Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/flaconi/terraform-aws-transit-gateway-vpn

Terraform module for handling VPN connections on AWS and attaching them to Transit Gateway
https://github.com/flaconi/terraform-aws-transit-gateway-vpn

aws terraform terraform-module

Last synced: about 4 hours ago
JSON representation

Terraform module for handling VPN connections on AWS and attaching them to Transit Gateway

Host: GitHub
URL: https://github.com/flaconi/terraform-aws-transit-gateway-vpn
Owner: Flaconi
License: mit
Created: 2020-04-30T10:05:46.000Z (over 4 years ago)
Default Branch: master
Last Pushed: 2024-09-13T14:12:25.000Z (2 months ago)
Last Synced: 2024-09-15T00:34:46.051Z (2 months ago)
Topics: aws, terraform, terraform-module
Language: Makefile
Homepage:
Size: 32.2 KB
Stars: 2
Watchers: 10
Forks: 5
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE
- Codeowners: .github/CODEOWNERS

Awesome Lists containing this project

README

        # Terraform AWS Transit Gateway VPN module

We are following the hub-spoke(s) (aka [star network][1]) network topology

model.

This module joins our other two modules for handling the Transit Gateway "hub"

and "satellite" nodes:

- [terraform-aws-transit-gateway-hub][2]

- [terraform-aws-transit-gateway-satellite][3]

Specifically, we are attaching the VPN connection to the TGW by manipulating

the VPN configuration directly, as there isn't a resource for explicitly doing

so, like in the case of the VPC attachments. Sadly, this is a [limitation on the

AWS side][4].

The VPN related resources handled by this module are provisioned and configured

in the "hub" node.

Check out some use cases in the [examples](/examples/).

## Caveats

__Routing:__ When the VPN is attached to the TGW, there can be no static routes

configured as the routing needs to be added through the TGW API.

## Assumptions

### Credentials

The module starts from the assumption that your default aws profile allows the

user to assume the necessary IAM roles, as required, to make the necessary

changes. You can use profile of your need if you set `AWS_PROFILE` or `AWS_DEFAULT_PROFILE`, e.g.:

```shell

export AWS_DEFAULT_PROFILE=login

```

You can read more about how Terraform handles this [here][5].

Obviously, all the [supported authentication][6] methods can also be used.

## Requirements

| Name | Version |

|------|---------|

|  [terraform](#requirement\_terraform) | >= 1.0 |

|  [aws](#requirement\_aws) | >= 5 |

## Providers

| Name | Version |

|------|---------|

|  [aws](#provider\_aws) | >= 5 |

## Modules

No modules.

## Resources

| Name | Type |

|------|------|

| [aws_customer_gateway.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/customer_gateway) | resource |

| [aws_ec2_transit_gateway_route.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_transit_gateway_route) | resource |

| [aws_ec2_transit_gateway_route_table_association.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_transit_gateway_route_table_association) | resource |

| [aws_ec2_transit_gateway_route_table_propagation.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_transit_gateway_route_table_propagation) | resource |

| [aws_vpn_connection.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpn_connection) | resource |

| [aws_ec2_transit_gateway.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ec2_transit_gateway) | data source |

| [aws_ec2_transit_gateway_route_table.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ec2_transit_gateway_route_table) | data source |

| [aws_ram_resource_share.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ram_resource_share) | data source |

## Inputs

| Name | Description | Type | Default | Required |

|------|-------------|------|---------|:--------:|

|  [cgw\_bgp\_asn](#input\_cgw\_bgp\_asn) | The gateway's Border Gateway Protocol (BGP) Autonomous System Number (ASN). | `string` | n/a | yes |

|  [cgw\_ip\_address](#input\_cgw\_ip\_address) | IP address of the client VPN endpoint | `string` | n/a | yes |

|  [name](#input\_name) | Generic name to be given to the provisioned resources | `string` | n/a | yes |

|  [transit\_gateway\_hub\_account\_id](#input\_transit\_gateway\_hub\_account\_id) | AWS account ID of Transit Gateway owner | `string` | n/a | yes |

|  [transit\_gateway\_hub\_name](#input\_transit\_gateway\_hub\_name) | Name of the Transit Gateway to attach the VPN to | `string` | n/a | yes |

|  [static\_routes\_destinations](#input\_static\_routes\_destinations) | List of CIDRs to be routed into the VPN tunnel. | `list(string)` | `[]` | no |

|  [static\_routes\_only](#input\_static\_routes\_only) | Whether the VPN connection uses static routes exclusively. Static routes must be used for devices that don't support BGP | `bool` | `false` | no |

|  [tags](#input\_tags) | Map of custom tags for the provisioned resources | `map(string)` | `{}` | no |

|  [tunnel1\_inside\_cidr](#input\_tunnel1\_inside\_cidr) | A size /30 CIDR block from the 169.254.0.0/16 range | `string` | `null` | no |

|  [tunnel1\_preshared\_key](#input\_tunnel1\_preshared\_key) | Will be stored in the state as plaintext. Must be between 8 & 64 chars and can't start with zero(0). Allowed characters are alphanumeric, periods(.) and underscores(\_) | `string` | `null` | no |

|  [tunnel2\_inside\_cidr](#input\_tunnel2\_inside\_cidr) | A size /30 CIDR block from the 169.254.0.0/16 range | `string` | `null` | no |

|  [tunnel2\_preshared\_key](#input\_tunnel2\_preshared\_key) | Will be stored in the state as plaintext. Must be between 8 & 64 chars and can't start with zero(0). Allowed characters are alphanumeric, periods(.) and underscores(\_) | `string` | `null` | no |

## Outputs

| Name | Description |

|------|-------------|

|  [customer\_gateway\_id](#output\_customer\_gateway\_id) | ID of the Customer Gateway |

|  [vpn\_connection](#output\_vpn\_connection) | VPN connection details |

[1]: https://en.wikipedia.org/wiki/Star_network

[2]: https://github.com/Flaconi/terraform-aws-transit-gateway-hub

[3]: https://github.com/Flaconi/terraform-aws-transit-gateway-satellite

[4]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-transitgatewayattachment.html

[5]: https://www.terraform.io/docs/configuration/modules.html#passing-providers-explicitly

[6]: https://www.terraform.io/docs/providers/aws/index.html#authentication