add vpn-config download for vpn, vpn-transit-gateway

CHANGELOG.md

@@ -105,4 +105,9 @@
   - vpn-transit-gateway
     - setup vpn configurations for the transit gateway
 
+* 1.6.1 -- 20220304
+  - vpn and vpn-transit-gateway
+    - add vpn-config directory creation
+    - add vpn-config download
+
 ## Version 2.x

common/version.tf

@@ -1,3 +1,3 @@
 locals {
-  _module_version = "1.6.0"
+  _module_version = "1.6.1"
 }

vpn/README.md

@@ -39,14 +39,20 @@ module "vpn" {
 
 ## Requirements
 
-No requirements.
+| Name | Version |
+|------|---------|
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.66.0 |
+| <a name="requirement_null"></a> [null](#requirement\_null) | >= 3.0 |
+| <a name="requirement_random"></a> [random](#requirement\_random) | >= 3.0 |
+| <a name="requirement_template"></a> [template](#requirement\_template) | >= 2.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
-| <a name="provider_random"></a> [random](#provider\_random) | n/a |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.66.0 |
+| <a name="provider_null"></a> [null](#provider\_null) | >= 3.0 |
+| <a name="provider_random"></a> [random](#provider\_random) | >= 3.0 |
 
 ## Modules
 
@@ -61,6 +67,8 @@ No modules.
 | [aws_vpn_gateway.vpn](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpn_gateway) | resource |
 | [aws_vpn_gateway_attachment.vpn](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpn_gateway_attachment) | resource |
 | [aws_vpn_gateway_route_propagation.vpn](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpn_gateway_route_propagation) | resource |
+| [null_resource.directory_setup](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
+| [null_resource.generate_configs](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
 | [random_string.tunnel_preshared_key](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
 | [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |

vpn/outputs.tf

@@ -1,22 +1,44 @@
+# output "vpn_tunnel_endpoints" {
+#   description = "VPN Tunnel Endpoint IP Addresses"
+#   value = { for k, v in local.vpn_settings : k => {
+#     site             = v.site
+#     environment      = v.environment
+#     sequence         = v.sequence
+#     label            = v.label
+#     full_label       = format("aws:%v:%v:%v:%v", local.region, local.account_id, aws_vpn_connection.vpn[k].id, v.label)
+#     customer_address = aws_customer_gateway.vpn[k].ip_address
+#     bgp_asn          = aws_customer_gateway.vpn[k].bgp_asn
+#     vpn_connection_id = aws_vpn_connection.vpn[k].id
+# 
+#     tunnel1_bgp_asn            = aws_vpn_connection.vpn[k].tunnel1_bgp_asn
+#     tunnel1_address            = aws_vpn_connection.vpn[k].tunnel1_address
+#     tunnel1_inside_cidr        = aws_vpn_connection.vpn[k].tunnel1_inside_cidr
+#     tunnel1_cgw_inside_address = aws_vpn_connection.vpn[k].tunnel1_cgw_inside_address
+#     tunnel1_vgw_inside_address = aws_vpn_connection.vpn[k].tunnel1_vgw_inside_address
+# 
+#     tunnel2_bgp_asn            = aws_vpn_connection.vpn[k].tunnel2_bgp_asn
+#     tunnel2_address            = aws_vpn_connection.vpn[k].tunnel2_address
+#     tunnel2_inside_cidr        = aws_vpn_connection.vpn[k].tunnel2_inside_cidr
+#     tunnel2_cgw_inside_address = aws_vpn_connection.vpn[k].tunnel2_cgw_inside_address
+#     tunnel2_vgw_inside_address = aws_vpn_connection.vpn[k].tunnel2_vgw_inside_address
+#     }
+#   }
+# }
+
 output "vpn_tunnel_endpoints" {
   description = "VPN Tunnel Endpoint IP Addresses"
-  value = { for k in keys(local._vpn_settings) : k => {
-    site             = k
-    customer_address = aws_customer_gateway.vpn[k].ip_address
-    bgp_asn          = aws_customer_gateway.vpn[k].bgp_asn
-    tunnel1_bgp_asn  = aws_vpn_connection.vpn[k].tunnel1_bgp_asn
-    tunnel2_bgp_asn  = aws_vpn_connection.vpn[k].tunnel2_bgp_asn
-    tunnel1_address  = aws_vpn_connection.vpn[k].tunnel1_address
-    tunnel2_address  = aws_vpn_connection.vpn[k].tunnel2_address
-    }
-  }
+  value       = local.vpn_tunnel_outputs
 }
 
