Initial implementation (#1)

* Init repo

* Initial implementation

* Address CR

Author: aknysh

.gitignore

@@ -5,5 +5,10 @@
 *.tfstate
 *.tfstate.*
 
-# .tfvars files
-*.tfvars
+# IDE files
+.idea
+*.iml
+
+# Build harness files
+.build-harness
+build-harness

.travis.yml

@@ -0,0 +1,16 @@
+addons:
+  apt:
+    packages:
+      - git
+      - make
+      - curl
+
+install:
+  - make init
+
+script:
+  - make terraform/install
+  - make terraform/get-plugins
+  - make terraform/get-modules
+  - make terraform/lint
+  - make terraform/validate

LICENSE

@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright [yyyy] [name of copyright owner]
+   Copyright 2019 Cloud Posse, LLC
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

Makefile

@@ -0,0 +1,10 @@
+SHELL := /bin/bash
+
+# List of targets the `readme` target should call before generating the readme
+export README_DEPS ?= docs/targets.md docs/terraform.md
+
+-include $(shell curl -sSL -o .build-harness "https://git.io/build-harness"; echo .build-harness)
+
+## Lint terraform code
+lint:
+	$(SELF) terraform/install terraform/get-modules terraform/get-plugins terraform/lint terraform/validate

README.md

@@ -0,0 +1,122 @@
+---
+#
+# This is the canonical configuration for the `README.md`
+# Run `make readme` to rebuild the `README.md`
+#
+
+# Name of this project
+name: terraform-aws-vpn-connection
+
+# Tags of this project
+tags:
+  - aws
+  - terraform
+  - terraform-modules
+  - vpc
+  - subnet
+  - route
+  - route-table
+  - vpn
+  - vpn-connection
+  - site-to-site-vpn-connection
+  - virtual-private-gateway
+  - customer-gateway
+  - ip
+  - ip-address
+
+# Categories of this project
+categories:
+  - terraform-modules/networking
+
+# Logo for this project
+#logo: docs/logo.png
+
+# License of this project
+license: "APACHE2"
+
+# Canonical GitHub repo
+github_repo: cloudposse/terraform-aws-vpn-connection
+
+# Badges to display
+badges:
+  - name: "Build Status"
+    image: "https://travis-ci.org/cloudposse/terraform-aws-vpn-connection.svg?branch=master"
+    url: "https://travis-ci.org/cloudposse/terraform-aws-vpn-connection"
+  - name: "Latest Release"
+    image: "https://img.shields.io/github/release/cloudposse/terraform-aws-vpn-connection.svg"
+    url: "https://github.com/cloudposse/terraform-aws-vpn-connection/releases/latest"
+  - name: "Slack Community"
+    image: "https://slack.cloudposse.com/badge.svg"
+    url: "https://slack.cloudposse.com"
+
+related:
+  - name: "terraform-aws-vpc"
+    description: "Terraform module that defines a VPC with public/private subnets across multiple AZs with Internet Gateways"
+    url: "https://github.com/cloudposse/terraform-aws-vpc"
+
+  - name: "terraform-aws-vpc-peering"
+    description: "Terraform module to create a peering connection between two VPCs"
+    url: "https://github.com/cloudposse/terraform-aws-vpc-peering"
+
+  - name: "terraform-aws-kops-vpc-peering"
+    description: "Terraform module to create a peering connection between a backing services VPC and a VPC created by Kops"
+    url: "https://github.com/cloudposse/terraform-aws-kops-vpc-peering"
+
+  - name: "terraform-aws-dynamic-subnets"
+    description: "Terraform module for public and private subnets provisioning in existing VPC"
+    url: "https://github.com/cloudposse/terraform-aws-dynamic-subnets"
+
+  - name: "terraform-aws-multi-az-subnets"
+    description: "Terraform module for multi-AZ public and private subnets provisioning"
+    url: "https://github.com/cloudposse/terraform-aws-multi-az-subnets"
+
+  - name: "terraform-aws-named-subnets"
+    description: "Terraform module for named subnets provisioning"
+    url: "https://github.com/cloudposse/terraform-aws-named-subnets"
+
+
+# Short description of this project
+description: |-
+  Terraform module to provision a [site-to-site](https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html) [VPN connection](https://docs.aws.amazon.com/vpc/latest/userguide/vpn-connections.html)
+  between a VPC and an on-premises network.
+
+  The module does the following:
+
+  - Creates a Virtual Private Gateway (VPG) and attaches it to the VPC
+  - Creates a Customer Gateway (CGW) pointing to the provided IP address of the Internet-routable external interface on the on-premises network
+  - Creates a Site-to-Site Virtual Private Network (VPN) connection and assigns it to the VPG and CGW
+  - Requests automatic route propagation between the VPG and the provided route tables in the VPC
+  - If the VPN connection is configured to use static routes, provisions a static route between the VPN connection and the CGW
+
+# How to use this project
+usage: |-
+  ```hcl
+    module "vpn_connection" {
+      source                                    = "git::https://github.com/cloudposse/terraform-aws-vpn-connection.git?ref=master"
+      namespace                                 = "eg"
+      stage                                     = "dev"
+      name                                      = "test"
+      vpc_id                                    = "vpc-xxxxxxxx"
+      vpn_gateway_amazon_side_asn               = 64512
+      customer_gateway_bgp_asn                  = 65000
+      customer_gateway_ip_address               = "172.0.0.1"
+      route_table_ids                           = ["rtb-xxxxxxxx", "rtb-yyyyyyyy", "rtb-zzzzzzzz"]
+      vpn_connection_static_routes_only         = "true"
+      vpn_connection_static_routes_destinations = ["10.80.1.0/24"]
+    }
+  ```
+
+include:
+  - "docs/targets.md"
+  - "docs/terraform.md"
+
+# Contributors to this project
+contributors:
+  - name: "Erik Osterman"
+    github: "osterman"
+  - name: "Andriy Knysh"
+    github: "aknysh"
+  - name: "Igor Rodionov"
+    github: "goruha"
+  - name: "Josh Myers"
+    github: "joshmyers"

