Merge pull request #17 from rackspace-infrastructure-automation/split…

…tunnel adding option for split tunneling to client vpn
rackspace-infrastructure-automation · Mar 25, 2020 · 16c157d · 16c157d
2 parents 4fb124a + c9615dc
commit 16c157d
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 1 deletion.
diff --git a/modules/client/README.md b/modules/client/README.md
@@ -14,6 +14,7 @@ module "vpn1" {
   private_subnets            = [subnet_1, subnet_2]
   root_certificate_chain_arn = "arn:aws:acm:REGION:AWS_ACCOUNT:certificate/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
   server_certificate_arn     = "arn:aws:acm:REGION:AWS_ACCOUNT:certificate/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+  split_tunnel               = false
   vpc_id                     = "vpc_id"
 
 }
@@ -45,6 +46,7 @@ There should be no changes required to move from previous versions of this modul
 | public\_subnets | List of public subnets | `list(string)` | `[]` | no |
 | root\_certificate\_chain\_arn | The ARN of the client certificate. The certificate must be signed by a certificate authority (CA) and it must be provisioned in AWS Certificate Manager (ACM). | `string` | n/a | yes |
 | server\_certificate\_arn | The server certificate ARN. | `string` | n/a | yes |
+| split\_tunnel | Enables/disables split tunnel on the Client VPN. | `bool` | `false` | no |
 | tags | Custom tags to apply to all resources. | `map(string)` | `{}` | no |
 | vpc\_id | VPC ID | `string` | n/a | yes |
 

diff --git a/modules/client/main.tf b/modules/client/main.tf
@@ -15,6 +15,7 @@
  *   private_subnets            = [subnet_1, subnet_2]
  *   root_certificate_chain_arn = "arn:aws:acm:REGION:AWS_ACCOUNT:certificate/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
  *   server_certificate_arn     = "arn:aws:acm:REGION:AWS_ACCOUNT:certificate/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ *   split_tunnel               = false
  *   vpc_id                     = "vpc_id"
  * 
  * }
@@ -61,6 +62,7 @@ resource "aws_ec2_client_vpn_endpoint" "client_vpn" {
   client_cidr_block      = var.client_vpn_cidr_block
   description            = "Client Vpn CIDR block must not overlap users network"
   server_certificate_arn = var.server_certificate_arn
+  split_tunnel           = var.split_tunnel
 
   authentication_options {
     root_certificate_chain_arn = var.root_certificate_chain_arn

diff --git a/modules/client/variables.tf b/modules/client/variables.tf
@@ -66,6 +66,12 @@ variable "server_certificate_arn" {
   type        = string
 }
 
+variable "split_tunnel" {
+  description = "Enables/disables split tunnel on the Client VPN."
+  type        = bool
+  default     = false
+}
+
 variable "tags" {
   description = "Custom tags to apply to all resources."
   type        = map(string)
@@ -76,4 +82,3 @@ variable "vpc_id" {
   description = "VPC ID"
   type        = string
 }
-