jmhale / Terraform Aws Wireguard
Licence: gpl-3.0
Terraform module to deploy WireGuard on AWS
Stars: ✭ 72
Projects that are alternatives of or similar to Terraform Aws Wireguard
Terraform Aws Vpc Peering
Terraform module to create a peering connection between two VPCs in the same AWS account.
Stars: ✭ 70 (-2.78%)
Mutual labels: aws, terraform, hcl, vpn
Terraform Aws Vpc Peering Multi Account
Terraform module to provision a VPC peering across multiple VPCs in different accounts by using multiple providers
Stars: ✭ 52 (-27.78%)
Mutual labels: aws, terraform, hcl, vpn
Terraform Aws Waf Owasp Top 10 Rules
A Terraform module to create AWF WAF Rules for OWASP Top 10 security risks protection.
Stars: ✭ 62 (-13.89%)
Mutual labels: aws, terraform, hcl
Terraform Aws Dynamodb
Terraform module that implements AWS DynamoDB with support for AutoScaling
Stars: ✭ 49 (-31.94%)
Mutual labels: aws, terraform, hcl
Curso Aws Com Terraform
🎦 🇧🇷 Arquivos do curso "DevOps: AWS com Terraform Automatizando sua infraestrutura" publicado na Udemy. Você pode me ajudar comprando o curso utilizando o link abaixo.
Stars: ✭ 62 (-13.89%)
Mutual labels: aws, terraform, hcl
Terraform Aws Airflow
Terraform module to deploy an Apache Airflow cluster on AWS, backed by RDS PostgreSQL for metadata, S3 for logs and SQS as message broker with CeleryExecutor
Stars: ✭ 69 (-4.17%)
Mutual labels: aws, terraform, hcl
Terraform Ecs Autoscale Alb
ECS cluster with instance and service autoscaling configured and running behind an ALB with path based routing set up
Stars: ✭ 60 (-16.67%)
Mutual labels: aws, terraform, hcl
Terraform Aws Ecs Fargate
Terraform module which creates ECS Fargate resources on AWS.
Stars: ✭ 35 (-51.39%)
Mutual labels: aws, terraform, hcl
Terraform Aws Rds Cloudwatch Sns Alarms
Terraform module that configures important RDS alerts using CloudWatch and sends them to an SNS topic
Stars: ✭ 56 (-22.22%)
Mutual labels: aws, terraform, hcl
Terraform Aws Alb
Terraform module to provision a standard ALB for HTTP/HTTP traffic
Stars: ✭ 53 (-26.39%)
Mutual labels: aws, terraform, hcl
Terraform Aws S3 Log Storage
This module creates an S3 bucket suitable for receiving logs from other AWS services such as S3, CloudFront, and CloudTrail
Stars: ✭ 65 (-9.72%)
Mutual labels: aws, terraform, hcl
Infra Personal
Terraform for setting up my personal infrastructure
Stars: ✭ 45 (-37.5%)
Mutual labels: aws, terraform, hcl
Terraform Aws Jenkins Ha Agents
A terraform module for a highly available Jenkins deployment.
Stars: ✭ 41 (-43.06%)
Mutual labels: aws, terraform, hcl
Ha Sap Terraform Deployments
Automated SAP/HA Deployments in Public/Private Clouds
Stars: ✭ 61 (-15.28%)
Mutual labels: aws, terraform, hcl
Karch
A Terraform module to create and maintain Kubernetes clusters on AWS easily, relying entirely on kops
Stars: ✭ 38 (-47.22%)
Mutual labels: aws, terraform, hcl
Terraform Aws Github Ci
[DEPRECATED] Serverless CI for GitHub using AWS CodeBuild with PR and status support
Stars: ✭ 49 (-31.94%)
Mutual labels: aws, terraform, hcl
Terraform Sqs Lambda Trigger Example
Example on how to create a AWS Lambda triggered by SQS in Terraform
Stars: ✭ 31 (-56.94%)
Mutual labels: aws, terraform, hcl
Terraform Aws Asg
Terraform AWS Auto Scaling Stack
Stars: ✭ 58 (-19.44%)
Mutual labels: aws, terraform, hcl
terraform-aws-wireguard
A Terraform module to deploy a WireGuard VPN server on AWS. Can also used to run one or more servers behind a loadbalancer, for redundancy.
