diff --git a/CHANGELOG.md b/CHANGELOG.md
index 60630aa..ee39c02 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -105,4 +105,9 @@
- vpn-transit-gateway
- setup vpn configurations for the transit gateway
+* 1.6.1 -- 20220304
+ - vpn and vpn-transit-gateway
+ - add vpn-config directory creation
+ - add vpn-config download
+
## Version 2.x
diff --git a/common/version.tf b/common/version.tf
index 2cc7061..78e6e8d 100644
--- a/common/version.tf
+++ b/common/version.tf
@@ -1,3 +1,3 @@
locals {
- _module_version = "1.6.0"
+ _module_version = "1.6.1"
}
diff --git a/vpn/README.md b/vpn/README.md
index 778f4ac..f371af5 100644
--- a/vpn/README.md
+++ b/vpn/README.md
@@ -39,14 +39,20 @@ module "vpn" {
## Requirements
-No requirements.
+| Name | Version |
+|------|---------|
+| [aws](#requirement\_aws) | >= 3.66.0 |
+| [null](#requirement\_null) | >= 3.0 |
+| [random](#requirement\_random) | >= 3.0 |
+| [template](#requirement\_template) | >= 2.0 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | n/a |
-| [random](#provider\_random) | n/a |
+| [aws](#provider\_aws) | >= 3.66.0 |
+| [null](#provider\_null) | >= 3.0 |
+| [random](#provider\_random) | >= 3.0 |
## Modules
@@ -61,6 +67,8 @@ No modules.
| [aws_vpn_gateway.vpn](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpn_gateway) | resource |
| [aws_vpn_gateway_attachment.vpn](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpn_gateway_attachment) | resource |
| [aws_vpn_gateway_route_propagation.vpn](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpn_gateway_route_propagation) | resource |
+| [null_resource.directory_setup](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
+| [null_resource.generate_configs](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
| [random_string.tunnel_preshared_key](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
| [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
diff --git a/vpn/outputs.tf b/vpn/outputs.tf
index 3fb3a1b..9475520 100644
--- a/vpn/outputs.tf
+++ b/vpn/outputs.tf
@@ -1,22 +1,44 @@
+# output "vpn_tunnel_endpoints" {
+# description = "VPN Tunnel Endpoint IP Addresses"
+# value = { for k, v in local.vpn_settings : k => {
+# site = v.site
+# environment = v.environment
+# sequence = v.sequence
+# label = v.label
+# full_label = format("aws:%v:%v:%v:%v", local.region, local.account_id, aws_vpn_connection.vpn[k].id, v.label)
+# customer_address = aws_customer_gateway.vpn[k].ip_address
+# bgp_asn = aws_customer_gateway.vpn[k].bgp_asn
+# vpn_connection_id = aws_vpn_connection.vpn[k].id
+#
+# tunnel1_bgp_asn = aws_vpn_connection.vpn[k].tunnel1_bgp_asn
+# tunnel1_address = aws_vpn_connection.vpn[k].tunnel1_address
+# tunnel1_inside_cidr = aws_vpn_connection.vpn[k].tunnel1_inside_cidr
+# tunnel1_cgw_inside_address = aws_vpn_connection.vpn[k].tunnel1_cgw_inside_address
+# tunnel1_vgw_inside_address = aws_vpn_connection.vpn[k].tunnel1_vgw_inside_address
+#
+# tunnel2_bgp_asn = aws_vpn_connection.vpn[k].tunnel2_bgp_asn
+# tunnel2_address = aws_vpn_connection.vpn[k].tunnel2_address
+# tunnel2_inside_cidr = aws_vpn_connection.vpn[k].tunnel2_inside_cidr
+# tunnel2_cgw_inside_address = aws_vpn_connection.vpn[k].tunnel2_cgw_inside_address
+# tunnel2_vgw_inside_address = aws_vpn_connection.vpn[k].tunnel2_vgw_inside_address
+# }
+# }
+# }
+
output "vpn_tunnel_endpoints" {
