-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathvariables.tf
105 lines (90 loc) · 3.11 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
variable "users_management_type" {
default = "iam"
description = <<-EOT
This module support two user managment source, IAM and Cognito
IAM is more usable for the infrastructure teams, where all members already have IAM user
Cognito is more usable for the teams who would like to manage VPN outside of IAM, and it more user friendly
EOT
type = string
}
variable "cognito_user_pool_id" {
default = null
type = string
description = "If you already have existing Cognito user pool, please provide it id, otherwise new pool will be created"
}
variable "cognito_user_group" {
default = "vpn"
type = string
description = "Only members on this group will have vpn access, default members will not be able to receive config/use vpn"
}
variable "instance_type" {
default = "t3.small"
description = "Instance type which will be used by Wireguard VPN server, please note - it should have enhanced network support"
type = string
}
variable "wg_group_name" {
default = "wireguard"
type = string
description = "AWS IAM group name, members of that group will be members of wireguard server"
}
variable "listen-port" {
default = "51820"
type = string
}
variable "aws_ec2_key" {
default = null
type = string
description = "EC2 key, if provided, ec2 Security group allow external access by 22 tcp port"
}
variable "project-name" {
default = "vpn-service"
type = string
}
variable "prefix" {
default = "wireguard"
type = string
}
variable "vpc_cidr" {
default = "10.11.0.0/16"
description = "The CIDR of VPC, specify if you wish create VPC with specific CIDR"
type = string
}
variable "vpc_id" {
default = null
description = "VPC ID, must be provided if you want to deploy Wireguard server in existing VPC"
type = string
}
variable "wireguard_subnet" {
default = "10.11.0.0/24"
description = "Subnet ID where wireguard server and management lambdas will be deployed"
type = string
}
variable "vpn_subnet" {
default = "10.111.111.0/24"
description = "VPN subnet, VPN clients will get internal IPs from this subnet"
type = string
}
variable "wg_routed_subnets" {
default = "0.0.0.0/0"
description = "Comma separated list of subnets to which client can send traffic trough VPN"
type = string
}
variable "wg_admin_email" {
default = null
type = string
description = <<-EOT
If specified, this email will receive wireguard configurations for all clients.
Configurations will be send by AWS SES. Please make sure that SES out of sandbox or admin email verified.
EOT
}
variable "cognito_call_back_app_url" {
default = null
type = string
description = <<-EOT
You can set your own domain name for call back url in cognito app client settings.
It's not required to touch this if you don't use your own domain name or your own application.
For example, you can setup human suitable domain name for get config url, like "vpn.example.com" instead of using
api gateway execution url "https://aws-generated-unic-name.execute-api.aws-region.amazonaws.com". To do so, you need
to specify this domain name here and then add Custom Domain name in API Gateway settings.
EOT
}