1 resource "aws_eip" "vpn" {
6 resource "aws_security_group" "vpn" {
7 vpc_id = "${var.vpc_id}"
8 name = "${var.name}-vpn"
9 description = "Allow VPN traffic."
12 resource "aws_security_group_rule" "vpn-out-all" {
13 security_group_id = "${aws_security_group.vpn.id}"
18 cidr_blocks = ["0.0.0.0/0"]
21 resource "aws_security_group_rule" "vpn-in-user" {
22 security_group_id = "${aws_security_group.vpn.id}"
27 cidr_blocks = ["0.0.0.0/0"]
30 resource "aws_security_group_rule" "vpn-in-bridge" {
31 security_group_id = "${aws_security_group.vpn.id}"
36 cidr_blocks = ["0.0.0.0/0"]
39 resource "aws_security_group_rule" "vpn-in-bastion" {
40 security_group_id = "${aws_security_group.vpn.id}"
45 cidr_blocks = ["0.0.0.0/0"]
48 resource "aws_elb" "default" {
49 count = "${var.vpcaccess_elb}"
50 name = "${var.name}-int-elb"
51 subnets = ["${var.subnet_ids}"]
57 instance_protocol = "tcp"
61 unhealthy_threshold = 2
68 module = "${var.name}"
69 phase = "${var.environment}"
74 source = "../modules/tf_aws_asg_stack"
75 vpc_id = "${var.vpc_id}"
76 acct_name = "${var.acct_name}"
77 notification_arns = ["${var.notification_arns}"]
78 module = "${var.name}"
79 phase = "${var.environment}"
80 instance_type = "${var.instance_type}"
81 key_name = "${var.key_name}"
83 subnet_ids = ["${var.subnet_ids}"]
84 iam_policy_arns = ["${var.role_policy_arns}"]
85 security_group_ids = ["${concat(var.security_group_ids, list(aws_security_group.vpn.id))}"]
89 "ec2:AssociateAddress",
90 "ec2:ModifyInstanceAttribute",
91 "ec2:ModifyNetworkInterfaceAttribute"
93 elbs = ["${var.vpcaccess_elb ? aws_elb.default.id : ""}"]