Merge pull request #18 from clouddrove/test-vpn

updated aws-vpn module
clouddrove · Dec 6, 2022 · c9491c2 · c9491c2
2 parents cce96d3 + a396dac
commit c9491c2
Show file tree

Hide file tree

Showing 2 changed files with 88 additions and 0 deletions.
diff --git a/main.tf b/main.tf
@@ -41,6 +41,17 @@ resource "aws_vpn_connection" "default" {
   static_routes_only       = var.vpn_connection_static_routes_only
   local_ipv4_network_cidr  = var.local_ipv4_network_cidr
   remote_ipv4_network_cidr = var.remote_ipv4_network_cidr
+  tunnel1_dpd_timeout_action = var.tunnel1_dpd_timeout_action
+  tunnel1_preshared_key      = var.tunnel1_preshared_key
+  tunnel1_startup_action   = var.tunnel1_startup_action
+  tunnel1_phase1_encryption_algorithms = var.tunnel1_phase1_encryption_algorithms
+  tunnel1_phase2_encryption_algorithms  = var.tunnel1_phase2_encryption_algorithms
+  tunnel1_phase1_integrity_algorithms = var.tunnel1_phase1_integrity_algorithms
+  tunnel1_phase2_integrity_algorithms = var.tunnel1_phase2_integrity_algorithms
+  tunnel1_phase1_dh_group_numbers    = var.tunnel1_phase1_dh_group_numbers
+  tunnel1_phase2_dh_group_numbers    = var.tunnel1_phase2_dh_group_numbers
+  tunnel1_ike_versions               = var.tunnel1_ike_versions
+  tunnel1_inside_cidr                = var.tunnel1_inside_cidr
   tags                     = module.labels.tags
 }
 

diff --git a/variables.tf b/variables.tf
@@ -135,3 +135,80 @@ variable "enable_vpn_gateway_attachment" {
   default     = true
   description = "Set to false to prevent attachment of the vGW to the VPC."
 }
+
+variable "tunnel1_phase1_encryption_algorithms" {
+  type = list(string)
+  default = [ "" ]
+  description = "(Optional) List of one or more encryption algorithms that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16."
+}
+
+variable "tunnel1_phase1_encryption_algorithms" {
+  type = list(string)
+  default = [ "" ]
+  description = "(Optional) List of one or more encryption algorithms that are permitted for the second VPN tunnel for phase 1 IKE negotiations. Valid values are AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16."
+}
+
+variable "tunnel1_phase1_integrity_algorithms" {
+  type = list(string)
+  default = [ "" ]
+  description = "Optional) One or more integrity algorithms that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are SHA1 | SHA2-256 | SHA2-384 | SHA2-512."
+}
+
+variable "tunnel2_phase1_integrity_algorithms" {
+  type = list(string)
+  default = [ "" ]
+  description = "(Optional) One or more integrity algorithms that are permitted for the second VPN tunnel for phase 1 IKE negotiations. Valid values are SHA1 | SHA2-256 | SHA2-384 | SHA2-512."
+}
+
+variable "tunnel1_phase1_dh_group_numbers " {
+  type = list(number)
+  default = [ "" ]
+  description = "(Optional) List of one or more Diffie-Hellman group numbers that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are 2 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24."
+}
+
+variable "tunnel2_phase1_dh_group_numbers " {
+  type = list(number)
+  default = [ "" ]
+  description = "(Optional) List of one or more Diffie-Hellman group numbers that are permitted for the second VPN tunnel for phase 1 IKE negotiations. Valid values are 2 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24."
+}
+
+variable "tunnel1_phase2_dh_group_numbers " {
+  type = list(number)
+  default = [ "" ]
+  description = "(Optional) List of one or more Diffie-Hellman group numbers that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are 2 | 5 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24"
+}
+
+variable "tunnel2_phase2_dh_group_numbers " {
+  type = list(number)
+  default = [ "" ]
+  description = "(Optional) List of one or more Diffie-Hellman group numbers that are permitted for the second VPN tunnel for phase 2 IKE negotiations. Valid values are 2 | 5 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24."
+}
+
+variable "tunnel1_ike_versions" {
+  type = list(string)
+  description = "(Optional) The IKE versions that are permitted for the first VPN tunnel. Valid values are ikev1 | ikev2."
+}
+
+variable "tunnel1_dpd_timeout_action" {
+  type = string
+  default = ""
+  description = "(Optional, Default clear) The action to take after DPD timeout occurs for the first VPN tunnel. Specify restart to restart the IKE initiation. Specify clear to end the IKE session. Valid values are clear | none | restart."
+}
+
+variable "tunnel1_startup_action" {
+  type = string
+  default = ""
+  description = "(Optional, Default clear) The action to take after DPD timeout occurs for the first VPN tunnel. Specify restart to restart the IKE initiation. Specify clear to end the IKE session. Valid values are clear | none | restart."
+}
+
+variable "log_enabled" {
+  type = bool
+  default = true
+  description = "(Optional) Enable or disable VPN tunnel logging feature. The default is false.yy"
+}
+
+variable "log_output_format" {
+  type = string
+  default = ["json"]
+  description = "(Optional, Default clear) The action to take after DPD timeout occurs for the first VPN tunnel. Specify restart to restart the IKE initiation. Specify clear to end the IKE session. Valid values are clear | none | restart."
+}