Skip to content

Commit

Permalink
add vpn-config creation
Browse files Browse the repository at this point in the history
  • Loading branch information
@badra001
badra001 committed Mar 4, 2022
1 parent 2f1bf2f commit 7cbc189
Show file tree
Hide file tree
Showing 4 changed files with 241 additions and 24 deletions.
3 changes: 3 additions & 0 deletions vpn-transit-gateway/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,7 @@ module "vpn_transit-gateway" {
| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.66.0 |
| <a name="provider_null"></a> [null](#provider\_null) | >= 3.0 |
| <a name="provider_random"></a> [random](#provider\_random) | >= 3.0 |

## Modules
Expand All @@ -71,6 +72,8 @@ No modules.
| [aws_ec2_transit_gateway_route_table_association.route_table](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_transit_gateway_route_table_association) | resource |
| [aws_ec2_transit_gateway_route_table_propagation.propagate](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_transit_gateway_route_table_propagation) | resource |
| [aws_vpn_connection.vpn](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpn_connection) | resource |
| [null_resource.directory_setup](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
| [null_resource.generate_configs](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
| [random_string.tunnel_preshared_key](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
| [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
Expand Down
56 changes: 32 additions & 24 deletions vpn-transit-gateway/outputs.tf
View file
Original file line number Diff line number Diff line change
@@ -1,36 +1,44 @@
# output "vpn_tunnel_endpoints" {
# description = "VPN Tunnel Endpoint IP Addresses"
# value = { for k, v in local.vpn_settings : k => {
# site = v.site
# environment = v.environment
# sequence = v.sequence
# label = v.label
# full_label = format("aws:%v:%v:%v:%v", local.region, local.account_id, aws_vpn_connection.vpn[k].id, v.label)
# customer_address = aws_customer_gateway.vpn[k].ip_address
# bgp_asn = aws_customer_gateway.vpn[k].bgp_asn
# vpn_connection_id = aws_vpn_connection.vpn[k].id
#
# tunnel1_bgp_asn = aws_vpn_connection.vpn[k].tunnel1_bgp_asn
# tunnel1_address = aws_vpn_connection.vpn[k].tunnel1_address
# tunnel1_inside_cidr = aws_vpn_connection.vpn[k].tunnel1_inside_cidr
# tunnel1_cgw_inside_address = aws_vpn_connection.vpn[k].tunnel1_cgw_inside_address
# tunnel1_vgw_inside_address = aws_vpn_connection.vpn[k].tunnel1_vgw_inside_address
#
# tunnel2_bgp_asn = aws_vpn_connection.vpn[k].tunnel2_bgp_asn
# tunnel2_address = aws_vpn_connection.vpn[k].tunnel2_address
# tunnel2_inside_cidr = aws_vpn_connection.vpn[k].tunnel2_inside_cidr
# tunnel2_cgw_inside_address = aws_vpn_connection.vpn[k].tunnel2_cgw_inside_address
# tunnel2_vgw_inside_address = aws_vpn_connection.vpn[k].tunnel2_vgw_inside_address
# }
# }
# }

output "vpn_tunnel_endpoints" {
description = "VPN Tunnel Endpoint IP Addresses"
value = { for k, v in local.vpn_settings : k => {
site = v.site
environment = v.environment
sequence = v.sequence
label = v.label
full_label = format("aws:%v:%v:%v:%v", local.region, local.account_id, aws_vpn_connection.vpn[k].id, v.label)
customer_address = aws_customer_gateway.vpn[k].ip_address
bgp_asn = aws_customer_gateway.vpn[k].bgp_asn

tunnel1_bgp_asn = aws_vpn_connection.vpn[k].tunnel1_bgp_asn
tunnel1_address = aws_vpn_connection.vpn[k].tunnel1_address
tunnel1_inside_cidr = aws_vpn_connection.vpn[k].tunnel1_inside_cidr
tunnel1_cgw_inside_address = aws_vpn_connection.vpn[k].tunnel1_cgw_inside_address
tunnel1_vgw_inside_address = aws_vpn_connection.vpn[k].tunnel1_vgw_inside_address

tunnel2_bgp_asn = aws_vpn_connection.vpn[k].tunnel2_bgp_asn
tunnel2_address = aws_vpn_connection.vpn[k].tunnel2_address
tunnel2_inside_cidr = aws_vpn_connection.vpn[k].tunnel2_inside_cidr
tunnel2_cgw_inside_address = aws_vpn_connection.vpn[k].tunnel2_cgw_inside_address
tunnel2_vgw_inside_address = aws_vpn_connection.vpn[k].tunnel2_vgw_inside_address
}
}
value = local.vpn_tunnel_outputs
}

