The source code below provisions the AWS client VPN. After Client VPN Endpoints created, I login to AWS console, clicked on "Client VPN Endpoints", at right hand, it shows the values of "Endpoint ID", "State" and "Client CIDR". But, the value of "Name" is empty, i.e. the name of Client VPN Endpoints is empty. How to add the Client VPN Endpoints name in Terraform code? Below is the related code.
main.tf:
module vpn {
source = "modules/client_vpn"
name = var.name
vpn_client_cidr = var.vpn_client_cidr
cert_dir = var.cert_dir
config_dir = var.config_dir
cert_domain = var.cert_domain
subnet_ids = data.terraform_remote_state.vpc.outputs.private_subnets
security_groups = [aws_security_group.vpn.id]
logging_enabled = var.logging_enabled
cloudwatch_log_retention_days = var.cloudwatch_log_retention_days
}
variables.tf:
variable "name" {
description = "Name of Client VPN Endpoints"
type = string
default = "ClientVPN"
}
modules/client_vpn:
resource aws_acm_certificate client {
private_key = file("${path.root}/${var.cert_dir}/${var.cert_domain}.key")
certificate_body = file("${path.root}/${var.cert_dir}/${var.cert_domain}.crt")
certificate_chain = file("${path.root}/${var.cert_dir}/ca.crt")
}
resource aws_acm_certificate server {
private_key = file("${path.root}/${var.cert_dir}/server.key")
certificate_body = file("${path.root}/${var.cert_dir}/server.crt")
certificate_chain = file("${path.root}/${var.cert_dir}/ca.crt")
}
resource aws_cloudwatch_log_group default {
name = format("/aws/vpn/%s/logs", var.name)
retention_in_days = var.cloudwatch_log_retention_days
}
resource aws_cloudwatch_log_stream default {
name = var.name
log_group_name = aws_cloudwatch_log_group.default.name
}
resource aws_ec2_client_vpn_endpoint default {
server_certificate_arn = aws_acm_certificate.server.arn
client_cidr_block = var.vpn_client_cidr
authentication_options {
type = "certificate-authentication"
root_certificate_chain_arn = aws_acm_certificate.client.arn
}
connection_log_options {
enabled = var.logging_enabled
cloudwatch_log_group = aws_cloudwatch_log_group.default.name
cloudwatch_log_stream = aws_cloudwatch_log_stream.default.name
}
}
resource aws_ec2_client_vpn_network_association default {
for_each = toset(var.subnet_ids)
client_vpn_endpoint_id = aws_ec2_client_vpn_endpoint.default.id
subnet_id = each.key
security_groups = var.security_groups
}
resource aws_ec2_client_vpn_authorization_rule ingress-all {
client_vpn_endpoint_id = aws_ec2_client_vpn_endpoint.default.id
target_network_cidr = var.allowed_ingress_network_cidr
authorize_all_groups = true
description = "Allow all VPN groups access to ${var.allowed_ingress_network_cidr}"
}
resource aws_ec2_client_vpn_route internet-access {
for_each = var.enable_internet_access ? toset(var.subnet_ids) : []
client_vpn_endpoint_id = aws_ec2_client_vpn_endpoint.default.id
destination_cidr_block = "0.0.0.0/0"
target_vpc_subnet_id = aws_ec2_client_vpn_network_association.default[each.key].subnet_id
}
It is correct. Use tags to add Client VPN Endpoints name.