README.yaml

@@ -0,0 +1,10 @@
+## Makefile Targets
+```
+Available targets:
+
+  help                                Help screen
+  help/all                            Display help for all targets
+  help/short                          This help short screen
+  lint                                Lint terraform code
+
+```

docs/targets.md

@@ -0,0 +1,38 @@
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|:----:|:-----:|:-----:|
+| attributes | Additional attributes (e.g. `1`) | list | `<list>` | no |
+| customer_gateway_bgp_asn | The gateway's Border Gateway Protocol (BGP) Autonomous System Number (ASN) | string | `65000` | no |
+| customer_gateway_ip_address | The IP address of the gateway's Internet-routable external interface | string | - | yes |
+| delimiter | Delimiter to be used between `namespace`, `stage`, `name` and `attributes` | string | `-` | no |
+| enabled | Set to `false` to prevent the module from creating any resources | string | `true` | no |
+| name | Name  (e.g. `app`) | string | - | yes |
+| namespace | Namespace (e.g. `eg` or `cp`) | string | - | yes |
+| route_table_ids | The IDs of the route tables for which routes from the Virtual Private Gateway will be propagated | list | `<list>` | no |
+| stage | Stage (e.g. `prod`, `dev`, `staging`) | string | - | yes |
+| tags | Additional tags (e.g. `{ BusinessUnit = "XYZ" }` | map | `<map>` | no |
+| vpc_id | The ID of the VPC to which the Virtual Private Gateway will be attached | string | - | yes |
+| vpn_connection_static_routes_destinations | List of CIDR blocks to be used as destination for static routes. Routes to destinations will be propagated to the route tables defined in `route_table_ids` | list | `<list>` | no |
+| vpn_connection_static_routes_only | If set to `true`, the VPN connection will use static routes exclusively. Static routes must be used for devices that don't support BGP | string | `true` | no |
+| vpn_connection_tunnel1_inside_cidr | The CIDR block of the inside IP addresses for the first VPN tunnel | string | `` | no |
+| vpn_connection_tunnel1_preshared_key | The preshared key of the first VPN tunnel. The preshared key must be between 8 and 64 characters in length and cannot start with zero. Allowed characters are alphanumeric characters, periods(.) and underscores(_) | string | `` | no |
+| vpn_connection_tunnel2_inside_cidr | The CIDR block of the inside IP addresses for the second VPN tunnel | string | `` | no |
+| vpn_connection_tunnel2_preshared_key | The preshared key of the second VPN tunnel. The preshared key must be between 8 and 64 characters in length and cannot start with zero. Allowed characters are alphanumeric characters, periods(.) and underscores(_) | string | `` | no |
+| vpn_gateway_amazon_side_asn | The Autonomous System Number (ASN) for the Amazon side of the VPN gateway. If you don't specify an ASN, the Virtual Private Gateway is created with the default ASN | string | `64512` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| customer_gateway_id | Customer Gateway ID |
+| vpn_connection_customer_gateway_configuration | The configuration information for the VPN connection's Customer Gateway (in the native XML format) |
+| vpn_connection_id | VPN Connection ID |
+| vpn_connection_tunnel1_address | The public IP address of the first VPN tunnel |
+| vpn_connection_tunnel1_cgw_inside_address | The RFC 6890 link-local address of the first VPN tunnel (Customer Gateway side) |
+| vpn_connection_tunnel1_vgw_inside_address | The RFC 6890 link-local address of the first VPN tunnel (Virtual Private Gateway side) |
+| vpn_connection_tunnel2_address | The public IP address of the second VPN tunnel |
+| vpn_connection_tunnel2_cgw_inside_address | The RFC 6890 link-local address of the second VPN tunnel (Customer Gateway side) |
+| vpn_connection_tunnel2_vgw_inside_address | The RFC 6890 link-local address of the second VPN tunnel (Virtual Private Gateway side) |
+| vpn_gateway_id | Virtual Private Gateway ID |
+

