vpn-connection
cloudposse/vpn-connection/aws
Terraform Module
HCL
AWS
Terraform module to provision a site-to-site VPN connection between a VPC and an on-premises network
Install
module "vpn-connection" {
source = "cloudposse/vpn-connection/aws"
version = "1.9.0"
}
README
Terraform module to provision a site-to-site VPN connection between a VPC and an on-premises network. The module can do the following: - Create a Virtual Private Gateway (VPG) and attach it to the VPC - Create a Customer Gateway (CGW) pointing to the provided Internet-routable IP address of the external interface on the on-premises network - Create a Site-to-Site Virtual Private Network (VPN) connection - Request automatic route propagation between the VPG and the provided route tables in the VPC - If the VPN connection is configured to use static routes, provision a static route between the VPN connection and the CGW Exactly what it does depends on the input parameters. The module is designed to be flexible and can be used in a variety of scenarios. - If you supply customer_gateway_ip_add
Inputs (50)
| Name | Type | Description | Default |
|---|---|---|---|
| vpn_connection_tunnel1_phase1_encryption_algorithms | list(string) | List of one or more encryption algorithms that are permitted for the first VPN t | [] |
| vpn_connection_tunnel1_phase2_lifetime_seconds | string | The lifetime for phase 2 of the IKE negotiation for the first VPN tunnel, in sec | "3600" |
| vpn_connection_tunnel2_cloudwatch_log_output_format | string | Set log format for the tunnel. Default format is json. Possible values are `json | "json" |
| descriptor_formats | any | Describe additional descriptors to be output in the `descriptors` output map. Ma | {} |
| vpn_connection_tunnel1_cloudwatch_log_enabled | bool | Enable or disable VPN tunnel logging feature for the tunnel | false |
| vpn_connection_tunnel2_cloudwatch_log_group_arn | list(string) | The ARN of the CloudWatch log group to which the logs will be published. If the | [] |
| transit_gateway_routes | map(object({ blackhole | A map of transit gateway routes to create on the given TGW route table (via `tra | {} |
| enabled | bool | Set to false to prevent the module from creating any resources | null |
| vpn_connection_tunnel1_phase1_dh_group_numbers | list(string) | List of one or more Diffie-Hellman group numbers that are permitted for the firs | [] |
| vpn_connection_tunnel1_phase1_lifetime_seconds | string | The lifetime for phase 1 of the IKE negotiation for the first VPN tunnel, in sec | "28800" |
| transit_gateway_enabled | bool | If `true`, the module will not create a Virtual Private Gateway but instead will | false |
| name | string | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'. Thi | null |
| labels_as_tags | set(string) | Set of labels (ID elements) to include as tags in the `tags` output. Default is | [
"default"
] |
| label_key_case | string | Controls the letter case of the `tags` keys (label names) for tags generated by | null |
| vpn_connection_tunnel2_startup_action | string | The action to take when the establishing the tunnel for the second VPN connectio | "add" |
| existing_transit_gateway_id | string | Existing Transit Gateway ID. Required if `transit_gateway_enabled` is `true`, ig | "" |
| vpc_id | string | The ID of the VPC to which the Virtual Private Gateway will be attached. Not nee | null |
| vpn_connection_tunnel2_phase1_integrity_algorithms | list(string) | One or more integrity algorithms that are permitted for the second VPN tunnel fo | [] |
| vpn_connection_tunnel1_inside_cidr | string | The CIDR block of the inside IP addresses for the first VPN tunnel | null |
| vpn_connection_tunnel2_ike_versions | list(string) | The IKE versions that are permitted for the second VPN tunnel. Valid values are | [] |
| … and 10 more inputs | |||
Outputs (18)
cloudwan_attachment_id — The ID of the Cloud WAN VPN attachmentvpn_connection_tunnel1_cgw_inside_address — The RFC 6890 link-local address of the first VPN tunnel (Customer Gateway side)vpn_connection_tunnel1_vgw_inside_address — The RFC 6890 link-local address of the first VPN tunnel (Virtual Private Gateway side)vpn_connection_tunnel2_address — The public IP address of the second VPN tunnelvpn_connection_tunnel2_vgw_inside_address — The RFC 6890 link-local address of the second VPN tunnel (Virtual Private Gateway side)vpn_connection_tunnel2_log_group_arn — The CloudWatch Log Group ARN for the tunnel 2 logscustomer_gateway_id — Customer Gateway IDvpn_connection_id — VPN Connection IDvpn_connection_customer_gateway_configuration — The configuration information for the VPN connection's Customer Gateway (in the native XML format)transit_gateway_attachment_id — The ID of the transit gateway attachment for the VPN connection (if a TGW connection)vpn_connection_tunnel1_address — The public IP address of the first VPN tunnelvpn_connection_tunnel1_log_group_arn — The CloudWatch Log Group ARN for the tunnel 1 logsvpn_connection_tunnel2_cgw_inside_address — The RFC 6890 link-local address of the second VPN tunnel (Customer Gateway side)vpn_acceleration_enabled — Whether the VPN connection is enabled for accelerationcloudwan_attachment_arn — The ARN of the Cloud WAN VPN attachmentcloudwan_attachment_segment_name — The segment name associated with the Cloud WAN VPN attachmentvpn_gateway_id — Virtual Private Gateway IDcustomer_gateway_device_name — Customer Gateway Device NameResources (10)
aws_customer_gatewayaws_ec2_tagaws_ec2_transit_gateway_routeaws_ec2_transit_gateway_route_table_associationaws_ec2_transit_gateway_route_table_propagationaws_networkmanager_site_to_site_vpn_attachmentaws_vpn_connectionaws_vpn_connection_routeaws_vpn_gatewayaws_vpn_gateway_route_propagation
Details
FrameworkTerraform Module
LanguageHCL
Version1.9.0
Cloud AWS
★ Stars79
Forks67
Total downloads81.4k
Inputs50
Outputs18
Resources10
Examples1
LicenseApache-2.0
Namespacecloudposse
Updated