如何添加 AWS 客户端 VPN 终端节点的名称？

Question

The source code below provisions the AWS client VPN. After Client VPN Endpoints created, I login to AWS console, clicked on "Client VPN Endpoints", at right hand, it shows the values of "Endpoint ID", "State" and "Client CIDR". But, the value of "Name" is empty, ie the name of Client VPN Endpoints is empty. How to add the Client VPN Endpoints name in Terraform code? Below is the related code.

main.tf:

module vpn {
  source                        = "modules/client_vpn"
  name                          = var.name
  vpn_client_cidr               = var.vpn_client_cidr
  cert_dir                      = var.cert_dir
  config_dir                    = var.config_dir
  cert_domain                   = var.cert_domain
  subnet_ids                    = data.terraform_remote_state.vpc.outputs.private_subnets
  security_groups               = [aws_security_group.vpn.id]
  logging_enabled               = var.logging_enabled
  cloudwatch_log_retention_days = var.cloudwatch_log_retention_days
}

variables.tf:

variable "name" {
  description = "Name of Client VPN Endpoints"
  type        = string
  default     = "ClientVPN"
}

modules/client_vpn:

resource aws_acm_certificate client {
  private_key       = file("${path.root}/${var.cert_dir}/${var.cert_domain}.key")
  certificate_body  = file("${path.root}/${var.cert_dir}/${var.cert_domain}.crt")
  certificate_chain = file("${path.root}/${var.cert_dir}/ca.crt")
}
resource aws_acm_certificate server {
  private_key       = file("${path.root}/${var.cert_dir}/server.key")
  certificate_body  = file("${path.root}/${var.cert_dir}/server.crt")
  certificate_chain = file("${path.root}/${var.cert_dir}/ca.crt")
}
resource aws_cloudwatch_log_group default {
  name              = format("/aws/vpn/%s/logs", var.name)
  retention_in_days = var.cloudwatch_log_retention_days
}
resource aws_cloudwatch_log_stream default {
  name           = var.name
  log_group_name = aws_cloudwatch_log_group.default.name
}
resource aws_ec2_client_vpn_endpoint default {
  server_certificate_arn = aws_acm_certificate.server.arn
  client_cidr_block      = var.vpn_client_cidr
  authentication_options {
    type                       = "certificate-authentication"
    root_certificate_chain_arn = aws_acm_certificate.client.arn
  }
  connection_log_options {
    enabled               = var.logging_enabled
    cloudwatch_log_group  = aws_cloudwatch_log_group.default.name
    cloudwatch_log_stream = aws_cloudwatch_log_stream.default.name
  }

}
resource aws_ec2_client_vpn_network_association default {
  for_each               = toset(var.subnet_ids)
  client_vpn_endpoint_id = aws_ec2_client_vpn_endpoint.default.id
  subnet_id              = each.key
  security_groups        = var.security_groups
}
resource aws_ec2_client_vpn_authorization_rule ingress-all {
  client_vpn_endpoint_id = aws_ec2_client_vpn_endpoint.default.id
  target_network_cidr    = var.allowed_ingress_network_cidr
  authorize_all_groups   = true
  description            = "Allow all VPN groups access to ${var.allowed_ingress_network_cidr}"
}
resource aws_ec2_client_vpn_route internet-access {
  for_each               = var.enable_internet_access ? toset(var.subnet_ids) : []
  client_vpn_endpoint_id = aws_ec2_client_vpn_endpoint.default.id
  destination_cidr_block = "0.0.0.0/0"
  target_vpc_subnet_id   = aws_ec2_client_vpn_network_association.default[each.key].subnet_id
}

Answer 1

It is correct. Use tags to add Client VPN Endpoints name.

variable "tags" {
  description = "A mapping of tags to assign to the resource."
  type        = map(string)
  default     = {
     Name = "ClientVPN"
  }
}