如何添加 AWS 客户端 VPN 终端节点的名称?

How to add the Name of AWS Client VPN Endpoints?

下面的源代码提供了 AWS 客户端 VPN。创建客户端 VPN 端点后,我登录到 AWS 控制台,单击“客户端 VPN 端点”,在右侧,它显示“端点 ID”、“状态”和“客户端 CIDR”的值。但是,“名称”的值为空,即客户端 VPN 端点的名称为空。如何在 Terraform 代码中添加客户端 VPN 端点名称?下面是相关代码。

main.tf:

module vpn {
  source                        = "modules/client_vpn"
  name                          = var.name
  vpn_client_cidr               = var.vpn_client_cidr
  cert_dir                      = var.cert_dir
  config_dir                    = var.config_dir
  cert_domain                   = var.cert_domain
  subnet_ids                    = data.terraform_remote_state.vpc.outputs.private_subnets
  security_groups               = [aws_security_group.vpn.id]
  logging_enabled               = var.logging_enabled
  cloudwatch_log_retention_days = var.cloudwatch_log_retention_days
}

variables.tf:

variable "name" {
  description = "Name of Client VPN Endpoints"
  type        = string
  default     = "ClientVPN"
}

modules/client_vpn:

resource aws_acm_certificate client {
  private_key       = file("${path.root}/${var.cert_dir}/${var.cert_domain}.key")
  certificate_body  = file("${path.root}/${var.cert_dir}/${var.cert_domain}.crt")
  certificate_chain = file("${path.root}/${var.cert_dir}/ca.crt")
}
resource aws_acm_certificate server {
  private_key       = file("${path.root}/${var.cert_dir}/server.key")
  certificate_body  = file("${path.root}/${var.cert_dir}/server.crt")
  certificate_chain = file("${path.root}/${var.cert_dir}/ca.crt")
}
resource aws_cloudwatch_log_group default {
  name              = format("/aws/vpn/%s/logs", var.name)
  retention_in_days = var.cloudwatch_log_retention_days
}
resource aws_cloudwatch_log_stream default {
  name           = var.name
  log_group_name = aws_cloudwatch_log_group.default.name
}
resource aws_ec2_client_vpn_endpoint default {
  server_certificate_arn = aws_acm_certificate.server.arn
  client_cidr_block      = var.vpn_client_cidr
  authentication_options {
    type                       = "certificate-authentication"
    root_certificate_chain_arn = aws_acm_certificate.client.arn
  }
  connection_log_options {
    enabled               = var.logging_enabled
    cloudwatch_log_group  = aws_cloudwatch_log_group.default.name
    cloudwatch_log_stream = aws_cloudwatch_log_stream.default.name
  }

}
resource aws_ec2_client_vpn_network_association default {
  for_each               = toset(var.subnet_ids)
  client_vpn_endpoint_id = aws_ec2_client_vpn_endpoint.default.id
  subnet_id              = each.key
  security_groups        = var.security_groups
}
resource aws_ec2_client_vpn_authorization_rule ingress-all {
  client_vpn_endpoint_id = aws_ec2_client_vpn_endpoint.default.id
  target_network_cidr    = var.allowed_ingress_network_cidr
  authorize_all_groups   = true
  description            = "Allow all VPN groups access to ${var.allowed_ingress_network_cidr}"
}
resource aws_ec2_client_vpn_route internet-access {
  for_each               = var.enable_internet_access ? toset(var.subnet_ids) : []
  client_vpn_endpoint_id = aws_ec2_client_vpn_endpoint.default.id
  destination_cidr_block = "0.0.0.0/0"
  target_vpc_subnet_id   = aws_ec2_client_vpn_network_association.default[each.key].subnet_id
}

正确。使用标签添加客户端 VPN 端点名称。

variable "tags" {
  description = "A mapping of tags to assign to the resource."
  type        = map(string)
  default     = {
     Name = "ClientVPN"
  }
}