Creates a site-to-site VPN connection intended to terminate to a FortiGate firewall. Creates a template configuration file that can be used to easily configure the connection.
| Name | Version |
|---|---|
| terraform | >= 0.12 |
| aws | >= 2 |
| local | >= 1 |
| Name | Version |
|---|---|
| aws | >= 2 |
| local | >= 1 |
| Name | Source | Version |
|---|---|---|
| psk1 | git::https://github.com/rhythmictech/terraform-aws-secretsmanager-random-secret | v1.1.1 |
| psk2 | git::https://github.com/rhythmictech/terraform-aws-secretsmanager-random-secret | v1.1.1 |
| Name | Type |
|---|---|
| aws_customer_gateway.this | resource |
| aws_vpn_connection.this | resource |
| local_file.this | resource |
| aws_ec2_transit_gateway.this | data source |
| aws_vpn_gateway.this | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| account_name | Name for AWS account side of tunnel | string |
n/a | yes |
| customer_bgp_asn | BGP for customer side of tunnel | number |
n/a | yes |
| customer_gateway_type | Type for customer gateway | string |
"ipsec.1" |
no |
| customer_ip_address | IP address for customer side | string |
n/a | yes |
| customer_name | Name for customer side of tunnel | string |
n/a | yes |
| generate_fortigate_config | Generate a FortiGate config template (does not include PSKs) | bool |
true |
no |
| tags | Tags to add to supported resources | map(string) |
{} |
no |
| transit_gateway_id | Transit gateway to attach VPN to (required if vpn_gateway_id not set) |
string |
null |
no |
| tunnel1_inside_cidr | Specify a Tunnel 1 inside CIDR (optional) | string |
"" |
no |
| tunnel1_psk | Specify a Tunnel 1 PSK explicitly (optional) | string |
"" |
no |
| tunnel1_psk_version | Version to use for PSK (increment to generate a new PSK) | number |
1 |
no |
| tunnel2_inside_cidr | Specify a Tunnel 2 inside CIDR (optional) | string |
"" |
no |
| tunnel2_psk | Specify a Tunnel 2 PSK explicitly (optional) | string |
"" |
no |
| tunnel2_psk_version | Version to use for PSK (increment to generate a new PSK) | number |
1 |
no |
| use_secrets_manager | Use Secrets Manager to store/manage PSKs | bool |
true |
no |
| vgw_id | Virtual Private Gateway to attach VPN to (required if transit_gateway_id not set) |
string |
null |
no |
| wan_interface | WAN interface to use in fortigate config template | string |
"wan1" |
no |
| Name | Description |
|---|---|
| customer_gateway_bgp_asn | Customer Gateway BGP ASN |
| customer_gateway_id | Customer Gateway ID |
| customer_gateway_ip_address | Customer Gateway IP Address |
| vpn_connection_tunnel1_address | Tunnel 1 Public IP Address |
| vpn_connection_tunnel1_bgp_asn | Tunnel 1 BGP ASN |
| vpn_connection_tunnel1_cgw_inside_address | Tunnel 1 Customer Inside IP Address |
| vpn_connection_tunnel1_preshared_key | Tunnel 1 Preshared Key |
| vpn_connection_tunnel1_vgw_inside_address | Tunnel 1 AWS Inside IP Address |
| vpn_connection_tunnel2_address | Tunnel 2 Public IP Address |
| vpn_connection_tunnel2_bgp_asn | Tunnel 2 BGP ASN |
| vpn_connection_tunnel2_cgw_inside_address | Tunnel 2 Customer Inside IP Address |
| vpn_connection_tunnel2_preshared_key | Tunnel 2 Preshared Key |
| vpn_connection_tunnel2_vgw_inside_address | Tunnel 2 AWS Inside IP Address |
| vpn_connection_vpn_gw_id | VPN Gateway ID |