diff --git a/.config/.terraform-docs.yml b/.config/.terraform-docs.yml
new file mode 100644
index 0000000..f18e953
--- /dev/null
+++ b/.config/.terraform-docs.yml
@@ -0,0 +1,4 @@
+formatter: "markdown"
+
+header-from: ./.config/header.md
+footer-from: ./.config/footer.md
\ No newline at end of file
diff --git a/.config/footer.md b/.config/footer.md
new file mode 100644
index 0000000..7b21c61
--- /dev/null
+++ b/.config/footer.md
@@ -0,0 +1,9 @@
+## About
+
+We are [Blackbird Cloud](https://blackbird.cloud), Amsterdam based cloud consultancy, and cloud management service provider. We help companies build secure, cost efficient, and scale-able solutions.
+
+Checkout our other :point_right: [terraform modules](https://registry.terraform.io/namespaces/blackbird-cloud)
+
+## Copyright
+
+Copyright © 2017-2023 [Blackbird Cloud](https://blackbird.cloud)
\ No newline at end of file
diff --git a/.config/header.md b/.config/header.md
new file mode 100644
index 0000000..60cf1ef
--- /dev/null
+++ b/.config/header.md
@@ -0,0 +1 @@
+[](https://blackbird.cloud)
\ No newline at end of file
diff --git a/.config/logo_simple.png b/.config/logo_simple.png
new file mode 100644
index 0000000..85484cc
Binary files /dev/null and b/.config/logo_simple.png differ
diff --git a/.github/workflows/format.yml b/.github/workflows/format.yml
index e80edba..6bf95f1 100644
--- a/.github/workflows/format.yml
+++ b/.github/workflows/format.yml
@@ -1,31 +1,33 @@
-name: Format
+name: Validate and Format
+# on: push
on:
pull_request_target:
types: [opened, synchronize]
jobs:
format:
+ if: github.event.pull_request.state == 'open'
runs-on: ubuntu-latest
- container: blackbird-cloud/terraform-toolkit:latest
+ container: blackbirdcloud/terraform-toolkit:latest
steps:
- - uses: actions/checkout@v2
- if: github.event.pull_request.state == 'open'
- name: Privileged Checkout
+ - name: Checkout
+ uses: actions/checkout@v3
with:
- token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
ref: ${{ github.event.pull_request.head.ref }}
+ - name: Configure git
+ run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
+
- name: Validate and Format
- if: github.event.pull_request.state == 'open'
- shell: sh
env:
- GITHUB_TOKEN: "${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}"
- run:
- - terraform init -backend=false
- - terraform validate
- - terraform fmt
+ TFENV_TERRAFORM_VERSION: latest-allowed
+ run: |
+ terraform init -backend=false
+ terraform validate
+ terraform fmt
- - uses: EndBug/add-and-commit@v9
+ - name: Commit and push
+ uses: EndBug/add-and-commit@v9
with:
default_author: github_actions
diff --git a/.github/workflows/readme.yml b/.github/workflows/readme.yml
new file mode 100644
index 0000000..61921fa
--- /dev/null
+++ b/.github/workflows/readme.yml
@@ -0,0 +1,19 @@
+name: Generate terraform docs
+on:
+ - pull_request
+
+jobs:
+ docs:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v3
+ with:
+ ref: ${{ github.event.pull_request.head.ref }}
+
+ - name: Render terraform docs and push changes back to PR
+ uses: terraform-docs/gh-actions@main
+ with:
+ working-dir: .
+ output-file: README.md
+ output-method: inject
+ git-push: "true"
\ No newline at end of file
diff --git a/README.md b/README.md
index 750278e..c738bd4 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,5 @@
+[](https://blackbird.cloud)
+
## Requirements
| Name | Version |
@@ -59,3 +61,89 @@
| [resolver\_security\_group](#output\_resolver\_security\_group) | The AWS security group used to controll ingress traffic to the Route 53 DNS resolver endpoint. |
| [security\_group](#output\_security\_group) | The AWS security group used to controll ingress traffic to the Client VPN self-service-portal. |
| [vpn](#output\_vpn) | The Client VPN endpoint. |
+
+## About
+
+We are [Blackbird Cloud](https://blackbird.cloud), Amsterdam based cloud consultancy, and cloud management service provider. We help companies build secure, cost efficient, and scale-able solutions.
