pcanham/terraform-module-aws-openvpnas

Util

Applications used within this repo to help with CHANGELOG creation and also checking files within the repo

• git-chglog
• semtag
• pre-commit

### pre-commit Additional applications will need to be installed to your machine if you wish to use pre-commit they are;

• tflint
• tfsec
• terraform-docs
• ansible-lint

Notes

• OpenVPN does not support the use of AWS SSM, this is why we have moved away from the appliance and installing it to our own EC2 instance so we have more flexibility on our deployment options.

Terraform Inputs and Outputs

Requirements

Name	Version
terraform	>= 1.5
aws	5.55.0
local	2.5.1
null	3.2.2
random	3.6.2

Providers

Name	Version
aws	5.54.1
random	3.6.2

Modules

No modules.

Resources

Name	Type
aws_eip.openvpn_ip	resource
aws_iam_instance_profile.openvpn	resource
aws_iam_policy.ssm_s3_access	resource
aws_iam_role.openvpn	resource
aws_iam_role_policy.openvpn	resource
aws_iam_role_policy_attachment.ssm_role_policy01	resource
aws_iam_role_policy_attachment.ssm_role_policy02	resource
aws_iam_role_policy_attachment.ssm_s3_policy_attachment	resource
aws_instance.openvpn	resource
aws_route53_record.openvpn	resource
aws_s3_bucket.ansible_bucket	resource
aws_s3_bucket_acl.ansible_bucket	resource
aws_s3_bucket_ownership_controls.ansible_bucket	resource
aws_s3_bucket_server_side_encryption_configuration.ansible_bucket	resource
aws_s3_object.openvpn_playbook	resource
aws_security_group.openvpn_mgmt	resource
aws_security_group.openvpn_user	resource
aws_ssm_association.openvpnas	resource
aws_ssm_parameter.certificate_email	resource
aws_ssm_parameter.openvpnas_admin_password	resource
aws_ssm_parameter.openvpnas_admin_user	resource
aws_ssm_parameter.openvpnas_dns	resource
aws_ssm_parameter.openvpnas_ldap_add_req	resource
aws_ssm_parameter.openvpnas_ldap_base_dn	resource
aws_ssm_parameter.openvpnas_ldap_bind_dn	resource
aws_ssm_parameter.openvpnas_ldap_bind_pw	resource
aws_ssm_parameter.openvpnas_ldap_realm	resource
aws_ssm_parameter.openvpnas_ldap_server	resource
random_id.suffix	resource
aws_ami.openvpn	data source
aws_iam_policy_document.iam_role	data source
aws_iam_policy_document.openvpn_ec2_assume	data source
aws_iam_policy_document.ssm_s3_access	data source
aws_route53_zone.main	data source

Inputs

Name	Description	Type	Default	Required
admin_creation	Do you wish to create a local admin account	bool	false	no
admin_password	openvpnas local admin account password	string	n/a	yes
admin_user	openvpnas local admin account name	string	"admin"	no
adminaccess_cidr	n/a	list(any)	[ "0.0.0.0/0" ]	no
ami_id	The ID of the AMI to run otherwise will default to AWS AmazonLinux 2	string	""	no
aws_account_id	AWS Account ID number, needed for implementing IAM permissions	string	n/a	yes
certificate_email	email address to link the letsencrypt SSL certificate	string	n/a	yes
clientaccess_cidr	n/a	list(any)	[ "0.0.0.0/0" ]	no
configure_ldap	Do you wish to enable LDAP configuration	bool	false	no
configure_letsencrypt	Do you wish to enable Letsencrupt	bool	false	no
custom_suffix	enter a suffix which will be tagged to all created objects, if not set a random one will be assigned	string	null	no
instance_disk_encrypted	Encrypt the EBS volumes	bool	true	no
instance_disk_type	Data disk type defaults to "gp2" disk type	string	"gp2"	no
instance_type	default instance type of the openvpnas appliance.	string	"t3a.large"	no
ldap_add_req	openvpnas ssh username for logging into the appliance	string	"memberOf=CN=Dom VPN User,OU=Security Groups,DC=ad,DC=example,DC=org"	no
ldap_base_dn	openvpnas ssh username for logging into the appliance	string	"OU=Regions,DC=ad,DC=example,DC=org"	no
ldap_bind_dn	openvpnas ssh username for logging into the appliance	string	"CN=svc_openvpnas,OU=Service Accounts,DC=ad,DC=example,DC=org"	no
ldap_bind_pw	openvpnas ssh username for logging into the appliance	string	n/a	yes
ldap_realm	openvpnas ssh username for logging into the appliance	string	"EXAMPLE"	no
ldap_server	openvpnas ssh username for logging into the appliance	string	"127.0.0.1"	no
openvpnas_dns	FQDN of the openvpnas appliance	string	n/a	yes
public_subnet_id	Pubic subnet ID where you wish to deploy the openvpnas appliance	string	n/a	yes
route53_zone_name	Route 53 Zone name	string	n/a	yes
s3_bucket_name	S3 Bucket name where ansible scripts will be stored	string	n/a	yes
ssh_key	SSH Keyname for EC2 instance	string	""	no
ssm_playbook_location	Playbook directory location which is uploaded to S3	string	""	no
subdomain_ttl	Route 53 TTL time	number	"60"	no
tags	A map of tags to add to all resources.	map(string)	{}	no
vpc_id	AWS VPC ID	string	n/a	yes

Outputs

Name	Description
openvpnas_eip	n/a
openvpnas_mgmt_secgrpid	n/a
openvpnas_user_secgrpid	n/a