Giter Site home page Giter Site logo

markuskobler / terraform-aws-wireguard Goto Github PK

View Code? Open in Web Editor NEW

This project forked from atrull/terraform-aws-wireguard

0.0 1.0 0.0 76 KB

Terraform module to deploy WireGuard on AWS

License: GNU General Public License v3.0

HCL 81.57% Smarty 18.43%

terraform-aws-wireguard's Introduction

terraform-aws-wireguard

A Terraform module to deploy a WireGuard VPN server on AWS.

Prerequisites

Before using this module, you'll need to generate a key pair for your server and client, and store the server's private key and client's public key in AWS SSM, which cloud-init will source and add to WireGuard's configuration.

  • Install the WireGuard tools for your OS: https://www.wireguard.com/install/
  • Generate a key pair for each client
    • wg genkey | tee client1-privatekey | wg pubkey > client1-publickey
  • Generate a key pair for the server
    • wg genkey | tee server-privatekey | wg pubkey > server-publickey
  • Add the server private key to the AWS SSM parameter: /wireguard/wg-server-private-key
    • aws ssm put-parameter --name /wireguard/wg-server-private-key --type SecureString --value $ServerPrivateKeyValue
  • Add each client's public key, along with the next available IP address as a key:value pair to the wg_client_public_keys map. See Usage for details.

Variables

Variable Name Type Required Description
public_subnet_ids list Yes A list of subnets for the Autoscaling Group to use for launching instances. May be a single subnet, but it must be an element in a list.
ssh_key_id string Yes A SSH public key ID to add to the VPN instance.
vpc_id string Yes The VPC ID in which Terraform will launch the resources.
ami_id string No. Defaults to Ubuntu 16.04 AMI in us-east-1 The AMI ID to use.
env string No. Defaults "prod" The name of environment for WireGuard. Used to differentiate multiple deployments.
wg_client_public_keys list Yes. List of maps of client IPs and public keys. See Usage for details.

Usage

module "wireguard" {
  source            = "[email protected]:jmhale/terraform-wireguard.git"
  ssh_key_id        = "ssh-key-id-0987654"
  vpc_id            = "vpc-01234567"
  public_subnet_ids = ["subnet-01234567"]
  wg_client_public_keys = [
    {"192.168.2.2/32" = "QFX/DXxUv56mleCJbfYyhN/KnLCrgp7Fq2fyVOk/FWU="},
    {"192.168.2.3/32" = "+IEmKgaapYosHeehKW8MCcU65Tf5e4aXIvXGdcUlI0Q="},
    {"192.168.2.4/32" = "WO0tKrpUWlqbl/xWv6riJIXipiMfAEKi51qvHFUU30E="},
  ]
}

Outputs

Output Name Description
vpn_ip The public IPv4 address of the AWS Elastic IP assigned to the instance.
vpn_sg_id ID of the internal Security Group to associate with other resources needing to be accessed on VPN

Caveats

  • I would strongly recommend forking this repo or cloning it locally and change the source definition to be something that you control. You really don't want your infra to be at the mercy of my changes.

To-do

  • Support multiple clients.

terraform-aws-wireguard's People

Contributors

jmhale avatar

Watchers

James Cloos avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.