Initial Commit

gadgetry-io · Mar 21, 2018 · ce08779 · ce08779
1 parent 9dcc52f
commit ce08779
Show file tree

Hide file tree

Showing 7 changed files with 235 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -1,2 +1,69 @@
 # tf-aws-vpn-gateway
 Terraform AWS VPN Gateway Module
+
+## Summary
+This terraform module creates an AWS VPN Gateway and Connection to an existing AWS Customer Gateway.
+- An AWS Customer Gateway must be provisioned separately.
+- Learn More about [AWS VPN Connections](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_VPN.html)
+
+## Example Implementation
+
+    /project                        # Terraform Project
+        /workspaces                 # Workspaces
+            /ops                    # Operations Environment
+                vpn_gateway.<name>  # VPN Gateway Stack using Module
+                    backend.tf
+                    data.tf
+                    main.tf
+                    providers.tf
+            /dev                    # Development Environment
+            /tst                    # Testing Environment
+            /stg                    # Staging Environment
+            /prd                    # Production Environment
+
+### backend.tf
+
+    terraform {
+        backend "s3" {
+            bucket               = "<bucket_name>"
+            key                  = "vpn_gateway_<name>"
+            workspace_key_prefix = "terraform"
+            region               = "us-east-1"
+            profile              = "<profile_name>"
+            role_arn             = "arn:aws:iam::<account_id>:role/<role_name>"
+
+### data.tf
+
+    data "terraform_remote_state" "network" {
+        backend   = "s3"
+        workspace = "${terraform.workspace}"
+
+        config {
+            bucket               = "<bucket_name>"
+            key                  = "network"
+            workspace_key_prefix = "terraform"
+            region               = "us-east-1"
+            profile              = "<profile_name>"
+            role_arn             = "arn:aws:iam::<account_id>:role/<role_name>"
+        }
+    }
+
+### main.tf
+
+    module "vpn_gateway" {
+        source                          = "git::ssh://[email protected]/gadgetry-io/tf-aws-vpn-gateway.git?ref=master"
+        vgw_vpc_id                      = "<aws_vpc.id>"
+        vgw_availability_zone           = "<e.g. us-east-1>"
+        vgw_tag_name                    = "<e.g. vpn_gateway>"
+        vgw_tag_environment             = "<e.g. operations>"
+        vgw_tag_stack                   = "<e.g. vpn_gateway.office>"
+        vpn_destination_cidr_block      = "<e.g. office private network cidr>"
+        vpn_customer_gateway_id         = "<aws_customer_gateway.id>
+    }
+
+### providers.tf
+
+    provider aws {
+        region  = "us-east-1"
+        profile = "<profile_name>"
+    }
diff --git a/aws_vpn_connection.tf b/aws_vpn_connection.tf
@@ -0,0 +1,6 @@
+resource "aws_vpn_connection" "main" {
+  vpn_gateway_id      = "${aws_vpn_gateway.main.id}"
+  customer_gateway_id = "${var.vpn_customer_gateway_id}"
+  type                = "ipsec.1"
+  static_routes_only  = true
+}
diff --git a/aws_vpn_connection_route.tf b/aws_vpn_connection_route.tf
@@ -0,0 +1,4 @@
+resource "aws_vpn_connection_route" "main" {
+  destination_cidr_block = "${var.vpn_destination_cidr_block}"
+  vpn_connection_id      = "${aws_vpn_connection.main.id}"
+}
diff --git a/aws_vpn_gateway.tf b/aws_vpn_gateway.tf
@@ -0,0 +1,10 @@
+resource "aws_vpn_gateway" "main" {
+  vpc_id = "${var.vgw_vpc_id}"
+  availability_zone = "{var.vgw_availability_zone}"
+
+  tags {
+    Name         = "${var.vgw_tag_name}"
+    Environment  = "${var.vgw_tag_environment}"
+    Stack        = "${var.vgw_tag_stack}"
+  }
+}
diff --git a/outputs.tf b/outputs.tf
@@ -0,0 +1,57 @@
+###############################################################################
