Created
February 12, 2024 16:17
-
-
Save adrianlzt/86033b29559965de0c32b6782d448991 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Creamos una CA self-signed para generar los certificados de los clientes VPN | |
| resource "tls_private_key" "foo-vpn-ca-key" { | |
| algorithm = "RSA" | |
| rsa_bits = 4096 | |
| } | |
| resource "tls_self_signed_cert" "foo-vpn-ca" { | |
| private_key_pem = tls_private_key.foo-vpn-ca-key.private_key_pem | |
| subject { | |
| common_name = "${var.product}-${var.environment}" | |
| organization = "bar" | |
| } | |
| # 114 años | |
| validity_period_hours = 999999 | |
| allowed_uses = [ | |
| "cert_signing", | |
| ] | |
| } | |
| # Convertimos el formato de la clave pública de la CA para que sea compatible con Azure (quitando la cabecera y el pie) | |
| locals { | |
| lines = split("\n", tls_self_signed_cert.foo-vpn-ca.cert_pem) | |
| without_first_and_last = slice(local.lines, 1, length(local.lines) - 2) | |
| ca_no_header_no_footer = join("\n", local.without_first_and_last) | |
| } | |
| resource "azurerm_public_ip" "vpn" { | |
| name = "${var.product}-${var.environment}-vpn" | |
| resource_group_name = azurerm_resource_group.foo.name | |
| location = var.location | |
| sku = "Standard" | |
| allocation_method = "Static" | |
| } | |
| resource "azurerm_subnet" "vpn" { | |
| # El nombre no puede cambiarse, lo require azurerm_virtual_network_gateway | |
| name = "GatewaySubnet" | |
| virtual_network_name = azurerm_virtual_network.foo.name | |
| resource_group_name = azurerm_resource_group.foo.name | |
| address_prefixes = ["${var.net-prefix}.100.0/24"] | |
| } | |
| resource "azurerm_virtual_network_gateway" "foo" { | |
| name = "${var.product}-${var.environment}" | |
| location = var.location | |
| resource_group_name = azurerm_resource_group.foo.name | |
| type = "Vpn" | |
| vpn_type = "RouteBased" | |
| # https://learn.microsoft.com/es-es/azure/vpn-gateway/vpn-gateway-about-vpngateways#gwsku | |
| sku = "VpnGw1" | |
| ip_configuration { | |
| name = "${var.product}-${var.environment}-vnetGatewayConfig" | |
| public_ip_address_id = azurerm_public_ip.vpn.id | |
| private_ip_address_allocation = "Dynamic" | |
| subnet_id = azurerm_subnet.vpn.id | |
| } | |
| vpn_client_configuration { | |
| address_space = ["${var.vpn-net}"] | |
| root_certificate { | |
| name = tls_self_signed_cert.foo-vpn-ca.subject[0].common_name | |
| public_cert_data = local.ca_no_header_no_footer | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment