list(object({ cidr = string groups = list(string) description = string }))	n/a	yes
client_cidr_block	CIDR Block used for assigning IP's to clients, must not overlap with any of the connected networks.	string	n/a	yes
cloudwatch_log_group_name	(Optional) CloudWatch log group name for VPN connection logging.	string	""	no
cloudwatch_log_stream_name	(Optional) CloudWatch log stream name for VPN connection logging.	string	""	no
dns_servers	(Optional) Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the connecting device is used.	list(string)	[]	no
name	Name of the VPN	string	n/a	yes
private_subnets	List of private subnets	list(string)	n/a	yes
server_certificate_arn	ARN of the ACM certificate the server will use.	string	n/a	yes
split_tunnel	To split the VPN tunnel, or not, defaults to false	bool	false	no
tags	(Optional) Map of resource tags for all AWS resources. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.	map(string)	{}	no
vpc_id	VPC ID For the VPN SG	string	n/a	yes
vpn_portal_saml_metadata	VPN SelfService Portal XML document generated by an identity provider that supports SAML 2.0.	string	n/a	yes
vpn_saml_metadata	VPN XML document generated by an identity provider that supports SAML 2.0.	string	n/a	yes

Outputs

Name	Description
aws_route53_resolver_endpoint	The Route53 DNS resolver endpoint.
resolver_security_group	The AWS security group used to controll ingress traffic to the Route 53 DNS resolver endpoint.
security_group	The AWS security group used to controll ingress traffic to the Client VPN self-service-portal.
vpn	The Client VPN endpoint.

About

We are Blackbird Cloud, Amsterdam based cloud consultancy, and cloud management service provider. We help companies build secure, cost efficient, and scale-able solutions.

Checkout our other 👉 terraform modules

Copyright

Copyright © 2017-2023 Blackbird Cloud