+# VPN Gateway Outputs
+
+output "vgw_id" {
+  value = "${aws_vpn_gateway.main.id}"
+}
+
+###############################################################################
+# VPN Connection Outputs.
+
+output "vpn_id" {
+  value = "${aws_vpn_connection.main.id}"
+}
+
+output "vpn_type" {
+  value = "${aws_vpn_connection.main.type}"
+}
+
+output "vpn_customer_gateway_id" {
+  value = "${aws_vpn_connection.main.customer_gateway_id}"
+}
+
+output "vpn_static_routes_only" {
+  value = "${aws_vpn_connection.main.static_routes_only}"
+}
+
+output "vpn_tunnel1_address" {
+  value = "${aws_vpn_connection.main.tunnel1_address}"
+}
+
+output "vpn_tunnel1_bgp_asn" {
+  value = "${aws_vpn_connection.main.tunnel1_bgp_asn}"
+}
+
+output "vpn_tunnel1_cgw_inside_address" {
+  value = "${aws_vpn_connection.main.tunnel1_cgw_inside_address}"
+}
+
+output "vpn_tunnel1_vgw_inside_address" {
+  value = "${aws_vpn_connection.main.tunnel1_vgw_inside_address}"
+}
+
+output "vpn_tunnel2_address" {
+  value = "${aws_vpn_connection.main.tunnel2_address}"
+}
+
+output "vpn_tunnel2_bgp_asn" {
+  value = "${aws_vpn_connection.main.tunnel2_bgp_asn}"
+}
+
+output "vpn_tunnel2_cgw_inside_address" {
+  value = "${aws_vpn_connection.main.tunnel2_cgw_inside_address}"
+}
+
+output "vpn_tunnel2_vgw_inside_address" {
+  value = "${aws_vpn_connection.main.tunnel2_vgw_inside_address}"
+}
diff --git a/readme.tf b/readme.tf
@@ -0,0 +1,53 @@
+resource "local_file" "readme" {
+  content  = "${data.template_file.readme.rendered}"
+  filename = "${path.module}/README.${upper(terraform.workspace)}.md"
+}
+
+data "template_file" "readme" {
+  template = <<EOF
+# ${var.stack_name}
+This stack provisions the ${upper(terraform.workspace)} ${upper(var.stack_name)} Stack.
+
+## ${var.stack_name}
+
+Key notes about this Stack:
+- This stack creates an AWS VPN Gateway and Connection to an existing AWS Customer Gateway.
+- An AWS Customer Gateway must be provisioned separately.
+
+## LINKS
+[AWS VPN Connections](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_VPN.html)
+
+
+### VPN GATEWAY CONFIGURATION
+
+|ATTRIBUTE|VALUE|
+|VPN Gateway ID|${aws_vpn_gateway.main.id}|
+|VPN VPC ID|${var.vgw_vpc_id}|
+|VPN Availability Zone|${var.vgw_availability_zone}|
+
+### VPN CONNECTION CONFIGURATION
+
+|ATTRIBUTE|VALUE|
+|VPN Connection ID|${aws_vpn_connection.main.id}|
+|Customer Gateway ID|${aws_vpn_connection.main.customer_gateway_id}|
+|Static Routes Only|${aws_vpn_connection.main.static_routes_only}|
+
+### VPN TUNNEL 1
+
+|ATTRIBUTE|VALUE|
+|Tunnel 1 Public IP|${aws_vpn_connection.main.tunnel1_address}|
+|Tunnel 1 BGP ASN Number|${aws_vpn_connection.main.tunnel1_bgp_asn}|
+|Tunnel 1 CGW Inside Address|${aws_vpn_connection.main.tunnel1_cgw_inside_address}|
+|Tunnel 1 VGW Inside Address|${aws_vpn_connection.main.tunnel1_vgw_inside_address}|
+
+
+### VPN TUNNEL 2
+
+|ATTRIBUTE|VALUE|
+|Tunnel 2 Public IP|${aws_vpn_connection.main.tunnel2_address}|
+|Tunnel 2 BGP ASN Number|${aws_vpn_connection.main.tunnel2_bgp_asn}|
+|Tunnel 2 CGW Inside Address|${aws_vpn_connection.main.tunnel2_cgw_inside_address}|
+|Tunnel 2 VGW Inside Address|${aws_vpn_connection.main.tunnel2_vgw_inside_address}|
+
+EOF
+}
diff --git a/variables.tf b/variables.tf
@@ -0,0 +1,38 @@
+# STACK VARIABLES
+variable stack_name {
+  type = "string"
+  default = "vpn_gateway"
+}
+
+# VPN GATEWAY VARIABLES (vgw)
+variable vgw_vpc_id {
+  type = "string"
+}
+
+variable vgw_availability_zone {
+  type = "string"
+}
+
+variable vgw_tag_name {
+  type = "string"
+}
+
+variable vgw_tag_environment {
+  type = "string"
+}
+
+variable vgw_tag_stack {
+  type = "string"
+  default = "vpn_gateway"
+}
+
+# VPN CONNECTION VARIABLES (vpn)
+variable vpn_destination_cidr_block {
+  type = "string"
+}
+
+variable vpn_customer_gateway_id {
+  type = "string"
+}
+
+