{"id":20017161,"url":"https://github.com/blackbird-cloud/terraform-aws-client-vpn","last_synced_at":"2026-05-09T20:01:46.970Z","repository":{"id":152686829,"uuid":"572565806","full_name":"blackbird-cloud/terraform-aws-client-vpn","owner":"blackbird-cloud","description":"Terraform module to create an AWS Client VPN","archived":false,"fork":false,"pushed_at":"2025-01-31T14:07:19.000Z","size":37,"stargazers_count":0,"open_issues_count":0,"forks_count":1,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-01-31T14:32:40.828Z","etag":null,"topics":["aws","client-vpn","terraform"],"latest_commit_sha":null,"homepage":"","language":"HCL","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/blackbird-cloud.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-11-30T14:49:13.000Z","updated_at":"2024-09-19T14:25:29.000Z","dependencies_parsed_at":"2025-01-12T15:43:58.832Z","dependency_job_id":"4965e711-b269-471a-85c3-dcc4f361218b","html_url":"https://github.com/blackbird-cloud/terraform-aws-client-vpn","commit_stats":null,"previous_names":[],"tags_count":7,"template":false,"template_full_name":"blackbird-cloud/terraform-module-template","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blackbird-cloud%2Fterraform-aws-client-vpn","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blackbird-cloud%2Fterraform-aws-client-vpn/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blackbird-cloud%2Fterraform-aws-client-vpn/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blackbird-cloud%2Fterraform-aws-client-vpn/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/blackbird-cloud","download_url":"https://codeload.github.com/blackbird-cloud/terraform-aws-client-vpn/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":241451677,"owners_count":19964901,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","client-vpn","terraform"],"created_at":"2024-11-13T08:14:44.626Z","updated_at":"2026-05-09T20:01:46.961Z","avatar_url":"https://github.com/blackbird-cloud.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003c!-- BEGIN_TF_DOCS --\u003e\n# Terraform Aws Client Vpn Module\nTerraform module to create an AWS Client VPN\n\n[![blackbird-logo](https://raw.githubusercontent.com/blackbird-cloud/terraform-module-template/main/.config/logo_simple.png)](https://blackbird.cloud)\n\n## Example\n```hcl\nmodule \"client_vpn\" {\n    source  = \"blackbird-cloud/client-vpn/aws\"\n    version = \"~\u003e 3.0\"\n    \n    name                       = \"example-client-vpn\"\n    \n    cloudwatch_log_group_name  = var.cloudwatch_log_group_name\n    cloudwatch_log_stream_name = var.cloudwatch_log_stream_name\n\n    auth_rules                 = var.auth_rules\n\n    client_cidr_block          = var.client_cidr_block\n    vpc_id                     = var.vpc_id\n    private_subnets            = var.private_subnets\n    security_group_ids         = var.security_group_ids\n    dns_servers                = var.dns_servers\n    split_tunnel               = true\n    server_certificate_arn     = var.server_certificate_arn\n    vpn_saml_metadata           = file(var.vpn_saml_metadata_file)\n    vpn_portal_saml_metadata    = file(var.vpn_portal_saml_metadata_file)\n}\n```\n\n## Requirements\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"requirement_terraform\"\u003e\u003c/a\u003e [terraform](#requirement\\_terraform) | \u003e= 1.5 |\n| \u003ca name=\"requirement_aws\"\u003e\u003c/a\u003e [aws](#requirement\\_aws) | \u003e= 5 |\n\n## Providers\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"provider_aws\"\u003e\u003c/a\u003e [aws](#provider\\_aws) | \u003e= 5 |\n\n## Resources\n\n| Name | Type |\n|------|------|\n| [aws_ec2_client_vpn_authorization_rule.auth](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_client_vpn_authorization_rule) | resource |\n| [aws_ec2_client_vpn_authorization_rule.internet](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_client_vpn_authorization_rule) | resource |\n| [aws_ec2_client_vpn_endpoint.vpn](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_client_vpn_endpoint) | resource |\n| [aws_ec2_client_vpn_network_association.associations](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_client_vpn_network_association) | resource |\n| [aws_ec2_client_vpn_route.internet](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_client_vpn_route) | resource |\n| [aws_ec2_client_vpn_route.routes](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_client_vpn_route) | resource |\n| [aws_iam_saml_provider.vpn](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_saml_provider) | resource |\n| [aws_iam_saml_provider.vpn_portal](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_saml_provider) | resource |\n| [aws_identitystore_group.sso_groups](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/identitystore_group) | data source |\n| [aws_ssoadmin_instances.