Skip to content

janschumann/terraform-aws-client-vpn

BranchesTags

Repository files navigation

Terraform module for AWS client VPN endpoints

Currently only certificate-authentication is supported.

The server and client certificates need to be created and imported to ACM before using this module.

https://labrlearning.medium.com/remote-access-to-aws-with-the-client-vpn-6c43cd740b8

Usage

resource "aws_vpc" "test" {
  cidr_block = "10.100.0.0/16"
}

resource "aws_subnet" "target_a" {
  vpc_id            = aws_vpc.test.id
  cidr_block        = "10.100.10.0/24"
  availability_zone = "eu-west-1a"
}

resource "aws_subnet" "target_b" {
  vpc_id            = aws_vpc.test.id
  cidr_block        = "10.100.11.0/24"
  availability_zone = "eu-west-1b"
}

resource "aws_security_group" "client_vpn" {
  name        = "shared-vpn-access"
  description = "shared-vpn-access"
  vpc_id      = aws_vpc.test.id

  ingress {
    from_port   = 0
    protocol    = "-1"
    to_port     = 0
    cidr_blocks = ["0.0.0.0/0"]
  }
  egress {
    from_port   = 0
    protocol    = "-1"
    to_port     = 0
    cidr_blocks = ["0.0.0.0/0"]
  }

  tags = {
    Name = "shared-vpn-access"
  }
}

module "client-vpn" {
  source  = "janschumann/client-vpn/aws"
  version = "0.1.0"

  name                    = "testvpn"
  security_group_name     = aws_security_group.client_vpn.name
  server_certificate_name = "vpn-server" 
  client_certificate_name = "von-client"
  client_cidr             = "10.100.100.0/22"
  subnet_ids              = [
    aws_subnet.target_a.id,
    aws_subnet.target_b.id
  ]
  transport_protocol      = "TCP"
}

Requirements

Name Version
terraform ~> 0.12
aws ~> 2.7
local ~> 1.0

Inputs

Name Description Type Default Required
client_ca The CA cert for client authentication. Only necessary if write_ovpn_config is set to true. string "" no
client_certificate_name The name of the client certificate in AWS ACM. string n/a yes
client_cidr The address space to use for VPN clients. string n/a yes
name The name of this VPN. string n/a yes
security_group_name The security group name to access the VPN server. string n/a yes
server_certificate_name The name of the server certificate in AWS ACM. string n/a yes
subnet_ids The ids of the subnets to associate with this VPN. list(string) n/a yes
transport_protocol The transport protocol. (UDP or TCP). string n/a yes
write_ovpn_config Write an openVPN config file. bool false no

Outputs

Name Description
client_cidr The address space of VPN clients.
dns_name The dns name of the VPN server.
routes A list of route information in the form {network, netmask}.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

2 forks
Report repository

Releases 3

v0.1.2 Latest
Oct 26, 2020
+ 2 releases

Packages

No packages published

Languages