 output "vpn_labels" {
   description = "VPN Labels for Description field of Endpoint device (Cisco ASR)"
-  value = { for k in keys(local._vpn_settings) : k => {
-    site  = k
-    label = format("aws:%v:%v:%v:%v", local.region, local.account_id, aws_vpn_connection.vpn[k].id, var.vpc_full_name)
+  #  value = { for k, v in local.vpn_settings : k => {
+  value = { for k, v in local.vpn_tunnel_outputs : k => {
+    site        = v.site
+    environment = v.environment
+    sequence    = v.sequence
+    #    label       = format("aws:%v:%v:%v:%v", local.region, local.account_id, aws_vpn_connection.vpn[k].id, v.label)
+    label = v.label
     }
   }
 }

vpn/vpn-config.tf

@@ -0,0 +1,49 @@
+locals {
+  vpn_tunnel_outputs = { for k, v in local.vpn_settings : k => {
+    site              = v.site
+    environment       = v.environment
+    sequence          = v.sequence
+    label             = v.label
+    full_label        = format("aws:%v:%v:%v:%v", local.region, local.account_id, aws_vpn_connection.vpn[k].id, v.label)
+    customer_address  = aws_customer_gateway.vpn[k].ip_address
+    bgp_asn           = aws_customer_gateway.vpn[k].bgp_asn
+    vpn_connection_id = aws_vpn_connection.vpn[k].id
+
+    tunnel1_bgp_asn            = aws_vpn_connection.vpn[k].tunnel1_bgp_asn
+    tunnel1_address            = aws_vpn_connection.vpn[k].tunnel1_address
+    tunnel1_inside_cidr        = aws_vpn_connection.vpn[k].tunnel1_inside_cidr
+    tunnel1_cgw_inside_address = aws_vpn_connection.vpn[k].tunnel1_cgw_inside_address
+    tunnel1_vgw_inside_address = aws_vpn_connection.vpn[k].tunnel1_vgw_inside_address
+
+    tunnel2_bgp_asn            = aws_vpn_connection.vpn[k].tunnel2_bgp_asn
+    tunnel2_address            = aws_vpn_connection.vpn[k].tunnel2_address
+    tunnel2_inside_cidr        = aws_vpn_connection.vpn[k].tunnel2_inside_cidr
+    tunnel2_cgw_inside_address = aws_vpn_connection.vpn[k].tunnel2_cgw_inside_address
+    tunnel2_vgw_inside_address = aws_vpn_connection.vpn[k].tunnel2_vgw_inside_address
+    }
+  }
+}
+
+resource "null_resource" "directory_setup" {
+  provisioner "local-exec" {
+    working_dir = path.root
+    command     = "test -d vpn-configs || ( mkdir vpn-configs; echo vpn-configs >> .gitignore )"
+  }
+}
+
+# https://aws.amazon.com/premiumsupport/knowledge-center/vpn-download-example-configuration-files/
+# id 48548f98 is cisco asr 1000 
+resource "null_resource" "generate_configs" {
+  for_each = var.create ? local.vpn_tunnel_outputs : {}
+  triggers = {
+    directory_setup = null_resource.directory_setup.id
+  }
+  provisioner "local-exec" {
+    working_dir = "${path.root}/vpn-configs"
+    command     = "aws ec2 get-vpn-connection-device-sample-configuration --vpn-connection-id ${each.value.vpn_connection_id} --vpn-connection-device-type-id 48548f98 --internet-key-exchange-version ikev1 --output text > ${each.value.label}.${each.value.vpn_connection_id}.txt"
+    environment = {
+      AWS_PROFILE = var.profile
+      AWS_REGION  = local.region
+    }
+  }
+}