| active_directory_id |
The ID of AWS AD to be used with directory-service-authentication authentication type. |
string |
"" |
no |
| algorithm |
Name of the algorithm to use when generating the private key. Currently-supported values are: RSA, ECDSA, ED25519. |
string |
"RSA" |
no |
| authentication_type |
The type of client authentication to be used. |
string |
"certificate-authentication" |
no |
| authorize_all_groups |
Indicates whether the authorization rule grants access to all clients. One of access_group_id or authorize_all_groups must be set. |
bool |
true |
no |
| certificate_enabled |
n/a |
bool |
true |
no |
| cidr_block |
Client VPN CIDR |
string |
"" |
no |
| connection_logging |
Connection logging is a feature of AWS client VPN that enables you to capture connection logs for your client VPN endpoint. Before you enable, you must have a CloudWatch Logs log group in your account. |
bool |
true |
no |
| dns_names |
List of DNS names for which a certificate is being requested. |
list(any) |
[
"clouddrove.com"
] |
no |
| dns_servers |
(Optional) Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the connecting device is used. |
list(string) |
null |
no |
| enable_security_group |
create for security group module this value is enable 'true' |
bool |
true |
no |
| enabled |
Client VPN Name |
bool |
true |
no |
| environment |
Environment (e.g. prod, dev, staging). |
string |
"" |
no |
| group_ids |
The ID of the group to which the authorization rule grants access. |
list(any) |
[] |
no |
| is_ca_certificate |
Is the generated certificate representing a Certificate Authority (CA). |
bool |
true |
no |
| label_order |
Label order, e.g. name,application. |
list(any) |
[
"name",
"environment"
] |
no |
| logs_retention |
Retention in days for CloudWatch Log Group |
number |
365 |
no |
| managedby |
ManagedBy, eg 'CloudDrove'. |
string |
"hello@clouddrove.com" |
no |
| name |
Client VPN Name |
string |
"" |
no |
| network_cidr |
Client Network CIDR |
list(any) |
[] |
no |
| organization_name |
Name of organization to use in private certificate |
string |
"clouddrove.com" |
no |
| repository |
Terraform current module repo |
string |
"https://github.com/clouddrove/terraform-aws-client-vpn" |
no |
| route_cidr |
Client Route CIDR |
list(any) |
[] |
no |
| route_subnet_ids |
Client Route Subnet Ids |
list(any) |
[] |
no |
| rsa_bits |
When algorithm is RSA, the size of the generated RSA key, in bits (default: 2048). |
number |
2048 |
no |
| saml_arn |
The ARN of the IAM SAML identity provider. |
string |
"" |
no |
| security_group_egress |
List of maps of egress rules to set on the default security group |
list(map(string)) |
[
{
"cidr_blocks": "0.0.0.0/0",
"from_port": 0,
"protocol": "-1",
"to_port": 0
}
] |
no |
| security_group_ids |
The IDs of one or more security groups to apply to the target network. You must also specify the ID of the VPC that contains the security groups. |
list(any) |
[] |
no |
| security_group_ingress |
List of maps of ingress rules to set on the default security group |
list(map(string)) |
[
{
"from_port": 0,
"protocol": -1,
"self": true,
"to_port": 0
}
] |
no |
| self_saml_arn |
The ARN of the IAM SAML identity provider for the self service portal. |
string |
"" |
no |
| self_service_portal |
Optionally specify whether the VPC Client self-service portal is enabled or disabled. Default is disabled |
string |
"disabled" |
no |
| session_timeout_hours |
The maximum session duration is a trigger by which end-users are required to re-authenticate prior to establishing a VPN session. Default value is 24 - Valid values: 8 | 10 | 12 | 24 |
number |
24 |
no |
| split_tunnel_enable |
Indicates whether split-tunnel is enabled on VPN endpoint. |
bool |
false |
no |
| subnet_ids |
Subnet ID to associate clients |
list(string) |
[] |
no |
| target_network_cidr |
List of CIDR ranges from which access is allowed |
list(string) |
[
"0.0.0.0/0"
] |
no |
| validity_period_hours |
Number of hours, after initial issuing, that the certificate will remain valid for. |
number |
87600 |
no |
| vpc_id |
The ID of the VPC to associate with the Client VPN endpoint. If no security group IDs are specified in the request, the default security group for the VPC is applied. |
string |
"" |
no |
| vpn_port |
The port number for the Client VPN endpoint. Valid values are 443 and 1194. Default value is 443. |
number |
443 |
no |