Skip to content

Commit 4d8da48

Browse files
author
Nikita Dugar
authored
Merge pull request #10 from clouddrove/issue_25
Issue 25
2 parents 759252d + aef26af commit 4d8da48

File tree

3 files changed

+35
-0
lines changed

3 files changed

+35
-0
lines changed

_example/variables.tf

Whitespace-only changes.

main.tf

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -129,7 +129,9 @@ resource "aws_ec2_client_vpn_endpoint" "default" {
129129
description = module.labels.id
130130
server_certificate_arn = join("", aws_acm_certificate.server.*.arn)
131131
client_cidr_block = var.cidr_block
132+
security_group_ids = var.security_group_ids
132133
split_tunnel = var.split_tunnel_enable
134+
vpc_id = var.vpc_id
133135

134136
authentication_options {
135137
type = var.type
@@ -145,6 +147,12 @@ resource "aws_ec2_client_vpn_endpoint" "default" {
145147
}
146148

147149
tags = module.labels.tags
150+
lifecycle {
151+
ignore_changes = [
152+
authentication_options
153+
]
154+
}
155+
148156
}
149157

150158
resource "aws_ec2_client_vpn_network_association" "default" {
@@ -173,6 +181,15 @@ resource "aws_ec2_client_vpn_authorization_rule" "vpn_auth" {
173181
authorize_all_groups = true
174182
}
175183

184+
185+
resource "aws_ec2_client_vpn_authorization_rule" "vpn_group_auth" {
186+
count = length(var.group_ids)
187+
client_vpn_endpoint_id = join("", aws_ec2_client_vpn_endpoint.default.*.id)
188+
target_network_cidr = "0.0.0.0/0"
189+
access_group_id = element(var.group_ids, count.index)
190+
}
191+
192+
176193
resource "aws_ec2_client_vpn_route" "vpn_route" {
177194
count = length(var.route_cidr)
178195
client_vpn_endpoint_id = join("", aws_ec2_client_vpn_endpoint.default.*.id)

variables.tf

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -119,3 +119,21 @@ variable "self_saml_arn" {
119119
description = "The ARN of the IAM SAML identity provider for the self service portal. "
120120
}
121121

122+
123+
variable "security_group_ids" {
124+
type = list(any)
125+
default = []
126+
description = "The IDs of one or more security groups to apply to the target network. You must also specify the ID of the VPC that contains the security groups."
127+
}
128+
129+
variable "vpc_id" {
130+
type = string
131+
default = ""
132+
description = "The ID of the VPC to associate with the Client VPN endpoint. If no security group IDs are specified in the request, the default security group for the VPC is applied."
133+
}
134+
135+
variable "group_ids" {
136+
type = list
137+
default = []
138+
description = "The ID of the group to which the authorization rule grants access."
139+
}

0 commit comments

Comments
 (0)