Skip to content

tegge/terraform-aws-client-vpn-federated-authentication

BranchesTags
 
 

Repository files navigation

AWS Client VPN Deployment with federated-authentication

Terraform module for aws-client-vpn with federated-authentication

Requirements

Name Version
terraform >= 1.0.0
aws >= 4.0
tls >= 4.0

Providers

Name Version
aws >= 4.0
tls >= 4.0

Modules

No modules.

Resources

Name Type
aws_acm_certificate.ca resource
aws_acm_certificate.server resource
aws_cloudwatch_log_group.this resource
aws_cloudwatch_log_stream.this resource
aws_ec2_client_vpn_authorization_rule.rules resource
aws_ec2_client_vpn_endpoint.this resource
aws_ec2_client_vpn_network_association.this resource
aws_ec2_client_vpn_route.additional resource
aws_iam_saml_provider.this resource
aws_security_group.this resource
tls_cert_request.server resource
tls_locally_signed_cert.server resource
tls_private_key.ca resource
tls_private_key.server resource
tls_self_signed_cert.ca resource

Inputs

Name Description Type Default Required
associated_subnets List of subnets to associate with the VPN endpoint list(string) n/a yes
authorization_rules List of objects describing the authorization rules for the client vpn 
list(object({
    name                 = string
    access_group_id      = string
    authorize_all_groups = bool
    description          = string
    target_network_cidr  = string
  }))
 n/a yes
client_cidr_block VPN CIDR Block string n/a yes
description Resource description string n/a yes
domain_name Domain Name to associate with ACM common name string n/a yes
name Name to associate with various resources string n/a yes
vpc_id ID of VPC to attach VPN to string n/a yes
additional_routes A list of additional routes that should be attached to the Client VPN endpoint 
list(object({
    destination_cidr_block = string
    description            = string
    target_vpc_subnet_id   = string
  }))
 [] no
additional_security_groups List of security groups to attach to the client vpn network associations list(string) [] no
cloudwatch_log_retention_days How long to keep VPN logs. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 3653, and 0. If you select 0, the events in the log group are always retained and never expire. number 30 no
dns_servers List of DNS Server for VPN list(string) [] no
saml_metadata_document Optional SAML metadata document. Must include this or saml_provider_arn string null no
saml_provider_arn Optional SAML ARN. Must include this or saml_metadata_document string null no
self_service_portal Optionally specify whether the VPC Client self-service portal is enabled or disabled. Default is disabled string "disabled" no
split_tunnel_enabled Whether to enable split tunnelling bool true no
tags Map of strings containing tags for AWS resources map(string) {} no
transport_protocol The transport protocol to be used by the VPN session. Default value is udp. string "udp" no
vpn_port The port number for the Client VPN endpoint. Valid values are 443 and 1194. Default value is 443. number 443 no

Outputs

Name Description
sg_id The ID of the SG for Client VPN.
vpn_arn The ARN of the Client VPN endpoint.
vpn_dns_name VPN DNS name
vpn_endpoint_security_groups VPN endpoint security groups
vpn_id The ID of the Client VPN endpoint.

About

Terraform module for AWS Client VPN Deployment with federated-authentication

registry.terraform.io/modules/mhmdio/client-vpn-federated-authentication/aws/latest

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

2 tags

Packages

No packages published

Languages

  • HCL 100.0%