Prerequisites
Before using this module, you'll need to generate a key pair for your server and client, and store the server's private key and client's public key in AWS SSM, which cloud-init will source and add to WireGuard's configuration.
- Install the WireGuard tools for your OS: https://www.wireguard.com/install/
- Generate a key pair for each client
wg genkey | tee client1-privatekey | wg pubkey > client1-publickey
- Generate a key pair for the server
wg genkey | tee server-privatekey | wg pubkey > server-publickey
- Add the server private key to the AWS SSM parameter:
/wireguard/wg-server-private-key
aws ssm put-parameter --name /wireguard/wg-server-private-key --type SecureString --value $ServerPrivateKeyValue
- Add each client's public key, along with the next available IP address as a key:value pair to the wg_client_public_keys map. See Usage for details.
Variables
Variable Name | Type | Required | Description |
---|---|---|---|
subnet_ids |
list |
Yes | A list of subnets for the Autoscaling Group to use for launching instances. May be a single subnet, but it must be an element in a list. |
ssh_key_id |
string |
Yes | A SSH public key ID to add to the VPN instance. |
vpc_id |
string |
Yes | The VPC ID in which Terraform will launch the resources. |
env |
string |
Optional - defaults to prod
|
The name of environment for WireGuard. Used to differentiate multiple deployments. |
use_eip |
bool |
Optional | Whether to attach an Elastic IP address to the VPN server. Useful for avoiding changing IPs. |
eip_id |
string |
Optional | When use_eip is enabled, specify the ID of the Elastic IP to which the VPN server will attach. |
target_group_arns |
string |
Optional | The Loadbalancer Target Group to which the vpn server ASG will attach. |
additional_security_group_ids |
list |
Optional | Used to allow added access to reach the WG servers or allow loadbalancer health checks. |
asg_min_size |
integer |
Optional - default to 1
|
Number of VPN servers to permit minimum, only makes sense in loadbalanced scenario. |
asg_desired_capacity |
integer |
Optional - default to 1
|
Number of VPN servers to maintain, only makes sense in loadbalanced scenario. |
asg_max_size |
integer |
Optional - default to 1
|
Number of VPN servers to permit maximum, only makes sense in loadbalanced scenario. |
instance_type |
string |
Optional - defaults to t2.micro
|
Instance Size of VPN server. |
wg_server_net |
cidr address and netmask |
Yes | The server ip allocation and net - wg_client_public_keys entries MUST be in this netmask range. |
wg_client_public_keys |
list |
Yes | List of maps of client IP/netmasks and public keys. See Usage for details. See Examples for formatting. |
wg_server_port |
integer |
Optional - defaults to 51820
|
Port to run wireguard service on, wireguard standard is 51820. |
wg_persistent_keepalive |
integer |
Optional - defaults to 25
|
Regularity of Keepalives, useful for NAT stability. |
wg_server_private_key_param |
string |
Optional - defaults to /wireguard/wg-server-private-key
|
The Parameter Store key to use for the VPN server Private Key. |
ami_id |
string |
Optional - defaults to the newest Ubuntu 16.04 AMI | AMI to use for the VPN server. |
wg_server_interface |
string |
Optional - defaults to eth0 | Server interface to route traffic to for installations forwarding traffic to private networks. |
Examples
Please see the following examples to understand usage with the relevant options.
Simple Elastic IP/public subnet usage
See examples/simple_eip/main.tf file.
Complex Elastic Load Balancer/private subnet usage
See examples/complex_elb/main.tf file.
Outputs
Output Name | Description |
---|---|
vpn_asg_name |
The name of the wireguard Auto Scaling Group |
vpn_sg_admin_id |
ID of the internal Security Group to associate with other resources needing to be accessed on VPN. |
vpn_sg_external_id |
ID of the external Security Group to associate with the VPN. |
Caveats
- I would strongly recommend forking this repo or cloning it locally and change the
source
definition to be something that you control. You really don't want your infra to be at the mercy of my changes.
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].