This is a sample repo to set up HA VPN connection between AWS and Azure

Do NOT use this in any ENVIRONMENT(PRD/Dev/Tst/Uat) without making required changes to sensitive data

Feel free to provide any suggestions or possible improvements with a PR which can benefit someone trying similar

AWS Requirements

Name	Version
aws	~> 3.0

Providers

Name	Version
aws	3.75.2

Modules

No modules.

Resources

Name	Type
aws_customer_gateway.customer_gateway	resource
aws_vpc.vpc	resource
aws_vpn_connection.main	resource
aws_vpn_gateway.vpn_gateway	resource

Inputs

Name	Description	Type	Default	Required
public_ip_address_gw	n/a	list(string)	[ "" ]	no
tunnel1_inside_cidr	n/a	list	[ "169.254.21.0/30", "169.254.21.28/30" ]	no
tunnel1_preshared_key	n/a	list	[ "fgdytdgdstsgshasgsgsashh", "fgdytdgdstsgshasgsgsashh" ]	no
tunnel2_inside_cidr	n/a	list	[ "169.254.21.4/30", "169.254.21.32/30" ]	no
tunnel2_preshared_key	n/a	list	[ "fgdytdgdstsgshasgsgsashh", "fgdytdgdstsgshasgsgsashh" ]	no

Outputs

No outputs.

Azure Requirements

Name	Version
azurerm	=2.77.0

Providers

Name	Version
azurerm	2.77.0

Modules

No modules.

Resources

Name	Type
azurerm_local_network_gateway.localgw	resource
azurerm_public_ip.example	resource
azurerm_resource_group.example	resource
azurerm_subnet.example	resource
azurerm_virtual_network.example	resource
azurerm_virtual_network_gateway.example	resource
azurerm_virtual_network_gateway_connection.az-hub-onprem	resource

Inputs

Name	Description	Type	Default	Required
client_id	n/a	string	"add your SP details here"	no
client_secret	n/a	string	"add your SP details here"	no
express_route_circuit_id	The ID of the Express Route Circuit when creating an ExpressRoute connection	any	null	no
gateway_connection_protocol	The IKE protocol version to use. Possible values are IKEv1 and IKEv2. Defaults to IKEv2	string	"IKEv2"	no
gateway_connection_type	The type of connection. Valid options are IPsec (Site-to-Site), ExpressRoute (ExpressRoute), and Vnet2Vnet (VNet-to-VNet)	string	"IPsec"	no
local_bgp_settings	Local Network Gateway's BGP speaker settings	list(object({ asn_number = number, peering_address = string, peer_weight = number }))	[ { "asn_number": 64512, "peer_weight": 0, "peering_address": "169.254.21.1" }, { "asn_number": 64512, "peer_weight": 0, "peering_address": "169.254.21.5" }, { "asn_number": 64512, "peer_weight": 0, "peering_address": "169.254.21.29" }, { "asn_number": 64512, "peer_weight": 0, "peering_address": "169.254.21.33" } ]	no
local_networks	n/a	list(object({ local_gw_name = string, local_gateway_address = string, local_address_space = list(string), shared_key = string }))	[ { "local_address_space": [ "10.10.0.0/20" ], "local_gateway_address": "87.54.43.24", "local_gw_name": "To-AWS-1", "shared_key": "fgdytdgdstsgshasgsgsashh" }, { "local_address_space": [ "10.10.0.0/20" ], "local_gateway_address": "87.54.43.25", "local_gw_name": "To-AWS-2", "shared_key": "fgdytdgdstsgshasgsgsashh" }, { "local_address_space": [ "10.10.0.0/20" ], "local_gateway_address": "87.54.43.26", "local_gw_name": "To-AWS-3", "shared_key": "fgdytdgdstsgshasgsgsashh" }, { "local_address_space": [ "10.10.0.0/20" ], "local_gateway_address": "87.54.43.27", "local_gw_name": "To-AWS-4", "shared_key": "fgdytdgdstsgshasgsgsashh" } ]	no
local_networks_ipsec_policy	IPSec policy for local networks. Only a single policy can be defined for a connection.	any	null	no
peer_virtual_network_gateway_id	The ID of the peer virtual network gateway when creating a VNet-to-VNet connection	any	null	no
subscription_id	n/a	string	"add your SP details here"	no
tenant_id	n/a	string	"add your SP details here"	no
vpn_gw_sku	Configuration of the size and capacity of the virtual network gateway. Valid options are Basic, VpnGw1, VpnGw2, VpnGw3, VpnGw4,VpnGw5, VpnGw1AZ, VpnGw2AZ, VpnGw3AZ,VpnGw4AZ and VpnGw5AZ and depend on the type, vpn_type and generation arguments	string	"VpnGw1"	no

Outputs

Name	Description
public_ip_address_gw	n/a