This terraform module installs a client vpn.
The following resources will be created:
- VPN Endpoint - Provides an AWS Client VPN endpoint for OpenVPN clients.
- Provides network associations for AWS Client VPN endpoints
- Generate AWS Certificate Manager(ACM) certificates
Name | Version |
---|---|
terraform | >= 0.12.0 |
Name | Version |
---|---|
aws | n/a |
tls | n/a |
Name | Description | Type | Default | Required |
---|---|---|---|---|
active_directory_id | The ID of the Active Directory to be used for authentication. If not provided, the default directory will be used. | string |
null |
no |
allowed_access_groups | List of Access group IDs to allow access. Leave empty to allow all groups | list(string) |
[] |
no |
allowed_cidr_ranges | List of CIDR ranges from which access is allowed | list(string) |
[] |
no |
authentication_saml_provider_arn | (Optional) The ARN of the IAM SAML identity provider if type is federated-authentication. | any |
null |
no |
authentication_type | The type of client authentication to be used. Specify certificate-authentication to use certificate-based authentication, directory-service-authentication to use Active Directory authentication, or federated-authentication to use Federated Authentication via SAML 2.0. | string |
"certificate-authentication" |
no |
cidr | Network CIDR to use for clients | any |
n/a | yes |
client_connect_options | Indicates whether client connect options are enabled | bool |
false |
no |
connection_authorization_lambda_function_arn | The Amazon Resource Name (ARN) of the Lambda function used for connection authorization. | any |
null |
no |
dns_servers | List of DNS Servers | list(string) |
[] |
no |
enable_self_service_portal | Specify whether to enable the self-service portal for the Client VPN endpoint | bool |
false |
no |
logs_retention | Retention in days for CloudWatch Log Group | number |
365 |
no |
name | Name prefix for the resources of this stack | any |
n/a | yes |
organization_name | Name of organization to use in private certificate | string |
"ACME, Inc" |
no |
security_group_id | Optional security group id to use instead of the default created | string |
"" |
no |
self_service_saml_provider_arn | (Optional) The ARN of the IAM SAML identity provider for portal if self portal is enabled. | any |
null |
no |
split_tunnel | With split_tunnel false, all client traffic will go through the VPN. | bool |
true |
no |
subnet_ids | Subnet ID to associate clients (each subnet passed will create an VPN association - costs involved) | list(string) |
n/a | yes |
tags | Extra tags to attach to resources | map(string) |
{} |
no |
vpc_id | VPC Id to create resources | string |
n/a | yes |
Name | Description |
---|---|
security_group_id | n/a |
vpn_ca_cert | n/a |
vpn_ca_key | n/a |
vpn_client_cert | n/a |
vpn_client_key | n/a |
vpn_endpoint_id | n/a |
vpn_server_cert | n/a |
vpn_server_key | n/a |
Module managed by DNX Solutions.
Apache 2 Licensed. See LICENSE for full details.