No requirements.
| Name | Version |
|---|---|
| aws | n/a |
| random | n/a |
| tls | n/a |
| Name | Source | Version |
|---|---|---|
| backup_bucket | terraform-aws-modules/s3-bucket/aws | 3.4.0 |
| validate_email | rhythmictech/errorcheck/terraform | 1.3.0 |
| Name | Type |
|---|---|
| aws_autoscaling_group.this | resource |
| aws_eip.this | resource |
| aws_iam_instance_profile.this | resource |
| aws_iam_policy.backup_and_eip | resource |
| aws_iam_role.this | resource |
| aws_iam_role_policy_attachment.cloudwatch_agent | resource |
| aws_iam_role_policy_attachment.this | resource |
| aws_key_pair.this | resource |
| aws_launch_template.instance | resource |
| aws_route53_record.endpoint | resource |
| aws_route53_record.web | resource |
| aws_s3_object.this | resource |
| aws_security_group.wireguard | resource |
| random_password.admin_password | resource |
| tls_private_key.this | resource |
| aws_ami.amazon_linux_2 | data source |
| aws_caller_identity.current | data source |
| aws_iam_policy.aws_cloudwatch_agent_server_policy | data source |
| aws_iam_policy_document.backup_and_eip | data source |
| aws_route53_zone.target | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| admin_user_email | Creates pre-configured admin user with the provider email and a random password | string |
null |
no |
| aws_region | The AWS Region | string |
n/a | yes |
| desired_instances | [WIP] used for high availability. Not implemented. This option has no effect | number |
1 |
no |
| docker_image | The docker image used to launch Firezone. Override this with another image repo (e.g. ECR) to control the version. Useful for not depending on dockerhub SLA and for custom patches | string |
"firezone/firezone:0.6.4" |
no |
| enable_cloudwatch_metrics | Optional: enable swap, memory and disk metrics with cloudwatch agent | bool |
false |
no |
| extra_security_group_ids | Extra security group ids to attach to the VPN EC2 instance | list(string) |
[] |
no |
| firezone_environment_variables | Extra environment variables to pass to the Firezone container. See https://docs.firezone.dev/reference/env-vars | any |
{} |
no |
| instance_type | Wireguard EC2 instance type. Controls CPU, Memory and Network resources | string |
n/a | yes |
| internal_url | The URL used to create an alias to the EC2 instance private IP | string |
null |
no |
| is_ecr_docker_image | Tells whether the docker_image comes from ECR. This will cause the EC2 instance to login to ECR using docker login before attempting to pull the image | bool |
false |
no |
| name | Name used to tag and create resources | string |
"vpn-wireguard-firezone" |
no |
| ssh_key_bucket | Bucket to write SSH key to. The SSH key is used to connect to the wireguard instance via SSH | string |
n/a | yes |
| subnet_ids | List of subnet ids used to deploy instances to | list(string) |
n/a | yes |
| tags | Extra tags used to tag resources with. Defaults to {}, in which case all resources are tagged with Name | map(string) |
{} |
no |
| volume_size | The EC2 Instance volume size | number |
8 |
no |
| vpn_endpoint_url | The endpoint url used to create the Wireguard config file | string |
n/a | yes |
| web_url | The web application URL used to access the administration portal | string |
n/a | yes |
| zone_id | Zone ID to create the route53 records in. The records are used to create the wireguard endpoint and the internal alias for SSH | string |
n/a | yes |
| Name | Description |
|---|---|
| autoscaling_group | n/a |
| backup_bucket | n/a |
| endpoint_record | n/a |
| instance_profile | n/a |
| launch_template | n/a |
| password | n/a |
| policy | n/a |
| private_key | n/a |
| security_group | n/a |
| web_record | n/a |