+
+Checkout our other :point\_right: [terraform modules](https://registry.terraform.io/namespaces/blackbird-cloud)
+
+## Copyright
+
+Copyright © 2017-2023 [Blackbird Cloud](https://blackbird.cloud)
+
+
+[](https://blackbird.cloud)
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| [terraform](#requirement\_terraform) | >= 1 |
+| [aws](#requirement\_aws) | ~> 4 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| [aws](#provider\_aws) | ~> 4 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| [resolver\_sg](#module\_resolver\_sg) | terraform-aws-modules/security-group/aws | 4.17.1 |
+| [sg](#module\_sg) | terraform-aws-modules/security-group/aws | 4.17.1 |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_ec2_client_vpn_authorization_rule.auth](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_client_vpn_authorization_rule) | resource |
+| [aws_ec2_client_vpn_authorization_rule.internet](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_client_vpn_authorization_rule) | resource |
+| [aws_ec2_client_vpn_endpoint.vpn](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_client_vpn_endpoint) | resource |
+| [aws_ec2_client_vpn_network_association.associations](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_client_vpn_network_association) | resource |
+| [aws_ec2_client_vpn_route.internet](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_client_vpn_route) | resource |
+| [aws_ec2_client_vpn_route.routes](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_client_vpn_route) | resource |
+| [aws_iam_saml_provider.vpn](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_saml_provider) | resource |
+| [aws_iam_saml_provider.vpn_portal](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_saml_provider) | resource |
+| [aws_route53_resolver_endpoint.vpn_dns](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_resolver_endpoint) | resource |
+| [aws_vpc.selected](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| [auth\_rules](#input\_auth\_rules) | List of CIDR blocks, and IDP groups to authorize access for. | list(object({
cidr = string
groups = list(string)
description = string
})) | n/a | yes |
+| [client\_cidr\_block](#input\_client\_cidr\_block) | CIDR Block used for assigning IP's to clients, must not overlap with any of the connected networks. | `string` | n/a | yes |
+| [cloudwatch\_log\_group\_name](#input\_cloudwatch\_log\_group\_name) | (Optional) CloudWatch log group name for VPN connection logging. | `string` | `""` | no |
+| [cloudwatch\_log\_stream\_name](#input\_cloudwatch\_log\_stream\_name) | (Optional) CloudWatch log stream name for VPN connection logging. | `string` | `""` | no |
+| [dns\_servers](#input\_dns\_servers) | (Optional) Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the connecting device is used. | `list(string)` | `[]` | no |
+| [name](#input\_name) | Name of the VPN | `string` | n/a | yes |
+| [private\_subnets](#input\_private\_subnets) | List of private subnets | `list(string)` | n/a | yes |
+| [server\_certificate\_arn](#input\_server\_certificate\_arn) | ARN of the ACM certificate the server will use. | `string` | n/a | yes |
+| [split\_tunnel](#input\_split\_tunnel) | To split the VPN tunnel, or not, defaults to false | `bool` | `false` | no |
+| [tags](#input\_tags) | (Optional) Map of resource tags for all AWS resources. If configured with a provider default\_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level. | `map(string)` | `{}` | no |
+| [vpc\_id](#input\_vpc\_id) | VPC ID For the VPN SG | `string` | n/a | yes |
+| [vpn\_portal\_saml\_metadata](#input\_vpn\_portal\_saml\_metadata) | VPN SelfService Portal XML document generated by an identity provider that supports SAML 2.0. | `string` | n/a | yes |
+| [vpn\_saml\_metadata](#input\_vpn\_saml\_metadata) | VPN XML document generated by an identity provider that supports SAML 2.0. | `string` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| [aws\_route53\_resolver\_endpoint](#output\_aws\_route53\_resolver\_endpoint) | The Route53 DNS resolver endpoint. |
+| [resolver\_security\_group](#output\_resolver\_security\_group) | The AWS security group used to controll ingress traffic to the Route 53 DNS resolver endpoint. |
+| [security\_group](#output\_security\_group) | The AWS security group used to controll ingress traffic to the Client VPN self-service-portal. |
+| [vpn](#output\_vpn) | The Client VPN endpoint. |
+
+## About
+
+We are [Blackbird Cloud](https://blackbird.cloud), Amsterdam based cloud consultancy, and cloud management service provider. We help companies build secure, cost efficient, and scale-able solutions.
+
+Checkout our other :point\_right: [terraform modules](https://registry.terraform.io/namespaces/blackbird-cloud)
+
+## Copyright
+
+Copyright © 2017-2023 [Blackbird Cloud](https://blackbird.cloud)
+
\ No newline at end of file
diff --git a/main.tf b/main.tf
index e4d284d..5d22869 100644
--- a/main.tf
+++ b/main.tf
@@ -90,7 +90,7 @@ resource "aws_ec2_client_vpn_endpoint" "vpn" {
}
connection_log_options {
- enabled = var.cloudwatch_log_group_name != "" && var.cloudwatch_log_stream_name != ""
+ enabled = var.cloudwatch_log_group_name != "" || var.cloudwatch_log_stream_name != ""
cloudwatch_log_group = var.cloudwatch_log_group_name
cloudwatch_log_stream = var.cloudwatch_log_stream_name
}