fix for group id

Author: anmolnagpal

_example/example.tf

@@ -49,11 +49,4 @@ module "vpn" {
   route_subnet_ids    = module.subnets.public_subnet_id
   network_cidr        = ["0.0.0.0/0"]
 
-  type               = "federated-authentication"
-  saml_arn           = var.saml_arn
-  dns_names          = [""]
-  security_group_ids = var.security_group_ids
-  vpc_id             = var.vpc_id
-  group_ids          = var.group_ids 
-
 }

_example/variables.tf

@@ -1,24 +0,0 @@
-
-variable "security_group_ids" {
-  type    = list(any)
-  default = ["",""]
-
-}
-
-variable "saml_arn" {
-  type        = string
-  default     = ""
-  description = "saml_arn that is being used"
-}
-
-variable "vpc_id" {
-  type        = string
-  default     = ""
-  description = "vpc id that is being used"
-}
-
-variable "group_ids" {
-  type        = string
-  default     = ""
-  description = "group that is being used"
-}

main.tf

@@ -129,7 +129,9 @@ resource "aws_ec2_client_vpn_endpoint" "default" {
   description            = module.labels.id
   server_certificate_arn = join("", aws_acm_certificate.server.*.arn)
   client_cidr_block      = var.cidr_block
+  security_group_ids     = var.security_group_ids
   split_tunnel           = var.split_tunnel_enable
+  vpc_id                 = var.vpc_id
 
   authentication_options {
     type                            = var.type
@@ -151,7 +153,6 @@ resource "aws_ec2_client_vpn_endpoint" "default" {
     ]
   }
 
-
 }
 
 resource "aws_ec2_client_vpn_network_association" "default" {
@@ -180,6 +181,15 @@ resource "aws_ec2_client_vpn_authorization_rule" "vpn_auth" {
   authorize_all_groups   = true
 }
 
+
+resource "aws_ec2_client_vpn_authorization_rule" "vpn_group_auth" {
+  count                  = length(var.group_ids)
+  client_vpn_endpoint_id = join("", aws_ec2_client_vpn_endpoint.default.*.id)
+  target_network_cidr    = "0.0.0.0/0"
+  access_group_id        = element(var.group_ids, count.index)
+}
+
+
 resource "aws_ec2_client_vpn_route" "vpn_route" {
   count                  = length(var.route_cidr)
   client_vpn_endpoint_id = join("", aws_ec2_client_vpn_endpoint.default.*.id)

variables.tf

@@ -119,3 +119,21 @@ variable "self_saml_arn" {
   description = "The ARN of the IAM SAML identity provider for the self service portal. "
 }
 
+
+variable "security_group_ids" {
+  type    = list(any)
+  default = []
+  description = "The IDs of one or more security groups to apply to the target network. You must also specify the ID of the VPC that contains the security groups."
+}
+
+variable "vpc_id" {
+  type        = string
+  default     = ""
+  description = "The ID of the VPC to associate with the Client VPN endpoint. If no security group IDs are specified in the request, the default security group for the VPC is applied."
+}
+
+variable "group_ids" {
+  type        = list
+  default     = []
+  description = "The ID of the group to which the authorization rule grants access."
+}