vpn-connection

cloudposse/vpn-connection/aws

Terraform Module HCL AWS

Terraform module to provision a site-to-site VPN connection between a VPC and an on-premises network

Install

module "vpn-connection" {

source = "cloudposse/vpn-connection/aws"

version = "1.9.0"

}

plain text: /constructs/tfmod-cloudposse-vpn-connection-aws/install.txt

⭐ Source on GitHub 📦 Registry page

README

Terraform module to provision a site-to-site VPN connection between a VPC and an on-premises network. The module can do the following: - Create a Virtual Private Gateway (VPG) and attach it to the VPC - Create a Customer Gateway (CGW) pointing to the provided Internet-routable IP address of the external interface on the on-premises network - Create a Site-to-Site Virtual Private Network (VPN) connection - Request automatic route propagation between the VPG and the provided route tables in the VPC - If the VPN connection is configured to use static routes, provision a static route between the VPN connection and the CGW Exactly what it does depends on the input parameters. The module is designed to be flexible and can be used in a variety of scenarios. - If you supply customer_gateway_ip_add

Inputs (50)

Name	Type	Description	Default
vpn_connection_tunnel1_phase1_encryption_algorithms	list(string)	List of one or more encryption algorithms that are permitted for the first VPN t	`[]`
vpn_connection_tunnel1_phase2_lifetime_seconds	string	The lifetime for phase 2 of the IKE negotiation for the first VPN tunnel, in sec	`"3600"`
vpn_connection_tunnel2_cloudwatch_log_output_format	string	Set log format for the tunnel. Default format is json. Possible values are `json	`"json"`
descriptor_formats	any	Describe additional descriptors to be output in the `descriptors` output map. Ma	`{}`
vpn_connection_tunnel1_cloudwatch_log_enabled	bool	Enable or disable VPN tunnel logging feature for the tunnel	`false`
vpn_connection_tunnel2_cloudwatch_log_group_arn	list(string)	The ARN of the CloudWatch log group to which the logs will be published. If the	`[]`
transit_gateway_routes	map(object({ blackhole	A map of transit gateway routes to create on the given TGW route table (via `tra	`{}`
enabled	bool	Set to false to prevent the module from creating any resources	`null`
vpn_connection_tunnel1_phase1_dh_group_numbers	list(string)	List of one or more Diffie-Hellman group numbers that are permitted for the firs	`[]`
vpn_connection_tunnel1_phase1_lifetime_seconds	string	The lifetime for phase 1 of the IKE negotiation for the first VPN tunnel, in sec	`"28800"`
transit_gateway_enabled	bool	If `true`, the module will not create a Virtual Private Gateway but instead will	`false`
name	string	ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'. Thi	`null`
labels_as_tags	set(string)	Set of labels (ID elements) to include as tags in the `tags` output. Default is	`[ "default" ]`
label_key_case	string	Controls the letter case of the `tags` keys (label names) for tags generated by	`null`
vpn_connection_tunnel2_startup_action	string	The action to take when the establishing the tunnel for the second VPN connectio	`"add"`
existing_transit_gateway_id	string	Existing Transit Gateway ID. Required if `transit_gateway_enabled` is `true`, ig	`""`
vpc_id	string	The ID of the VPC to which the Virtual Private Gateway will be attached. Not nee	`null`
vpn_connection_tunnel2_phase1_integrity_algorithms	list(string)	One or more integrity algorithms that are permitted for the second VPN tunnel fo	`[]`
vpn_connection_tunnel1_inside_cidr	string	The CIDR block of the inside IP addresses for the first VPN tunnel	`null`
vpn_connection_tunnel2_ike_versions	list(string)	The IKE versions that are permitted for the second VPN tunnel. Valid values are	`[]`
… and 10 more inputs

Outputs (18)

cloudwan_attachment_id — The ID of the Cloud WAN VPN attachment

vpn_connection_tunnel1_cgw_inside_address — The RFC 6890 link-local address of the first VPN tunnel (Customer Gateway side)

vpn_connection_tunnel1_vgw_inside_address — The RFC 6890 link-local address of the first VPN tunnel (Virtual Private Gateway side)

vpn_connection_tunnel2_address — The public IP address of the second VPN tunnel

vpn_connection_tunnel2_vgw_inside_address — The RFC 6890 link-local address of the second VPN tunnel (Virtual Private Gateway side)

vpn_connection_tunnel2_log_group_arn — The CloudWatch Log Group ARN for the tunnel 2 logs

customer_gateway_id — Customer Gateway ID

vpn_connection_id — VPN Connection ID

vpn_connection_customer_gateway_configuration — The configuration information for the VPN connection's Customer Gateway (in the native XML format)

transit_gateway_attachment_id — The ID of the transit gateway attachment for the VPN connection (if a TGW connection)

vpn_connection_tunnel1_address — The public IP address of the first VPN tunnel

vpn_connection_tunnel1_log_group_arn — The CloudWatch Log Group ARN for the tunnel 1 logs

vpn_connection_tunnel2_cgw_inside_address — The RFC 6890 link-local address of the second VPN tunnel (Customer Gateway side)

vpn_acceleration_enabled — Whether the VPN connection is enabled for acceleration

cloudwan_attachment_arn — The ARN of the Cloud WAN VPN attachment

cloudwan_attachment_segment_name — The segment name associated with the Cloud WAN VPN attachment

vpn_gateway_id — Virtual Private Gateway ID

customer_gateway_device_name — Customer Gateway Device Name

Resources (10)

aws_customer_gatewayaws_ec2_tagaws_ec2_transit_gateway_routeaws_ec2_transit_gateway_route_table_associationaws_ec2_transit_gateway_route_table_propagationaws_networkmanager_site_to_site_vpn_attachmentaws_vpn_connectionaws_vpn_connection_routeaws_vpn_gatewayaws_vpn_gateway_route_propagation

Details

FrameworkTerraform Module

LanguageHCL

Version1.9.0

Cloud AWS

★ Stars79

Forks67

Total downloads81.4k

Inputs50

Outputs18

Resources10

Examples1

LicenseApache-2.0

Namespacecloudposse

Updated

Tools

⚖ Compare with another construct → 📋 View data schema