https://github.com/blackbird-cloud/terraform-aws-client-vpn

Terraform module to create an AWS Client VPN
https://github.com/blackbird-cloud/terraform-aws-client-vpn
aws client-vpn terraform
Last synced: 3 months ago
JSON representation
Terraform module to create an AWS Client VPN
Host: GitHub
URL: https://github.com/blackbird-cloud/terraform-aws-client-vpn
Owner: blackbird-cloud
License: apache-2.0
Created: 2022-11-30T14:49:13.000Z (over 2 years ago)
Default Branch: main
Last Pushed: 2025-01-31T14:07:19.000Z (4 months ago)
Last Synced: 2025-01-31T14:32:40.828Z (4 months ago)
Topics: aws, client-vpn, terraform
Language: HCL
Homepage:
Size: 36.1 KB
Stars: 0
Watchers: 3
Forks: 1
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project

README

        [![blackbird-logo](https://raw.githubusercontent.com/blackbird-cloud/terraform-module-template/main/.config/logo_simple.png)](https://blackbird.cloud)

## Requirements

| Name | Version |

|------|---------|

|  [terraform](#requirement\_terraform) | >= 1 |

|  [aws](#requirement\_aws) | ~> 4 |

## Providers

| Name | Version |

|------|---------|

|  [aws](#provider\_aws) | 4.60.0 |

## Modules

| Name | Source | Version |

|------|--------|---------|

|  [resolver\_sg](#module\_resolver\_sg) | terraform-aws-modules/security-group/aws | 4.17.1 |

|  [sg](#module\_sg) | terraform-aws-modules/security-group/aws | 4.17.1 |

## Resources

| Name | Type |

|------|------|

| [aws_ec2_client_vpn_authorization_rule.auth](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_client_vpn_authorization_rule) | resource |

| [aws_ec2_client_vpn_authorization_rule.internet](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_client_vpn_authorization_rule) | resource |

| [aws_ec2_client_vpn_endpoint.vpn](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_client_vpn_endpoint) | resource |

| [aws_ec2_client_vpn_network_association.associations](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_client_vpn_network_association) | resource |

| [aws_ec2_client_vpn_route.internet](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_client_vpn_route) | resource |

| [aws_ec2_client_vpn_route.routes](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_client_vpn_route) | resource |

| [aws_iam_saml_provider.vpn](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_saml_provider) | resource |

| [aws_iam_saml_provider.vpn_portal](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_saml_provider) | resource |

| [aws_route53_resolver_endpoint.vpn_dns](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_resolver_endpoint) | resource |

| [aws_vpc.selected](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source |

## Inputs

| Name | Description | Type | Default | Required |

|------|-------------|------|---------|:--------:|

|  [auth\_rules](#input\_auth\_rules) | List of CIDR blocks, and IDP groups to authorize access for. | 
list(object({
    cidr        = string
    groups      = list(string)
    description = string
  })) | n/a | yes |

|  [client\_cidr\_block](#input\_client\_cidr\_block) | CIDR Block used for assigning IP's to clients, must not overlap with any of the connected networks. | `string` | n/a | yes |

|  [cloudwatch\_log\_group\_name](#input\_cloudwatch\_log\_group\_name) | (Optional) CloudWatch log group name for VPN connection logging. | `string` | `""` | no |

|  [cloudwatch\_log\_stream\_name](#input\_cloudwatch\_log\_stream\_name) | (Optional) CloudWatch log stream name for VPN connection logging. | `string` | `""` | no |

|  [dns\_servers](#input\_dns\_servers) | (Optional) Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the connecting device is used. | `list(string)` | `[]` | no |

|  [name](#input\_name) | Name of the VPN | `string` | n/a | yes |

|  [private\_subnets](#input\_private\_subnets) | List of private subnets | `list(string)` | n/a | yes |

|  [server\_certificate\_arn](#input\_server\_certificate\_arn) | ARN of the ACM certificate the server will use. | `string` | n/a | yes |

|  [split\_tunnel](#input\_split\_tunnel) | To split the VPN tunnel, or not, defaults to false | `bool` | `false` | no |

|  [tags](#input\_tags) | (Optional) Map of resource tags for all AWS resources. If configured with a provider default\_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level. | `map(string)` | `{}` | no |

|  [vpc\_id](#input\_vpc\_id) | VPC ID For the VPN SG | `string` | n/a | yes |

|  [vpn\_portal\_saml\_metadata](#input\_vpn\_portal\_saml\_metadata) | VPN SelfService Portal XML document generated by an identity provider that supports SAML 2.0. | `string` | n/a | yes |

|  [vpn\_saml\_metadata](#input\_vpn\_saml\_metadata) | VPN XML document generated by an identity provider that supports SAML 2.0. | `string` | n/a | yes |

## Outputs

| Name | Description |

|------|-------------|

|  [aws\_route53\_resolver\_endpoint](#output\_aws\_route53\_resolver\_endpoint) | The Route53 DNS resolver endpoint. |

|  [resolver\_security\_group](#output\_resolver\_security\_group) | The AWS security group used to controll ingress traffic to the Route 53 DNS resolver endpoint. |

|  [security\_group](#output\_security\_group) | The AWS security group used to controll ingress traffic to the Client VPN self-service-portal. |

|  [vpn](#output\_vpn) | The Client VPN endpoint. |

## About

We are [Blackbird Cloud](https://blackbird.cloud), Amsterdam based cloud consultancy, and cloud management service provider. We help companies build secure, cost efficient, and scale-able solutions.

