Skip to content

Creates a site-to-site VPN connection intended to terminate to a FortiGate firewall. Creates a template configuration file that can be used to easily configure the connection.

License

Notifications You must be signed in to change notification settings

rhythmictech/terraform-aws-fortigate-vpn

Folders and files

NameName
Last commit message
Last commit date

Latest commit

0b9b57a · Jan 10, 2025

History

8 Commits
Jan 3, 2023
Jan 3, 2023
Jan 3, 2023
Jan 3, 2023
Apr 2, 2020
Jan 3, 2023
Jan 3, 2023
Jan 3, 2023
Jan 10, 2025
Jun 1, 2020
Jan 10, 2025
Apr 2, 2020
Jan 10, 2025
Jan 3, 2023

Repository files navigation

terraform-aws-fortigate-vpn

tflint tfsec yamllint misspell pre-commit-check follow on Twitter

Creates a site-to-site VPN connection intended to terminate to a FortiGate firewall. Creates a template configuration file that can be used to easily configure the connection.

Requirements

Name Version
terraform >= 0.12
aws >= 2
local >= 1

Providers

Name Version
aws >= 2
local >= 1

Modules

Name Source Version
psk1 git::https://github.com/rhythmictech/terraform-aws-secretsmanager-random-secret v1.1.1
psk2 git::https://github.com/rhythmictech/terraform-aws-secretsmanager-random-secret v1.1.1

Resources

Name Type
aws_customer_gateway.this resource
aws_vpn_connection.this resource
local_file.this resource
aws_ec2_transit_gateway.this data source
aws_vpn_gateway.this data source

Inputs

Name Description Type Default Required
account_name Name for AWS account side of tunnel string n/a yes
customer_bgp_asn BGP for customer side of tunnel number n/a yes
customer_gateway_type Type for customer gateway string "ipsec.1" no
customer_ip_address IP address for customer side string n/a yes
customer_name Name for customer side of tunnel string n/a yes
generate_fortigate_config Generate a FortiGate config template (does not include PSKs) bool true no
tags Tags to add to supported resources map(string) {} no
transit_gateway_id Transit gateway to attach VPN to (required if vpn_gateway_id not set) string null no
tunnel1_inside_cidr Specify a Tunnel 1 inside CIDR (optional) string "" no
tunnel1_psk Specify a Tunnel 1 PSK explicitly (optional) string "" no
tunnel1_psk_version Version to use for PSK (increment to generate a new PSK) number 1 no
tunnel2_inside_cidr Specify a Tunnel 2 inside CIDR (optional) string "" no
tunnel2_psk Specify a Tunnel 2 PSK explicitly (optional) string "" no
tunnel2_psk_version Version to use for PSK (increment to generate a new PSK) number 1 no
use_secrets_manager Use Secrets Manager to store/manage PSKs bool true no
use_tgw Set to true if attaching the VPN to a Transit Gateway bool false no
vgw_id Virtual Private Gateway to attach VPN to (required if transit_gateway_id not set) string null no
wan_interface WAN interface to use in fortigate config template string "wan1" no

Outputs

Name Description
customer_gateway_bgp_asn Customer Gateway BGP ASN
customer_gateway_id Customer Gateway ID
customer_gateway_ip_address Customer Gateway IP Address
vpn_connection_tunnel1_address Tunnel 1 Public IP Address
vpn_connection_tunnel1_bgp_asn Tunnel 1 BGP ASN
vpn_connection_tunnel1_cgw_inside_address Tunnel 1 Customer Inside IP Address
vpn_connection_tunnel1_preshared_key Tunnel 1 Preshared Key
vpn_connection_tunnel1_vgw_inside_address Tunnel 1 AWS Inside IP Address
vpn_connection_tunnel2_address Tunnel 2 Public IP Address
vpn_connection_tunnel2_bgp_asn Tunnel 2 BGP ASN
vpn_connection_tunnel2_cgw_inside_address Tunnel 2 Customer Inside IP Address
vpn_connection_tunnel2_preshared_key Tunnel 2 Preshared Key
vpn_connection_tunnel2_vgw_inside_address Tunnel 2 AWS Inside IP Address
vpn_connection_vpn_gw_id VPN Gateway ID