Terraform-provider-aws: Support duel `authentication_options` types `directory-service-authentication` and `certificate-authentication` on `aws_ec2_client_vpn_endpoint` resource

Created on 21 May 2019  ·  4Comments  ·  Source: hashicorp/terraform-provider-aws

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Currently aws_ec2_client_vpn_endpoint resource only supports authentication_options type directory-service-authentication OR certificate-authentication. This resource should support multiple authentication options (AND/OR). aws_ec2_client_vpn_endpoint schema currently defines authentication_options MaxItems as 1.

New or Affected Resource(s)

  • aws_ec2_client_vpn_endpoint

Potential Terraform Configuration

resource "aws_ec2_client_vpn_endpoint" "vpn" {
  server_certificate_arn = "${var.server_certificate_arn}"
  client_cidr_block = "${var.client_cidr_block}"

  authentication_options {
    type = "certificate-authentication"
    root_certificate_chain_arn = "${var.root_certificate_chain_arn}"
  }

  authentication_options {
    type = "directory-service-authentication"
    active_directory_id = "${var.active_directory_id}"
  }
}

References

  • 0000

    • enhancement servicec2
    Source
    picture tombmj
    👍28

    Most helpful comment

    Voting for this; was surprised to learn that this resource doesn't allow you to specify both authentication options, as mutual TLS combined with password auth is definitely the most secure solution. Without this ability, this resource isn't capable of supporting prod-ready VPN config, IMHO.

    picture marcus-bynder on 15 Aug 2019
    👍4

    All 4 comments

    Voting for this; was surprised to learn that this resource doesn't allow you to specify both authentication options, as mutual TLS combined with password auth is definitely the most secure solution. Without this ability, this resource isn't capable of supporting prod-ready VPN config, IMHO.

    marcus-bynder picture marcus-bynder on 15 Aug 2019
    👍4

    Support for this has been merged and will release with version 2.58.0 of the Terraform AWS Provider, later this week. Thanks to @davidsung for the implementation. 👍

    bflad picture bflad on 14 Apr 2020
    👍3

    This has been released in version 2.58.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

    For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

    hashibot[bot] picture hashibot[bot] on 17 Apr 2020

    I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

    If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

    hashibot[bot] picture hashibot[bot] on 15 May 2020
    Was this page helpful?
    0 / 5 - 0 ratings

    Related issues

    EmmN picture EmmN  ·  3Comments
    hashibot picture hashibot  ·  3Comments
    hashibot picture hashibot  ·  3Comments
    hashibot picture hashibot  ·  3Comments
    hashibot picture hashibot  ·  3Comments