output "vpn_labels" {
description = "VPN Labels for Description field of Endpoint device (Cisco ASR)"
value = { for k, v in local.vpn_settings : k => {
# value = { for k, v in local.vpn_settings : k => {
value = { for k, v in local.vpn_tunnel_outputs : k => {
site = v.site
environment = v.environment
sequence = v.sequence
label = format("aws:%v:%v:%v:%v", local.region, local.account_id, aws_vpn_connection.vpn[k].id, v.label)
# label = format("aws:%v:%v:%v:%v", local.region, local.account_id, aws_vpn_connection.vpn[k].id, v.label)
label = v.label
}
}
}
157 changes: 157 additions & 0 deletions vpn-transit-gateway/templates/vpn-config.yml.tmpl
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,157 @@
vrf: ${vrf}
cloud_provider: aws
aws:
region_full: ${region_full}
region_short: ${region_short}
vpc_full_name: ${vpc_full_name}
vpc_suffix: ${vpc_name}
vpc_number: ${vpc_number}
vpc_cidr_block: ${vpc_cidr_block}
vpn_connection_id: ${vpn_connection_id}
vpn_connection_description: ${vpn_connection_description}
tunnels:
- tunnel1:
description: ${vpc_connection_description}
%{ for k,v in tunnel1 }
${k}: ${v}
%{ endfor ~}
- tunnel2:
description: ${vpc_connection_description}
%{ for k,v in tunnel2 }
${k}: ${v}
%{ endfor ~}

## tunnel1_bgp_asn = aws_vpn_connection.vpn[k].tunnel1_bgp_asn
## tunnel1_address = aws_vpn_connection.vpn[k].tunnel1_address
## tunnel1_inside_cidr = aws_vpn_connection.vpn[k].tunnel1_inside_cidr
## tunnel1_cgw_inside_address = aws_vpn_connection.vpn[k].tunnel1_cgw_inside_address
## tunnel1_vgw_inside_address = aws_vpn_connection.vpn[k].tunnel1_vgw_inside_address
##

asr:
site: ${site}
# device_name: hqnt-r1-cld-vpn-rtr1
device_name: bccm2-dmz-r68-cld-vpn-rtr1
loopback_number: 132
tunnel_interface_numbers:
- 1527
- 1528
prefixlist_sequence:
- 250
- 260

##
## vpc_name = "common"
## vpc_cidr_block = "10.128.0.0/23"
## vpc_index = "1"
## vpc_short_name = "vpc1"
## vpc_full_name = "vpc1-common"
## vpc_environment = "common"
## vpc_domain_name = "common.ma4-gov.sandbox.census.gov"
## vpc_dns_servers = ["148.129.127.22", "148.129.191.22"]
## vpc_ntp_servers = ["148.129.127.23", "148.129.191.23"]
## vpc_enable_igw = false
## vpc_enable_nat = false
## vpc_enable_vpn = false
## vpc_enable_awsdns = true
##
## vpn_settings = []
## tgw_environment = "services"
##
## {
# site = site
## vrf = var.tgw_environment
## region_full = local.region
## region_short = transpose var.region_map, get region_full
## vpc_full_name = var.vpc_full_name
## vpc_name = var.vpc_name
## vpc_number = var.vpc_index
## vpc_cidr_block = var.vpc_cidr_block
## vpn_connection_id = aws_vpn_connection.vpn[k].id
## vpn_connection_description = format(...)
## vpn_connection = aws_vpn_connection.vpn[k]

