Module: vpn-connection
Terraform module to provision a site-to-site VPN connection between a VPC and an on-premises network.
The module can do the following:
- Create a Virtual Private Gateway (VPG) and attach it to the VPC
- Create a Customer Gateway (CGW) pointing to the provided Internet-routable IP address of the external interface on the on-premises network
- Create a Site-to-Site Virtual Private Network (VPN) connection
- Request automatic route propagation between the VPG and the provided route tables in the VPC
- If the VPN connection is configured to use static routes, provision a static route between the VPN connection and the CGW
Exactly what it does depends on the input parameters. The module is designed to be flexible and can be used in a variety of scenarios.
- If you supply
customer_gateway_ip_addressand settransit_gateway_enabledtotrue, the module will create a CGW, then create a VPN connection, and then assign the connection to the Transit Gateway identified byexisting_transit_gateway_idand the created CGW - If you supply
customer_gateway_ip_addressand settransit_gateway_enabledtofalse, the module will create a VPG and CGW, then create a VPN connection, and then assign it to the VPG and CGW - If you do not supply
customer_gateway_ip_address(set it tonull) then the module will only create a VPG
The module also provides some options for adding routes to the VPC or TGW route tables. You need to use the options that correspond to the kind of attachment point (VPC or TGW) you are using.
Usage
module "vpn_connection" {
source = "cloudposse/vpn-connection/aws"
# Cloud Posse recommends pinning every module to a specific version
# version = "x.x.x"
namespace = "eg"
stage = "dev"
name = "test"
vpc_id = "vpc-xxxxxxxx"
vpn_gateway_amazon_side_asn = 64512
customer_gateway_bgp_asn = 65000
customer_gateway_ip_address = "172.0.0.1"
route_table_ids = ["rtb-xxxxxxxx", "rtb-yyyyyyyy", "rtb-zzzzzzzz"]
vpn_connection_static_routes_only = "true"
vpn_connection_static_routes_destinations = ["10.80.1.0/24"]
}