Terraform module for aws-client-vpn with federated-authentication
| Name | Version |
|---|---|
| terraform | >= 1.0.0 |
| aws | ~> 4.0.0 |
| tls | ~> 3.1.0 |
| Name | Version |
|---|---|
| aws | 3.72.0 |
| tls | 3.1.0 |
No modules.
| Name | Type |
|---|---|
| aws_acm_certificate.ca | resource |
| aws_acm_certificate.server | resource |
| aws_cloudwatch_log_group.this | resource |
| aws_cloudwatch_log_stream.this | resource |
| aws_ec2_client_vpn_authorization_rule.rules | resource |
| aws_ec2_client_vpn_endpoint.this | resource |
| aws_ec2_client_vpn_network_association.this | resource |
| aws_ec2_client_vpn_route.additional | resource |
| aws_iam_saml_provider.this | resource |
| aws_security_group.this | resource |
| tls_cert_request.server | resource |
| tls_locally_signed_cert.server | resource |
| tls_private_key.ca | resource |
| tls_private_key.server | resource |
| tls_self_signed_cert.ca | resource |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| additional_routes | A list of additional routes that should be attached to the Client VPN endpoint | list(object({ |
[] |
no |
| additional_security_groups | List of security groups to attach to the client vpn network associations | list(string) |
[] |
no |
| associated_subnets | List of subnets to associate with the VPN endpoint | list(string) |
n/a | yes |
| authorization_rules | List of objects describing the authorization rules for the client vpn | list(object({ |
n/a | yes |
| client_cidr_block | VPN CIDR Block | string |
n/a | yes |
| cloudwatch_log_retention_days | How long to keep VPN logs. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 3653, and 0. If you select 0, the events in the log group are always retained and never expire. | number |
30 |
no |
| description | Resource description | string |
n/a | yes |
| dns_servers | List of DNS Server for VPN | list(string) |
[] |
no |
| domain_name | Domain Name to associate with ACM common name | string |
n/a | yes |
| name | Name to associate with various resources | string |
n/a | yes |
| saml_metadata_document | Optional SAML metadata document. Must include this or saml_provider_arn |
string |
null |
no |
| saml_provider_arn | Optional SAML ARN. Must include this or saml_metadata_document |
string |
null |
no |
| self_service_portal | Optionally specify whether the VPC Client self-service portal is enabled or disabled. Default is disabled | string |
"disabled" |
no |
| split_tunnel_enabled | Whether to enable split tunnelling | bool |
true |
no |
| tags | Map of strings containing tags for AWS resources | map(string) |
{} |
no |
| transport_protocol | The transport protocol to be used by the VPN session. Default value is udp. |
string |
"udp" |
no |
| vpc_id | ID of VPC to attach VPN to | string |
n/a | yes |
| vpn_port | The port number for the Client VPN endpoint. Valid values are 443 and 1194. Default value is 443. | number |
443 |
no |
| Name | Description |
|---|---|
| sg_id | The ID of the SG for Client VPN. |
| vpn_arn | The ARN of the Client VPN endpoint. |
| vpn_dns_name | VPN DNS name |
| vpn_endpoint_security_groups | VPN endpoint security groups |
| vpn_id | The ID of the Client VPN endpoint. |