Skip to content

Latest commit

 

History

History
149 lines (114 loc) · 12.1 KB

README.md

File metadata and controls

149 lines (114 loc) · 12.1 KB

blackbird-logo

Requirements

Name Version
terraform >= 1
aws ~> 4

Providers

Name Version
aws 4.60.0

Modules

Name Source Version
resolver_sg terraform-aws-modules/security-group/aws 4.17.1
sg terraform-aws-modules/security-group/aws 4.17.1

Resources

Name Type
aws_ec2_client_vpn_authorization_rule.auth resource
aws_ec2_client_vpn_authorization_rule.internet resource
aws_ec2_client_vpn_endpoint.vpn resource
aws_ec2_client_vpn_network_association.associations resource
aws_ec2_client_vpn_route.internet resource
aws_ec2_client_vpn_route.routes resource
aws_iam_saml_provider.vpn resource
aws_iam_saml_provider.vpn_portal resource
aws_route53_resolver_endpoint.vpn_dns resource
aws_vpc.selected data source

Inputs

Name Description Type Default Required
auth_rules List of CIDR blocks, and IDP groups to authorize access for. 
list(object({
    cidr        = string
    groups      = list(string)
    description = string
  }))
 n/a yes
client_cidr_block CIDR Block used for assigning IP's to clients, must not overlap with any of the connected networks. string n/a yes
cloudwatch_log_group_name (Optional) CloudWatch log group name for VPN connection logging. string "" no
cloudwatch_log_stream_name (Optional) CloudWatch log stream name for VPN connection logging. string "" no
dns_servers (Optional) Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the connecting device is used. list(string) [] no
name Name of the VPN string n/a yes
private_subnets List of private subnets list(string) n/a yes
server_certificate_arn ARN of the ACM certificate the server will use. string n/a yes
split_tunnel To split the VPN tunnel, or not, defaults to false bool false no
tags (Optional) Map of resource tags for all AWS resources. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level. map(string) {} no
vpc_id VPC ID For the VPN SG string n/a yes
vpn_portal_saml_metadata VPN SelfService Portal XML document generated by an identity provider that supports SAML 2.0. string n/a yes
vpn_saml_metadata VPN XML document generated by an identity provider that supports SAML 2.0. string n/a yes

Outputs

Name Description
aws_route53_resolver_endpoint The Route53 DNS resolver endpoint.
resolver_security_group The AWS security group used to controll ingress traffic to the Route 53 DNS resolver endpoint.
security_group The AWS security group used to controll ingress traffic to the Client VPN self-service-portal.
vpn The Client VPN endpoint.

About

We are Blackbird Cloud, Amsterdam based cloud consultancy, and cloud management service provider. We help companies build secure, cost efficient, and scale-able solutions.

Checkout our other 👉 terraform modules

Copyright

Copyright © 2017-2023 Blackbird Cloud

blackbird-logo

Requirements

Name Version
terraform >= 1
aws ~> 4

Providers

Name Version
aws ~> 4

Modules

Name Source Version
resolver_sg terraform-aws-modules/security-group/aws 4.17.1
sg terraform-aws-modules/security-group/aws 4.17.1

Resources

Name Type
aws_ec2_client_vpn_authorization_rule.auth resource
aws_ec2_client_vpn_authorization_rule.internet resource
aws_ec2_client_vpn_endpoint.vpn resource
aws_ec2_client_vpn_network_association.associations resource
aws_ec2_client_vpn_route.internet resource
aws_ec2_client_vpn_route.routes resource
aws_iam_saml_provider.vpn resource
aws_iam_saml_provider.vpn_portal resource
aws_route53_resolver_endpoint.vpn_dns resource
aws_vpc.selected data source

Inputs

Name Description Type Default Required
auth_rules List of CIDR blocks, and IDP groups to authorize access for. 
list(object({
    cidr        = string
    groups      = list(string)
    description = string
  }))
 n/a yes
client_cidr_block CIDR Block used for assigning IP's to clients, must not overlap with any of the connected networks. string n/a yes
cloudwatch_log_group_name (Optional) CloudWatch log group name for VPN connection logging. string "" no
cloudwatch_log_stream_name (Optional) CloudWatch log stream name for VPN connection logging. string "" no
dns_servers (Optional) Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the connecting device is used. list(string) [] no
name Name of the VPN string n/a yes
private_subnets List of private subnets list(string) n/a yes
server_certificate_arn ARN of the ACM certificate the server will use. string n/a yes
split_tunnel To split the VPN tunnel, or not, defaults to false bool false no
tags (Optional) Map of resource tags for all AWS resources. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level. map(string) {} no
vpc_id VPC ID For the VPN SG string n/a yes
vpn_portal_saml_metadata VPN SelfService Portal XML document generated by an identity provider that supports SAML 2.0. string n/a yes
vpn_saml_metadata VPN XML document generated by an identity provider that supports SAML 2.0. string n/a yes

Outputs

Name Description
aws_route53_resolver_endpoint The Route53 DNS resolver endpoint.
resolver_security_group The AWS security group used to controll ingress traffic to the Route 53 DNS resolver endpoint.
security_group The AWS security group used to controll ingress traffic to the Client VPN self-service-portal.
vpn The Client VPN endpoint.

About

We are Blackbird Cloud, Amsterdam based cloud consultancy, and cloud management service provider. We help companies build secure, cost efficient, and scale-able solutions.

Checkout our other 👉 terraform modules

Copyright

Copyright © 2017-2023 Blackbird Cloud