Checkout our other :point\_right: [terraform modules](https://registry.terraform.io/namespaces/blackbird-cloud)

## Copyright

Copyright © 2017-2023 [Blackbird Cloud](https://blackbird.cloud)

[![blackbird-logo](https://raw.githubusercontent.com/blackbird-cloud/terraform-module-template/main/.config/logo_simple.png)](https://blackbird.cloud)

## Requirements

| Name | Version |

|------|---------|

|  [terraform](#requirement\_terraform) | >= 1 |

|  [aws](#requirement\_aws) | ~> 4 |

## Providers

| Name | Version |

|------|---------|

|  [aws](#provider\_aws) | ~> 4 |

## Modules

| Name | Source | Version |

|------|--------|---------|

|  [resolver\_sg](#module\_resolver\_sg) | terraform-aws-modules/security-group/aws | 4.17.1 |

|  [sg](#module\_sg) | terraform-aws-modules/security-group/aws | 4.17.1 |

## Resources

| Name | Type |

|------|------|

| [aws_ec2_client_vpn_authorization_rule.auth](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_client_vpn_authorization_rule) | resource |

| [aws_ec2_client_vpn_authorization_rule.internet](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_client_vpn_authorization_rule) | resource |

| [aws_ec2_client_vpn_endpoint.vpn](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_client_vpn_endpoint) | resource |

| [aws_ec2_client_vpn_network_association.associations](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_client_vpn_network_association) | resource |

| [aws_ec2_client_vpn_route.internet](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_client_vpn_route) | resource |

| [aws_ec2_client_vpn_route.routes](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_client_vpn_route) | resource |

| [aws_iam_saml_provider.vpn](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_saml_provider) | resource |

| [aws_iam_saml_provider.vpn_portal](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_saml_provider) | resource |

| [aws_route53_resolver_endpoint.vpn_dns](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_resolver_endpoint) | resource |

| [aws_vpc.selected](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source |

## Inputs

| Name | Description | Type | Default | Required |

|------|-------------|------|---------|:--------:|

|  [auth\_rules](#input\_auth\_rules) | List of CIDR blocks, and IDP groups to authorize access for. | 
list(object({
    cidr        = string
    groups      = list(string)
    description = string
  })) | n/a | yes |

|  [client\_cidr\_block](#input\_client\_cidr\_block) | CIDR Block used for assigning IP's to clients, must not overlap with any of the connected networks. | `string` | n/a | yes |

|  [cloudwatch\_log\_group\_name](#input\_cloudwatch\_log\_group\_name) | (Optional) CloudWatch log group name for VPN connection logging. | `string` | `""` | no |

|  [cloudwatch\_log\_stream\_name](#input\_cloudwatch\_log\_stream\_name) | (Optional) CloudWatch log stream name for VPN connection logging. | `string` | `""` | no |

|  [dns\_servers](#input\_dns\_servers) | (Optional) Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the connecting device is used. | `list(string)` | `[]` | no |

|  [name](#input\_name) | Name of the VPN | `string` | n/a | yes |

|  [private\_subnets](#input\_private\_subnets) | List of private subnets | `list(string)` | n/a | yes |

|  [server\_certificate\_arn](#input\_server\_certificate\_arn) | ARN of the ACM certificate the server will use. | `string` | n/a | yes |

|  [split\_tunnel](#input\_split\_tunnel) | To split the VPN tunnel, or not, defaults to false | `bool` | `false` | no |

|  [tags](#input\_tags) | (Optional) Map of resource tags for all AWS resources. If configured with a provider default\_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level. | `map(string)` | `{}` | no |

|  [vpc\_id](#input\_vpc\_id) | VPC ID For the VPN SG | `string` | n/a | yes |

|  [vpn\_portal\_saml\_metadata](#input\_vpn\_portal\_saml\_metadata) | VPN SelfService Portal XML document generated by an identity provider that supports SAML 2.0. | `string` | n/a | yes |

|  [vpn\_saml\_metadata](#input\_vpn\_saml\_metadata) | VPN XML document generated by an identity provider that supports SAML 2.0. | `string` | n/a | yes |

## Outputs

| Name | Description |

|------|-------------|

|  [aws\_route53\_resolver\_endpoint](#output\_aws\_route53\_resolver\_endpoint) | The Route53 DNS resolver endpoint. |

|  [resolver\_security\_group](#output\_resolver\_security\_group) | The AWS security group used to controll ingress traffic to the Route 53 DNS resolver endpoint. |

|  [security\_group](#output\_security\_group) | The AWS security group used to controll ingress traffic to the Client VPN self-service-portal. |

|  [vpn](#output\_vpn) | The Client VPN endpoint. |

## About

We are [Blackbird Cloud](https://blackbird.cloud), Amsterdam based cloud consultancy, and cloud management service provider. We help companies build secure, cost efficient, and scale-able solutions.

Checkout our other :point\_right: [terraform modules](https://registry.terraform.io/namespaces/blackbird-cloud)

## Copyright

Copyright © 2017-2023 [Blackbird Cloud](https://blackbird.cloud)
ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/blackbird-cloud/terraform-aws-client-vpn

Awesome Lists containing this project

README
