-
Notifications
You must be signed in to change notification settings - Fork 0
/
vpn.tf
97 lines (81 loc) · 3.65 KB
/
vpn.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
# Optional. This is so you can access EC2 instances behind a private subnet.
# Currently beyond the scope of this commit.
# resource "aws_acm_certificate" "terraform-vpn-cert" {
# }
# resource "aws_ec2_client_vpn_endpoint" "terraform-ec2-client-vpn" {
# description = "Provides secure access for instances in the private subnet."
# server_certificate_arn = aws_acm_certificate.terraform-vpn-cert.arn
# client_cidr_block = "128.0.0.0/22"
# vpc_id = aws_vpc.terraform-vpc.id
# security_group_ids = [aws_security_group.terraform-vpc-sg.id]
# authentication_options {
# type = "certificate-authentication"
# root_certificate_chain_arn = aws_acm_certificate.terraform-vpn-cert.terraform-vpn-cert.arn
# }
# connection_log_options {
# enabled = false
# }
# tags = {
# Name = "Terraform VPN Client Endpoint"
# }
# }
# # For private subnet 1
# resource "aws_ec2_client_vpn_network_association" "terraform-ec2-vpne-subnet-assoc1" {
# client_vpn_endpoint_id = aws_ec2_client_vpn_endpoint.terraform-ec2-client-vpn.id
# subnet_id = aws_subnet.terraform-vpc-subnet-private1-ap-southeast-1a.id
# # VPN Assets take time to tear down. Increase timeout.
# timeouts {
# delete = "10m"
# create = "10m"
# }
# }
# # For private subnet 2
# resource "aws_ec2_client_vpn_network_association" "terraform-ec2-vpne-subnet-assoc2" {
# client_vpn_endpoint_id = aws_ec2_client_vpn_endpoint.terraform-ec2-client-vpn.id
# subnet_id = aws_subnet.terraform-vpc-subnet-private2-ap-southeast-1b.id
# # VPN Assets take time to tear down. Increase timeout.
# timeouts {
# delete = "10m"
# create = "10m"
# }
# }
# # Not usually needed but it's to prevent users from losing their internet when using the VPN Client.
# resource "aws_ec2_client_vpn_route" "subnet1-web-route" {
# client_vpn_endpoint_id = aws_ec2_client_vpn_endpoint.terraform-ec2-client-vpn.id
# destination_cidr_block = "0.0.0.0/0"
# target_vpc_subnet_id = aws_subnet.terraform-vpc-subnet-private1-ap-southeast-1a.id
# # VPN Assets take time to tear down. Increase timeout.
# timeouts {
# delete = "10m"
# create = "10m"
# }
# }
# # Probably not needed.
# resource "aws_ec2_client_vpn_route" "subnet2-web-route" {
# client_vpn_endpoint_id = aws_ec2_client_vpn_endpoint.terraform-ec2-client-vpn.id
# destination_cidr_block = "0.0.0.0/0"
# target_vpc_subnet_id = aws_subnet.terraform-vpc-subnet-private2-ap-southeast-1b.id
# # VPN Assets take time to tear down. Increase timeout.
# timeouts {
# delete = "10m"
# create = "10m"
# }
# }
# resource "aws_ec2_client_vpn_authorization_rule" "terraform-vpn-auth-rule-subnet1" {
# client_vpn_endpoint_id = aws_ec2_client_vpn_endpoint.terraform-ec2-client-vpn.id
# target_network_cidr = aws_subnet.terraform-vpc-subnet-private1-ap-southeast-1a.cidr_block
# description = "Authorize access to VPC subnet 1"
# authorize_all_groups = true
# }
# resource "aws_ec2_client_vpn_authorization_rule" "terraform-vpn-auth-rule-subnet2" {
# client_vpn_endpoint_id = aws_ec2_client_vpn_endpoint.terraform-ec2-client-vpn.id
# target_network_cidr = aws_subnet.terraform-vpc-subnet-private2-ap-southeast-1b.cidr_block
# description = "Authorize access to VPC subnet 2"
# authorize_all_groups = true
# }
# resource "aws_ec2_client_vpn_authorization_rule" "terraform-vpn-auth-rule-internet" {
# client_vpn_endpoint_id = aws_ec2_client_vpn_endpoint.terraform-ec2-client-vpn.id
# target_network_cidr = "0.0.0.0/0"
# description = "Authorize access to Internet Passthrough"
# authorize_all_groups = true
# }