Skip to content

Virtual Private Gateway Attachment

Define Customer Gateways

Define the customer gateway variable. The value for ip_address should be the on-prem public IP. 

1
2
3
4
5
cgws = {
    sapphire_customer_gateway = {
        ip_address = "104.182.121.115"
    }
}

Define Virtual Private Gateway

Define the vpn_gateway attribute within the vpcs variable to build a virtual private gateway in the VPC. Add routes for the on-prem subnet to the desired route tables in the VPC specifying the key for the virtual private gateway (vpn_gateway) as the destination. Assign the route table to any subnets requiring connectivity to on-prem resources via the VPN.

Note: The example below does not represent a full VPC configuration. 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
vpcs = {
    ...
    sapphire_vpc = {
        cidr_block = "10.197.0.0/25"
        vpn_gateway = {
            sapphire_vpn_gateway = {}
        }
        route_tables = {
            main = {
                routes = [
                    {
                        gateway = "local"
                    }
                ]
            }
            private_routes = {
                routes = [
                    {
                        gateway = "local"
                    },
                    {
                        cidr_block = "0.0.0.0/0"
                        nat_gateway = "sapphire_nat_gateway"
                    },
                    {
                        cidr_block = "192.168.1.0/24"
                        vpn_gateway = "sapphire_vpn_gateway"
                    }
                ]
            }
        }
        subnets = {
            SapphirePrivateAZ1 = {
                zone = "us-west-2a"
                block = "10.197.0.0/28"
                route_table = "private_routes"
            },
            SapphirePrivateAZ2 = {
                zone = "us-west-2b"
                block = "10.197.0.16/28"
                route_table = "private_routes"
            }
        }
    }
    ...
}

Define VPNs with Routes

Define the VPN variable specifying the key for the customer_gateway and vpn_gateway (defined in previous steps above) to be attached. The value for vpn_gateway should be defined as (VPC Key).(Virtual Private Gateway Key). local_ipv4_network_cidr should be the on-prem private subnet, and remote_ipv4_network_cidr should be the AWS private subnet. The routes attribute should contain a list of on-prem subnets. 

1
2
3
4
5
6
7
8
9
vpns =  {
    sapphire_vpn = { 
        customer_gateway = "sapphire_customer_gateway"
        vpn_gateway = "sapphire_vpc.sapphire_vpn_gateway"
        local_ipv4_network_cidr = "192.168.1.0/24"
        remote_ipv4_network_cidr = "10.197.0.0/25"
        routes = ["192.168.1.0/24"]
    }
}