We are following the hub-spoke(s) (aka star network) network topology model.
This module joins our other two modules for handling the Transit Gateway "hub" and "satellite" nodes:
Specifically, we are attaching the VPN connection to the TGW by manipulating the VPN configuration directly, as there isn't a resource for explicitly doing so, like in the case of the VPC attachments. Sadly, this is a limitation on the AWS side.
The VPN related resources handled by this module are provisioned and configured in the "hub" node.
Check out some use cases in the examples.
Routing: When the VPN is attached to the TGW, there can be no static routes configured as the routing needs to be added through the TGW API.
The module starts from the assumption that your default aws profile allows the
user to assume the necessary IAM roles, as required, to make the necessary
changes. You can use profile of your need if you set AWS_PROFILE or AWS_DEFAULT_PROFILE, e.g.:
export AWS_DEFAULT_PROFILE=loginYou can read more about how Terraform handles this here.
Obviously, all the supported authentication methods can also be used.
| Name | Version |
|---|---|
| terraform | >= 0.13 |
| aws | >= 4 |
| Name | Version |
|---|---|
| aws | >= 4 |
No modules.
| Name | Type |
|---|---|
| aws_customer_gateway.this | resource |
| aws_ec2_transit_gateway_route.this | resource |
| aws_ec2_transit_gateway_route_table_association.this | resource |
| aws_ec2_transit_gateway_route_table_propagation.this | resource |
| aws_vpn_connection.this | resource |
| aws_ec2_transit_gateway.this | data source |
| aws_ec2_transit_gateway_route_table.this | data source |
| aws_ram_resource_share.this | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| allowed_account_id | AWS account ID for which this module can be executed | string |
n/a | yes |
| cgw_bgp_asn | The gateway's Border Gateway Protocol (BGP) Autonomous System Number (ASN). | string |
n/a | yes |
| cgw_ip_address | IP address of the client VPN endpoint | string |
n/a | yes |
| name | Generic name to be given to the provisioned resources | string |
n/a | yes |
| transit_gateway_hub_name | Name of the Transit Gateway to attach the VPN to | string |
n/a | yes |
| role_to_assume | IAM role name to assume (eg. ASSUME-ROLE-HUB) | string |
"" |
no |
| static_routes_destinations | List of CIDRs to be routed into the VPN tunnel. | list(string) |
[] |
no |
| static_routes_only | Whether the VPN connection uses static routes exclusively. Static routes must be used for devices that don't support BGP | bool |
false |
no |
| tags | Map of custom tags for the provisioned resources | map(string) |
{} |
no |
| tunnel1_inside_cidr | A size /30 CIDR block from the 169.254.0.0/16 range | string |
null |
no |
| tunnel1_preshared_key | Will be stored in the state as plaintext. Must be between 8 & 64 chars and can't start with zero(0). Allowed characters are alphanumeric, periods(.) and underscores(_) | string |
null |
no |
| tunnel2_inside_cidr | A size /30 CIDR block from the 169.254.0.0/16 range | string |
null |
no |
| tunnel2_preshared_key | Will be stored in the state as plaintext. Must be between 8 & 64 chars and can't start with zero(0). Allowed characters are alphanumeric, periods(.) and underscores(_) | string |
null |
no |
| Name | Description |
|---|---|
| customer_gateway_id | ID of the Customer Gateway |
| vpn_connection | VPN connection details |
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent