No requirements.
Name | Version |
---|---|
aws | n/a |
random | n/a |
tls | n/a |
Name | Source | Version |
---|---|---|
backup_bucket | terraform-aws-modules/s3-bucket/aws | 3.4.0 |
validate_email | rhythmictech/errorcheck/terraform | 1.3.0 |
Name | Type |
---|---|
aws_autoscaling_group.this | resource |
aws_eip.this | resource |
aws_iam_instance_profile.this | resource |
aws_iam_policy.backup_and_eip | resource |
aws_iam_role.this | resource |
aws_iam_role_policy_attachment.cloudwatch_agent | resource |
aws_iam_role_policy_attachment.this | resource |
aws_key_pair.this | resource |
aws_launch_template.instance | resource |
aws_route53_record.endpoint | resource |
aws_route53_record.web | resource |
aws_s3_object.this | resource |
aws_security_group.wireguard | resource |
random_password.admin_password | resource |
tls_private_key.this | resource |
aws_ami.amazon_linux_2 | data source |
aws_caller_identity.current | data source |
aws_iam_policy.aws_cloudwatch_agent_server_policy | data source |
aws_iam_policy_document.backup_and_eip | data source |
aws_route53_zone.target | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
admin_user_email | Creates pre-configured admin user with the provider email and a random password | string |
null |
no |
aws_region | The AWS Region | string |
n/a | yes |
desired_instances | [WIP] used for high availability. Not implemented. This option has no effect | number |
1 |
no |
docker_image | The docker image used to launch Firezone. Override this with another image repo (e.g. ECR) to control the version. Useful for not depending on dockerhub SLA and for custom patches | string |
"firezone/firezone:0.6.4" |
no |
enable_cloudwatch_metrics | Optional: enable swap, memory and disk metrics with cloudwatch agent | bool |
false |
no |
extra_security_group_ids | Extra security group ids to attach to the VPN EC2 instance | list(string) |
[] |
no |
firezone_environment_variables | Extra environment variables to pass to the Firezone container. See https://docs.firezone.dev/reference/env-vars | any |
{} |
no |
instance_type | Wireguard EC2 instance type. Controls CPU, Memory and Network resources | string |
n/a | yes |
internal_url | The URL used to create an alias to the EC2 instance private IP | string |
null |
no |
is_ecr_docker_image | Tells whether the docker_image comes from ECR. This will cause the EC2 instance to login to ECR using docker login before attempting to pull the image | bool |
false |
no |
name | Name used to tag and create resources | string |
"vpn-wireguard-firezone" |
no |
ssh_key_bucket | Bucket to write SSH key to. The SSH key is used to connect to the wireguard instance via SSH | string |
n/a | yes |
subnet_ids | List of subnet ids used to deploy instances to | list(string) |
n/a | yes |
tags | Extra tags used to tag resources with. Defaults to {}, in which case all resources are tagged with Name | map(string) |
{} |
no |
volume_size | The EC2 Instance volume size | number |
8 |
no |
vpn_endpoint_url | The endpoint url used to create the Wireguard config file | string |
n/a | yes |
web_url | The web application URL used to access the administration portal | string |
n/a | yes |
zone_id | Zone ID to create the route53 records in. The records are used to create the wireguard endpoint and the internal alias for SSH | string |
n/a | yes |
Name | Description |
---|---|
autoscaling_group | n/a |
backup_bucket | n/a |
endpoint_record | n/a |
instance_profile | n/a |
launch_template | n/a |
password | n/a |
policy | n/a |
private_key | n/a |
security_group | n/a |
web_record | n/a |