## fields = [ "inside_cidr", "address", "cgw_inside_addres", "vgw_inside_address", "bgp_asn", "preshared_key" ]
# preshared_key:
# inside_cidr:
# # dest ip
# address:
# # bgp peer
# vgw_inside_address:
# # ip
# cgw_inside_address:
# bgp_asn:
#
##
##
## transpose, var.region_map
##
## "hq-services-4" = {
## "bgp_asn" = "65510"
## "customer_address" = "148.129.163.25"
## "environment" = "services"
## "full_label" = "aws:us-gov-east-1:817869416306:vpn-0937e27de0e6c0441:hq-services-4"
## "label" = "hq-services-4"
## "sequence" = 4
## "site" = "hq"
## "tunnel1_address" = "18.252.255.171"
## "tunnel1_bgp_asn" = "64513"
## "tunnel1_cgw_inside_address" = "169.254.8.26"
## "tunnel1_inside_cidr" = "169.254.8.24/30"
## "tunnel1_vgw_inside_address" = "169.254.8.25"
## "tunnel2_address" = "18.253.223.173"
## "tunnel2_bgp_asn" = "64513"
## "tunnel2_cgw_inside_address" = "169.254.8.30"
## "tunnel2_inside_cidr" = "169.254.8.28/30"
## "tunnel2_vgw_inside_address" = "169.254.8.29"
## }
##
##
## output "vpn_tunnel_endpoints" {
## description = "VPN Tunnel Endpoint IP Addresses"
## value = { for k, v in local.vpn_settings : k => {
## site = v.site
## environment = v.environment
## sequence = v.sequence
## label = v.label
## full_label = format("aws:%v:%v:%v:%v", local.region, local.account_id, aws_vpn_connection.vpn[k].id, v.label)
## customer_address = aws_customer_gateway.vpn[k].ip_address
## bgp_asn = aws_customer_gateway.vpn[k].bgp_asn
##
## tunnel1_bgp_asn = aws_vpn_connection.vpn[k].tunnel1_bgp_asn
## tunnel1_address = aws_vpn_connection.vpn[k].tunnel1_address
## tunnel1_inside_cidr = aws_vpn_connection.vpn[k].tunnel1_inside_cidr
## tunnel1_cgw_inside_address = aws_vpn_connection.vpn[k].tunnel1_cgw_inside_address
## tunnel1_vgw_inside_address = aws_vpn_connection.vpn[k].tunnel1_vgw_inside_address
##
## tunnel2_bgp_asn = aws_vpn_connection.vpn[k].tunnel2_bgp_asn
## tunnel2_address = aws_vpn_connection.vpn[k].tunnel2_address
## tunnel2_inside_cidr = aws_vpn_connection.vpn[k].tunnel2_inside_cidr
## tunnel2_cgw_inside_address = aws_vpn_connection.vpn[k].tunnel2_cgw_inside_address
## tunnel2_vgw_inside_address = aws_vpn_connection.vpn[k].tunnel2_vgw_inside_address
## }
## }
## }
##
## output "vpn_labels" {
## description = "VPN Labels for Description field of Endpoint device (Cisco ASR)"
## value = { for k, v in local.vpn_settings : k => {
## site = v.site
## environment = v.environment
## sequence = v.sequence
## label = format("aws:%v:%v:%v:%v", local.region, local.account_id, aws_vpn_connection.vpn[k].id, v.label)
## }
## }
## }

# description:
# preshared_key:
# inside_cidr:
# # dest ip
# address:
# # bgp peer
# vgw_inside_address:
# # ip
# cgw_inside_address:
# bgp_asn:
#
49 changes: 49 additions & 0 deletions vpn-transit-gateway/vpn-config.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
locals {
vpn_tunnel_outputs = { for k, v in local.vpn_settings : k => {
site = v.site
environment = v.environment
sequence = v.sequence
label = v.label
full_label = format("aws:%v:%v:%v:%v", local.region, local.account_id, aws_vpn_connection.vpn[k].id, v.label)
customer_address = aws_customer_gateway.vpn[k].ip_address
bgp_asn = aws_customer_gateway.vpn[k].bgp_asn
vpn_connection_id = aws_vpn_connection.vpn[k].id

tunnel1_bgp_asn = aws_vpn_connection.vpn[k].tunnel1_bgp_asn
tunnel1_address = aws_vpn_connection.vpn[k].tunnel1_address
tunnel1_inside_cidr = aws_vpn_connection.vpn[k].tunnel1_inside_cidr
tunnel1_cgw_inside_address = aws_vpn_connection.vpn[k].tunnel1_cgw_inside_address
tunnel1_vgw_inside_address = aws_vpn_connection.vpn[k].tunnel1_vgw_inside_address

tunnel2_bgp_asn = aws_vpn_connection.vpn[k].tunnel2_bgp_asn
tunnel2_address = aws_vpn_connection.vpn[k].tunnel2_address
tunnel2_inside_cidr = aws_vpn_connection.vpn[k].tunnel2_inside_cidr
tunnel2_cgw_inside_address = aws_vpn_connection.vpn[k].tunnel2_cgw_inside_address
tunnel2_vgw_inside_address = aws_vpn_connection.vpn[k].tunnel2_vgw_inside_address
}
}
}

resource "null_resource" "directory_setup" {
provisioner "local-exec" {
working_dir = path.root
command = "test -d vpn-configs || ( mkdir vpn-configs; echo vpn-configs >> .gitignore )"
}
}

# https://aws.amazon.com/premiumsupport/knowledge-center/vpn-download-example-configuration-files/
# id 48548f98 is cisco asr 1000
resource "null_resource" "generate_configs" {
for_each = var.create ? local.vpn_tunnel_outputs : {}
triggers = {
directory_setup = null_resource.directory_setup.id
}
provisioner "local-exec" {
working_dir = "${path.root}/vpn-configs"
command = "aws ec2 get-vpn-connection-device-sample-configuration --vpn-connection-id ${each.value.vpn_connection_id} --vpn-connection-device-type-id 48548f98 --internet-key-exchange-version ikev1 --output text > ${each.value.label}.${each.value.vpn_connection_id}.txt"
environment = {
AWS_PROFILE = var.profile
AWS_REGION = local.region
}
}
}

0 comments on commit 7cbc189

Please sign in to comment.