A terraform module to create and manage an OpenVPN service on AWS.
Terraform and AWS Command Line Interface tools need to be installed on your local computer.
A previously build AMI base image with OpenVPN is required.
Terraform version 0.8 or higher is required.
Terraform installation instructions can be found here.
AWS Command Line Interface installation instructions can be found here.
This module requires that an AMI base image with OpenVPN built using the recipe from this project to already exist in your AWS account.
That AMI ID is the one that should be used as the value for the required
ami_id
variable.
If you wish to register the instances FQDN, the AWS Route53 service is also required to be enabled and properly configured.
To register the instances FQDN on AWS Route53 service you need to set the
private_zone_id
and/or public_zone_id
variable(s).
ami_id
- [required] The id of the AMI to use for the instance(s). See the OpenVPN AMI section for more information.associate_public_ip_address
- Associate a public IP address to the OpenVPN instance. [default value: true]domain
- [required] The domain name to use for the OpenVPN instance.environment
- The environment name for the OpenVPN resource(s). [default value: '']extra_security_group_id
- Extra security group to assign to the OpenVPN instance (e.g.: 'sg-3f983f98'). [default value: '']instance_type
- The type of instance to use for the OpenVPN instance. [default value: 't2.small']keyname
- [required] The SSH key name to use for the OpenVPN instance.name
- The main name for the OpenVPN resource(s). [default value: 'openvpn']namespace
- The namespace for the OpenVPN resource(s). [default value: '']private_zone_id
- The ID of the hosted zone for the private DNS record(s). [default value: '']public_zone_id
- The ID of the hosted zone for the public DNS record(s). Requiresassociate_public_ip_address
to be set to 'true'. [default value: '']root_volume_iops
- The amount of provisioned IOPS (for 'io1' type only). [default value: 0]root_volume_size
- The volume size in gigabytes. [default value: '8']root_volume_type
- The volume type. Must be one of 'standard' (magnetic), 'gp2' (general purpose SSD), or 'io1' (provisioned IOPS SSD). [default value: 'gp2']stage
- The stage attribute for the OpenVPN resource(s). [default value: '']ssh_port
- The SSH port, as defined in the original AMI from packer. [default value: '222']subnet_ids
- [required] List of Subnet IDs to launch the instance in (e.g.: ['subnet-0zfg04s2','subnet-6jm2z54q']).tags
- Map of tags (e.g.: '{name=test,environment=dev}'). [default value: {}]ttl
- The TTL (in seconds) for the DNS record(s). [default value: '600']vpc_id
- [required] The VPC ID for the security group(s).vpn_allowed_cidrs
- [required] List of the subnets to which the VPN clients will be allowed access to (in CIDR notation).vpn_cidr
- The subnet for the VPN clients (in CIDR notation). [default value: '172.16.61.0/24']vpn_dns
- List of DNS Server addresses. [default value: '[]']
module "my_openvpn" {
source = "github.com/fscm/terraform-module-aws-openvpn"
ami_id = "ami-gxrd5hz0"
domain = "mydomain.tld"
keyname = "my_ssh_key"
name = "openvpn"
private_zone_id = "Z3K95H7K1S3F"
public_zone_id = "Z1FA3K2H9T7J"
subnet_ids = ["subnet-0zfg04s2"]
vpc_id = "vpc-3f0tb39m"
vpn_allowed_cidrs = ["10.0.0.0/24","10.0.1.0/24"]
}
allowed_cidrs
- [type: list] List of the subnets (in CIDR notation) to which the VPN clients will be allowed access to.cidr
- [type: string] The subnet for the VPN clients (in CIDR notation).dns
- [type: list] List of DNS Server addresses.fqdn
- [type: list] List of FQDNs of the OpenVPN instance.hostname
- [type: list] List of hostnames of the OpenVPN instance.id
- [type: list] List of IDs of the OpenVPN instance.ip
- [type: list] List of private IP address of the OpenVPN instance.security_group
- [type: string] ID of the security group to be added to every instance that should allow access from the OpenVPN service.ssh_key
- [type: string] The name of the SSH key used.ssh_port
- [type: string] The SSH access port.
This modules provides a security group that will allow access from the OpenVPN instance.
That group will allow access to the following ports to all the AWS EC2 instances that belong to the group. Note that by default, the original packer image uses port 222 for SSH access.
Service | Port | Protocol |
---|---|---|
SSH | 222 | TCP |
OpenVPN | 1194 | UDP |
If access to other ports is required, you can create your own security group
and add it to the OpenVPN service instance using the extra_security_group_id
variable.
- Fork it!
- Create your feature branch:
git checkout -b my-new-feature
- Commit your changes:
git commit -am 'Add some feature'
- Push to the branch:
git push origin my-new-feature
- Submit a pull request
Please read the CONTRIBUTING.md file for more details on how to contribute to this project.
This project uses SemVer for versioning. For the versions available, see the tags on this repository.
- Frederico Martins - fscm
See also the list of contributors who participated in this project.
This project is licensed under the MIT License - see the LICENSE file for details