如何添加 AWS 客户端 VPN 终端节点的名称?
How to add the Name of AWS Client VPN Endpoints?
下面的源代码提供了 AWS 客户端 VPN。创建客户端 VPN 端点后,我登录到 AWS 控制台,单击“客户端 VPN 端点”,在右侧,它显示“端点 ID”、“状态”和“客户端 CIDR”的值。但是,“名称”的值为空,即客户端 VPN 端点的名称为空。如何在 Terraform 代码中添加客户端 VPN 端点名称?下面是相关代码。
main.tf:
module vpn {
source = "modules/client_vpn"
name = var.name
vpn_client_cidr = var.vpn_client_cidr
cert_dir = var.cert_dir
config_dir = var.config_dir
cert_domain = var.cert_domain
subnet_ids = data.terraform_remote_state.vpc.outputs.private_subnets
security_groups = [aws_security_group.vpn.id]
logging_enabled = var.logging_enabled
cloudwatch_log_retention_days = var.cloudwatch_log_retention_days
}
variables.tf:
variable "name" {
description = "Name of Client VPN Endpoints"
type = string
default = "ClientVPN"
}
modules/client_vpn:
resource aws_acm_certificate client {
private_key = file("${path.root}/${var.cert_dir}/${var.cert_domain}.key")
certificate_body = file("${path.root}/${var.cert_dir}/${var.cert_domain}.crt")
certificate_chain = file("${path.root}/${var.cert_dir}/ca.crt")
}
resource aws_acm_certificate server {
private_key = file("${path.root}/${var.cert_dir}/server.key")
certificate_body = file("${path.root}/${var.cert_dir}/server.crt")
certificate_chain = file("${path.root}/${var.cert_dir}/ca.crt")
}
resource aws_cloudwatch_log_group default {
name = format("/aws/vpn/%s/logs", var.name)
retention_in_days = var.cloudwatch_log_retention_days
}
resource aws_cloudwatch_log_stream default {
name = var.name
log_group_name = aws_cloudwatch_log_group.default.name
}
resource aws_ec2_client_vpn_endpoint default {
server_certificate_arn = aws_acm_certificate.server.arn
client_cidr_block = var.vpn_client_cidr
authentication_options {
type = "certificate-authentication"
root_certificate_chain_arn = aws_acm_certificate.client.arn
}
connection_log_options {
enabled = var.logging_enabled
cloudwatch_log_group = aws_cloudwatch_log_group.default.name
cloudwatch_log_stream = aws_cloudwatch_log_stream.default.name
}
}
resource aws_ec2_client_vpn_network_association default {
for_each = toset(var.subnet_ids)
client_vpn_endpoint_id = aws_ec2_client_vpn_endpoint.default.id
subnet_id = each.key
security_groups = var.security_groups
}
resource aws_ec2_client_vpn_authorization_rule ingress-all {
client_vpn_endpoint_id = aws_ec2_client_vpn_endpoint.default.id
target_network_cidr = var.allowed_ingress_network_cidr
authorize_all_groups = true
description = "Allow all VPN groups access to ${var.allowed_ingress_network_cidr}"
}
resource aws_ec2_client_vpn_route internet-access {
for_each = var.enable_internet_access ? toset(var.subnet_ids) : []
client_vpn_endpoint_id = aws_ec2_client_vpn_endpoint.default.id
destination_cidr_block = "0.0.0.0/0"
target_vpc_subnet_id = aws_ec2_client_vpn_network_association.default[each.key].subnet_id
}
正确。使用标签添加客户端 VPN 端点名称。
variable "tags" {
description = "A mapping of tags to assign to the resource."
type = map(string)
default = {
Name = "ClientVPN"
}
}
下面的源代码提供了 AWS 客户端 VPN。创建客户端 VPN 端点后,我登录到 AWS 控制台,单击“客户端 VPN 端点”,在右侧,它显示“端点 ID”、“状态”和“客户端 CIDR”的值。但是,“名称”的值为空,即客户端 VPN 端点的名称为空。如何在 Terraform 代码中添加客户端 VPN 端点名称?下面是相关代码。
main.tf:
module vpn {
source = "modules/client_vpn"
name = var.name
vpn_client_cidr = var.vpn_client_cidr
cert_dir = var.cert_dir
config_dir = var.config_dir
cert_domain = var.cert_domain
subnet_ids = data.terraform_remote_state.vpc.outputs.private_subnets
security_groups = [aws_security_group.vpn.id]
logging_enabled = var.logging_enabled
cloudwatch_log_retention_days = var.cloudwatch_log_retention_days
}
variables.tf:
variable "name" {
description = "Name of Client VPN Endpoints"
type = string
default = "ClientVPN"
}
modules/client_vpn:
resource aws_acm_certificate client {
private_key = file("${path.root}/${var.cert_dir}/${var.cert_domain}.key")
certificate_body = file("${path.root}/${var.cert_dir}/${var.cert_domain}.crt")
certificate_chain = file("${path.root}/${var.cert_dir}/ca.crt")
}
resource aws_acm_certificate server {
private_key = file("${path.root}/${var.cert_dir}/server.key")
certificate_body = file("${path.root}/${var.cert_dir}/server.crt")
certificate_chain = file("${path.root}/${var.cert_dir}/ca.crt")
}
resource aws_cloudwatch_log_group default {
name = format("/aws/vpn/%s/logs", var.name)
retention_in_days = var.cloudwatch_log_retention_days
}
resource aws_cloudwatch_log_stream default {
name = var.name
log_group_name = aws_cloudwatch_log_group.default.name
}
resource aws_ec2_client_vpn_endpoint default {
server_certificate_arn = aws_acm_certificate.server.arn
client_cidr_block = var.vpn_client_cidr
authentication_options {
type = "certificate-authentication"
root_certificate_chain_arn = aws_acm_certificate.client.arn
}
connection_log_options {
enabled = var.logging_enabled
cloudwatch_log_group = aws_cloudwatch_log_group.default.name
cloudwatch_log_stream = aws_cloudwatch_log_stream.default.name
}
}
resource aws_ec2_client_vpn_network_association default {
for_each = toset(var.subnet_ids)
client_vpn_endpoint_id = aws_ec2_client_vpn_endpoint.default.id
subnet_id = each.key
security_groups = var.security_groups
}
resource aws_ec2_client_vpn_authorization_rule ingress-all {
client_vpn_endpoint_id = aws_ec2_client_vpn_endpoint.default.id
target_network_cidr = var.allowed_ingress_network_cidr
authorize_all_groups = true
description = "Allow all VPN groups access to ${var.allowed_ingress_network_cidr}"
}
resource aws_ec2_client_vpn_route internet-access {
for_each = var.enable_internet_access ? toset(var.subnet_ids) : []
client_vpn_endpoint_id = aws_ec2_client_vpn_endpoint.default.id
destination_cidr_block = "0.0.0.0/0"
target_vpc_subnet_id = aws_ec2_client_vpn_network_association.default[each.key].subnet_id
}
正确。使用标签添加客户端 VPN 端点名称。
variable "tags" {
description = "A mapping of tags to assign to the resource."
type = map(string)
default = {
Name = "ClientVPN"
}
}