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ssoadmin_instances) | data source |\n| [aws_vpc.selected](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source |\n\n## Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| \u003ca name=\"input_auth_rules\"\u003e\u003c/a\u003e [auth\\_rules](#input\\_auth\\_rules) | List of CIDR blocks, and IDP groups (SSO group IDs), or group names (AWS IAM Identity Center group names) to authorize access for. | \u003cpre\u003elist(object({\u003cbr/\u003e    cidr        = string\u003cbr/\u003e    groups      = optional(list(string), [])\u003cbr/\u003e    group_names = optional(list(string), [])\u003cbr/\u003e    description = string\u003cbr/\u003e  }))\u003c/pre\u003e | n/a | yes |\n| \u003ca name=\"input_client_cidr_block\"\u003e\u003c/a\u003e [client\\_cidr\\_block](#input\\_client\\_cidr\\_block) | CIDR Block used for assigning IP's to clients, must not overlap with any of the connected networks. | `string` | n/a | yes |\n| \u003ca name=\"input_client_login_banner_text\"\u003e\u003c/a\u003e [client\\_login\\_banner\\_text](#input\\_client\\_login\\_banner\\_text) | (Optional) The text to display on the client login banner. If not specified, no banner is displayed. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cloudwatch_log_group_name\"\u003e\u003c/a\u003e [cloudwatch\\_log\\_group\\_name](#input\\_cloudwatch\\_log\\_group\\_name) | (Optional) CloudWatch log group name for VPN connection logging. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cloudwatch_log_stream_name\"\u003e\u003c/a\u003e [cloudwatch\\_log\\_stream\\_name](#input\\_cloudwatch\\_log\\_stream\\_name) | (Optional) CloudWatch log stream name for VPN connection logging. | `string` | `\"\"` | no |\n| \u003ca name=\"input_dns_servers\"\u003e\u003c/a\u003e [dns\\_servers](#input\\_dns\\_servers) | (Optional) Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the connecting device is used. | `list(string)` | `[]` | no |\n| \u003ca name=\"input_name\"\u003e\u003c/a\u003e [name](#input\\_name) | Name of the VPN | `string` | n/a | yes |\n| \u003ca name=\"input_private_subnets\"\u003e\u003c/a\u003e [private\\_subnets](#input\\_private\\_subnets) | List of private subnets | `list(string)` | n/a | yes |\n| \u003ca name=\"input_security_group_ids\"\u003e\u003c/a\u003e [security\\_group\\_ids](#input\\_security\\_group\\_ids) | (Optional) List of security group IDs to associate with the Client VPN endpoint. If not specified, a new security group will be created. | `list(string)` | `[]` | no |\n| \u003ca name=\"input_server_certificate_arn\"\u003e\u003c/a\u003e [server\\_certificate\\_arn](#input\\_server\\_certificate\\_arn) | ARN of the ACM certificate the server will use. | `string` | n/a | yes |\n| \u003ca name=\"input_split_tunnel\"\u003e\u003c/a\u003e [split\\_tunnel](#input\\_split\\_tunnel) | To split the VPN tunnel, or not, defaults to false | `bool` | `false` | no |\n| \u003ca name=\"input_tags\"\u003e\u003c/a\u003e [tags](#input\\_tags) | (Optional) Map of resource tags for all AWS resources. If configured with a provider default\\_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level. | `map(string)` | `{}` | no |\n| \u003ca name=\"input_transport_protocol\"\u003e\u003c/a\u003e [transport\\_protocol](#input\\_transport\\_protocol) | (Optional) The transport protocol to use for the VPN connection. Defaults to `tcp`. | `string` | `\"tcp\"` | no |\n| \u003ca name=\"input_vpc_id\"\u003e\u003c/a\u003e [vpc\\_id](#input\\_vpc\\_id) | VPC ID For the VPN SG | `string` | n/a | yes |\n| \u003ca name=\"input_vpn_port\"\u003e\u003c/a\u003e [vpn\\_port](#input\\_vpn\\_port) | (Optional) The port to use for the VPN connection. Defaults to `443`. | `number` | `443` | no |\n| \u003ca name=\"input_vpn_portal_saml_metadata\"\u003e\u003c/a\u003e [vpn\\_portal\\_saml\\_metadata](#input\\_vpn\\_portal\\_saml\\_metadata) | VPN SelfService Portal XML document generated by an identity provider that supports SAML 2.0. | `string` | n/a | yes |\n| \u003ca name=\"input_vpn_saml_metadata\"\u003e\u003c/a\u003e [vpn\\_saml\\_metadata](#input\\_vpn\\_saml\\_metadata) | VPN XML document generated by an identity provider that supports SAML 2.0. | `string` | n/a | yes |\n\n## Outputs\n\n| Name | Description |\n|------|-------------|\n| \u003ca name=\"output_vpn\"\u003e\u003c/a\u003e [vpn](#output\\_vpn) | The Client VPN endpoint. |\n\n## About\n\nWe are [Blackbird Cloud](https://blackbird.cloud), Amsterdam based cloud consultancy, and cloud management service provider. We help companies build secure, cost efficient, and scale-able solutions.\n\nCheckout our other :point\\_right: [terraform modules](https://registry.terraform.io/namespaces/blackbird-cloud)\n\n## Copyright\n\nCopyright © 2017-2025 [Blackbird Cloud](https://blackbird.cloud)\n\u003c!-- END_TF_DOCS --\u003e","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fblackbird-cloud%2Fterraform-aws-client-vpn","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fblackbird-cloud%2Fterraform-aws-client-vpn","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fblackbird-cloud%2Fterraform-aws-client-vpn/lists"}