docs/terraform.md

@@ -0,0 +1,25 @@
+provider "aws" {
+  region = "${var.region}"
+}
+
+module "vpn_connection" {
+  source                                    = "../../"
+  enabled                                   = "${var.enabled}"
+  namespace                                 = "${var.namespace}"
+  stage                                     = "${var.stage}"
+  name                                      = "${var.name}"
+  delimiter                                 = "${var.delimiter}"
+  attributes                                = "${var.attributes}"
+  tags                                      = "${var.tags}"
+  vpc_id                                    = "${var.vpc_id}"
+  vpn_gateway_amazon_side_asn               = "${var.vpn_gateway_amazon_side_asn}"
+  customer_gateway_bgp_asn                  = "${var.customer_gateway_bgp_asn}"
+  customer_gateway_ip_address               = "${var.customer_gateway_ip_address}"
+  route_table_ids                           = ["${var.route_table_ids}"]
+  vpn_connection_static_routes_only         = "${var.vpn_connection_static_routes_only}"
+  vpn_connection_static_routes_destinations = "${var.vpn_connection_static_routes_destinations}"
+  vpn_connection_tunnel1_inside_cidr        = "${var.vpn_connection_tunnel1_inside_cidr}"
+  vpn_connection_tunnel2_inside_cidr        = "${var.vpn_connection_tunnel2_inside_cidr}"
+  vpn_connection_tunnel1_preshared_key      = "${var.vpn_connection_tunnel1_preshared_key}"
+  vpn_connection_tunnel2_preshared_key      = "${var.vpn_connection_tunnel2_preshared_key}"
+}

examples/complete/main.tf

@@ -0,0 +1,49 @@
+output "vpn_gateway_id" {
+  description = "Virtual Private Gateway ID"
+  value       = "${module.vpn_connection.vpn_connection_id}"
+}
+
+output "customer_gateway_id" {
+  description = "Customer Gateway ID"
+  value       = "${module.vpn_connection.customer_gateway_id}"
+}
+
+output "vpn_connection_id" {
+  description = "VPN Connection ID"
+  value       = "${module.vpn_connection.vpn_connection_id}"
+}
+
+output "vpn_connection_customer_gateway_configuration" {
+  description = "The configuration information for the VPN connection's Customer Gateway (in the native XML format)"
+  value       = "${module.vpn_connection.vpn_connection_customer_gateway_configuration}"
+}
+
+output "vpn_connection_tunnel1_address" {
+  description = "The public IP address of the first VPN tunnel"
+  value       = "${module.vpn_connection.vpn_connection_tunnel1_address}"
+}
+
+output "vpn_connection_tunnel1_cgw_inside_address" {
+  description = "The RFC 6890 link-local address of the first VPN tunnel (Customer Gateway side)"
+  value       = "${module.vpn_connection.vpn_connection_tunnel1_cgw_inside_address}"
+}
+
+output "vpn_connection_tunnel1_vgw_inside_address" {
+  description = "The RFC 6890 link-local address of the first VPN tunnel (Virtual Private Gateway side)"
+  value       = "${module.vpn_connection.vpn_connection_tunnel1_vgw_inside_address}"
+}
+
+output "vpn_connection_tunnel2_address" {
+  description = "The public IP address of the second VPN tunnel"
+  value       = "${module.vpn_connection.vpn_connection_tunnel2_address}"
+}
+
+output "vpn_connection_tunnel2_cgw_inside_address" {
+  description = "The RFC 6890 link-local address of the second VPN tunnel (Customer Gateway side)"
+  value       = "${module.vpn_connection.vpn_connection_tunnel2_cgw_inside_address}"
+}
+
+output "vpn_connection_tunnel2_vgw_inside_address" {
+  description = "The RFC 6890 link-local address of the second VPN tunnel (Virtual Private Gateway side)"
+  value       = "${module.vpn_connection.vpn_connection_tunnel2_vgw_inside_address}"
+}