1

下面的源代码预置 AWS 客户端 VPN。创建客户端 VPN 端点后,我登录 AWS 控制台,单击“客户端 VPN 端点”,在右侧,它显示“端点 ID”、“状态”和“客户端 CIDR”的值。但是,“Name”的值为空,即 Client VPN Endpoints 的名称为空。如何在 Terraform 代码中添加客户端 VPN 端点名称?下面是相关代码。

主文件:

module vpn {
  source                        = "modules/client_vpn"
  name                          = var.name
  vpn_client_cidr               = var.vpn_client_cidr
  cert_dir                      = var.cert_dir
  config_dir                    = var.config_dir
  cert_domain                   = var.cert_domain
  subnet_ids                    = data.terraform_remote_state.vpc.outputs.private_subnets
  security_groups               = [aws_security_group.vpn.id]
  logging_enabled               = var.logging_enabled
  cloudwatch_log_retention_days = var.cloudwatch_log_retention_days
}

变量.tf:

variable "name" {
  description = "Name of Client VPN Endpoints"
  type        = string
  default     = "ClientVPN"
}

模块/client_vpn:

resource aws_acm_certificate client {
  private_key       = file("${path.root}/${var.cert_dir}/${var.cert_domain}.key")
  certificate_body  = file("${path.root}/${var.cert_dir}/${var.cert_domain}.crt")
  certificate_chain = file("${path.root}/${var.cert_dir}/ca.crt")
}
resource aws_acm_certificate server {
  private_key       = file("${path.root}/${var.cert_dir}/server.key")
  certificate_body  = file("${path.root}/${var.cert_dir}/server.crt")
  certificate_chain = file("${path.root}/${var.cert_dir}/ca.crt")
}
resource aws_cloudwatch_log_group default {
  name              = format("/aws/vpn/%s/logs", var.name)
  retention_in_days = var.cloudwatch_log_retention_days
}
resource aws_cloudwatch_log_stream default {
  name           = var.name
  log_group_name = aws_cloudwatch_log_group.default.name
}
resource aws_ec2_client_vpn_endpoint default {
  server_certificate_arn = aws_acm_certificate.server.arn
  client_cidr_block      = var.vpn_client_cidr
  authentication_options {
    type                       = "certificate-authentication"
    root_certificate_chain_arn = aws_acm_certificate.client.arn
  }
  connection_log_options {
    enabled               = var.logging_enabled
    cloudwatch_log_group  = aws_cloudwatch_log_group.default.name
    cloudwatch_log_stream = aws_cloudwatch_log_stream.default.name
  }

}
resource aws_ec2_client_vpn_network_association default {
  for_each               = toset(var.subnet_ids)
  client_vpn_endpoint_id = aws_ec2_client_vpn_endpoint.default.id
  subnet_id              = each.key
  security_groups        = var.security_groups
}
resource aws_ec2_client_vpn_authorization_rule ingress-all {
  client_vpn_endpoint_id = aws_ec2_client_vpn_endpoint.default.id
  target_network_cidr    = var.allowed_ingress_network_cidr
  authorize_all_groups   = true
  description            = "Allow all VPN groups access to ${var.allowed_ingress_network_cidr}"
}
resource aws_ec2_client_vpn_route internet-access {
  for_each               = var.enable_internet_access ? toset(var.subnet_ids) : []
  client_vpn_endpoint_id = aws_ec2_client_vpn_endpoint.default.id
  destination_cidr_block = "0.0.0.0/0"
  target_vpc_subnet_id   = aws_ec2_client_vpn_network_association.default[each.key].subnet_id
}
4

1 回答 1

1

它是正确的。使用标签添加客户端 VPN 端点名称。

variable "tags" {
  description = "A mapping of tags to assign to the resource."
  type        = map(string)
  default     = {
     Name = "ClientVPN"
  }
}
于 2020-12-18T02:15:56.723 回答