Skip to content
/ terraform-aws-transit-gateway-vpn Public
forked from Flaconi/terraform-aws-transit-gateway-vpn

Terraform module for handling VPN connections on AWS and attaching them to Transit Gateway

License

MIT license
0 stars 5 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

bringmeister/terraform-aws-transit-gateway-vpn

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
.github
.github
 
 
examples/complete
examples/complete
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
data.tf
data.tf
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
variables.tf
variables.tf
 
 

Repository files navigation

Terraform AWS Transit Gateway VPN module

We are following the hub-spoke(s) (aka star network) network topology model.

This module joins our other two modules for handling the Transit Gateway "hub" and "satellite" nodes:

Specifically, we are attaching the VPN connection to the TGW by manipulating the VPN configuration directly, as there isn't a resource for explicitly doing so, like in the case of the VPC attachments. Sadly, this is a limitation on the AWS side.

The VPN related resources handled by this module are provisioned and configured in the "hub" node.

Check out some use cases in the examples.

Caveats

Routing: When the VPN is attached to the TGW, there can be no static routes configured as the routing needs to be added through the TGW API.

Assumptions

Credentials

The module starts from the assumption that the aws_login_profile allows the user to assume the necessary IAM roles, as required, to make the necessary changes.

You can read more about how Terraform handles this here.

Obviously, all the supported authentication methods can also be used.

Providers

Name Version
aws n/a

Inputs

Name Description Type Default Required
allowed_account_id AWS account ID for which this module can be executed string n/a yes
aws_login_profile Name of the AWS login profile as seen under ~/.aws/config any n/a yes
cgw_bgp_asn The gateway's Border Gateway Protocol (BGP) Autonomous System Number (ASN). string n/a yes
cgw_ip_address IP address of the client VPN endpoint string n/a yes
name Generic name to be given to the provisioned resources string n/a yes
transit_gateway_hub_name Name of the Transit Gateway to attach the VPN to string n/a yes
tunnel1_inside_cidr A size /30 CIDR block from the 169.254.0.0/16 range string n/a yes
tunnel1_preshared_key Will be stored in the state as plaintext. Must be between 8 & 64 chars and can't start with zero(0). Allowed characters are alphanumeric, periods(.) and underscores(_) string n/a yes
tunnel2_inside_cidr A size /30 CIDR block from the 169.254.0.0/16 range string n/a yes
tunnel2_preshared_key Will be stored in the state as plaintext. Must be between 8 & 64 chars and can't start with zero(0). Allowed characters are alphanumeric, periods(.) and underscores(_) string n/a yes
role_to_assume IAM role name to assume (eg. ASSUME-ROLE-HUB) string "" no
static_routes_destinations List of CIDRs to be routed into the VPN tunnel. list [] no
static_routes_only Whether the VPN connection uses static routes exclusively. Static routes must be used for devices that don't support BGP bool false no
tags Map of custom tags for the provisioned resources map {} no

Outputs

Name Description
customer_gateway_id ID of the Customer Gateway
vpn_connection VPN connection details

About

Terraform module for handling VPN connections on AWS and attaching them to Transit Gateway

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

4 tags

Packages

No packages published

Languages

  • Makefile 67.4%
  • HCL 32.6%