diff --git a/_variables.tf b/_variables.tf index b887373..1db5590 100644 --- a/_variables.tf +++ b/_variables.tf @@ -76,12 +76,18 @@ variable "enable_self_service_portal" { } variable "client_connect_options" { - type = bool - default = false - description = "Indicates whether client connect options are enabled" + type = bool + default = false + description = "Indicates whether client connect options are enabled" } variable "connection_authorization_lambda_function_arn" { - default = null - description = "The Amazon Resource Name (ARN) of the Lambda function used for connection authorization." -} \ No newline at end of file + default = null + description = "The Amazon Resource Name (ARN) of the Lambda function used for connection authorization." +} + +variable "active_directory_id" { + type = string + default = null + description = "The ID of the Active Directory to be used for authentication. If not provided, the default directory will be used." +} diff --git a/vpn-endpoint.tf b/vpn-endpoint.tf index 4cbaa54..ffaf7db 100644 --- a/vpn-endpoint.tf +++ b/vpn-endpoint.tf @@ -12,6 +12,7 @@ resource "aws_ec2_client_vpn_endpoint" "default" { type = var.authentication_type root_certificate_chain_arn = var.authentication_type != "certificate-authentication" ? null : aws_acm_certificate.root.arn saml_provider_arn = var.authentication_saml_provider_arn + active_directory_id = var.active_directory_id } connection_log_options { @@ -24,7 +25,7 @@ resource "aws_ec2_client_vpn_endpoint" "default" { enabled = var.client_connect_options lambda_function_arn = var.client_connect_options != true ? null : var.connection_authorization_lambda_function_arn } - + tags = merge( var.tags, tomap({