description = "VPN Tunnel Endpoint IP Addresses"
- value = { for k in keys(local._vpn_settings) : k => {
- site = k
- customer_address = aws_customer_gateway.vpn[k].ip_address
- bgp_asn = aws_customer_gateway.vpn[k].bgp_asn
- tunnel1_bgp_asn = aws_vpn_connection.vpn[k].tunnel1_bgp_asn
- tunnel2_bgp_asn = aws_vpn_connection.vpn[k].tunnel2_bgp_asn
- tunnel1_address = aws_vpn_connection.vpn[k].tunnel1_address
- tunnel2_address = aws_vpn_connection.vpn[k].tunnel2_address
- }
- }
+ value = local.vpn_tunnel_outputs
}
output "vpn_labels" {
description = "VPN Labels for Description field of Endpoint device (Cisco ASR)"
- value = { for k in keys(local._vpn_settings) : k => {
- site = k
- label = format("aws:%v:%v:%v:%v", local.region, local.account_id, aws_vpn_connection.vpn[k].id, var.vpc_full_name)
+ # value = { for k, v in local.vpn_settings : k => {
+ value = { for k, v in local.vpn_tunnel_outputs : k => {
+ site = v.site
+ environment = v.environment
+ sequence = v.sequence
+ # label = format("aws:%v:%v:%v:%v", local.region, local.account_id, aws_vpn_connection.vpn[k].id, v.label)
+ label = v.label
}
}
}
diff --git a/vpn/vpn-config.tf b/vpn/vpn-config.tf
new file mode 100644
index 0000000..df1059d
--- /dev/null
+++ b/vpn/vpn-config.tf
@@ -0,0 +1,49 @@
+locals {
+ vpn_tunnel_outputs = { for k, v in local.vpn_settings : k => {
+ site = v.site
+ environment = v.environment
+ sequence = v.sequence
+ label = v.label
+ full_label = format("aws:%v:%v:%v:%v", local.region, local.account_id, aws_vpn_connection.vpn[k].id, v.label)
+ customer_address = aws_customer_gateway.vpn[k].ip_address
+ bgp_asn = aws_customer_gateway.vpn[k].bgp_asn
+ vpn_connection_id = aws_vpn_connection.vpn[k].id
+
+ tunnel1_bgp_asn = aws_vpn_connection.vpn[k].tunnel1_bgp_asn
+ tunnel1_address = aws_vpn_connection.vpn[k].tunnel1_address
+ tunnel1_inside_cidr = aws_vpn_connection.vpn[k].tunnel1_inside_cidr
+ tunnel1_cgw_inside_address = aws_vpn_connection.vpn[k].tunnel1_cgw_inside_address
+ tunnel1_vgw_inside_address = aws_vpn_connection.vpn[k].tunnel1_vgw_inside_address
+
+ tunnel2_bgp_asn = aws_vpn_connection.vpn[k].tunnel2_bgp_asn
+ tunnel2_address = aws_vpn_connection.vpn[k].tunnel2_address
+ tunnel2_inside_cidr = aws_vpn_connection.vpn[k].tunnel2_inside_cidr
+ tunnel2_cgw_inside_address = aws_vpn_connection.vpn[k].tunnel2_cgw_inside_address
+ tunnel2_vgw_inside_address = aws_vpn_connection.vpn[k].tunnel2_vgw_inside_address
+ }
+ }
+}
+
+resource "null_resource" "directory_setup" {
+ provisioner "local-exec" {
+ working_dir = path.root
+ command = "test -d vpn-configs || ( mkdir vpn-configs; echo vpn-configs >> .gitignore )"
+ }
+}
+
+# https://aws.amazon.com/premiumsupport/knowledge-center/vpn-download-example-configuration-files/
+# id 48548f98 is cisco asr 1000
+resource "null_resource" "generate_configs" {
+ for_each = var.create ? local.vpn_tunnel_outputs : {}
+ triggers = {
+ directory_setup = null_resource.directory_setup.id
+ }
+ provisioner "local-exec" {
+ working_dir = "${path.root}/vpn-configs"
+ command = "aws ec2 get-vpn-connection-device-sample-configuration --vpn-connection-id ${each.value.vpn_connection_id} --vpn-connection-device-type-id 48548f98 --internet-key-exchange-version ikev1 --output text > ${each.value.label}.${each.value.vpn_connection_id}.txt"
+ environment = {
+ AWS_PROFILE = var.profile
+ AWS_REGION = local.region
+ }
+ }
+}