Skip to content
/ terraform-aws-wireguardproxy Public

Terraform module that creates a reverse proxy using a combination of WireGuard and iptables

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

harleymckenzie/terraform-aws-wireguardproxy

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
README.md
README.md
 
 
iam.tf
iam.tf
 
 
main.tf
main.tf
 
 
security_groups.tf
security_groups.tf
 
 
userdata.tpl
userdata.tpl
 
 
variables.tf
variables.tf
 
 

Repository files navigation

Description

This Terraform module is used to create and configure a WireGuard reverse proxy server.

I created this module as a solution / personal project that would allow me access to home-assistant and other resources on my internal network, as I don't have access to the router and port forwarding is not an option.

The module will:

  1. Create an Ubuntu based EC2 instance
  2. Install WireGuard and generate the required configuration for NAT'ing
  3. Update the A record used for the proxy on instance startup

Note: This has only been tested on Ubuntu 20.04 LTS x64, though should still work on other versions/architectures.

Prerequisites

  • A Hosted Zone in Route 53
  • Public/private keys for your sever and peer
  • A pre-existing VPC and keypair

Requirements

No requirements.

Providers

Name Version
aws n/a
template n/a

Modules

No modules.

Resources

Name Type
aws_iam_instance_profile.wireguard resource
aws_iam_role.wireguard resource
aws_iam_role_policy.wireguard-r53-access resource
aws_instance.wireguard resource
aws_security_group.nat-ports resource
aws_security_group.ssh-access resource
aws_security_group.vpn-access resource
template_file.userdata data source

Inputs

Name Description Type Default Required
hosted_zone_id Route 53 Hosted Zone ID containing the domain name to be used for the VPN string n/a yes
instance_ami AMI to use for the instance string "ami-0015a39e4b7c0966f" no
keypair Key Pair name to be used for SSH access to the WireGuard server string n/a yes
peer_private_ip Private IP of the peer WireGuard client used for traffic forwarding string n/a yes
peer_public_ip Public IP address used to permit inbound connections to WireGuard string n/a yes
peer_public_key Peers public key for configuring the VPN connection string n/a yes
permitted_ssh_ips List of CIDR ranges permitted to SSH to the WireGuard instance list(string) 
[
  "0.0.0.0/0"
]
 no
subnet_id Subnet id used by the WireGuard instance string n/a yes
vpc_id VPC id of the VPC the WireGuard instance will be provisioned in string n/a yes
vpn_domain_name A Record to use for the WireGuard proxy string n/a yes
wg_interface_cidr The CIDR address used for the WireGuard interface on the server string "10.6.0.1/32" no
wg_listen_port n/a number 51820 no
wg_nat_ports List of ports to be used for port forwarding list(number) 
[
  8080,
  8123
]
 no
wg_private_key Private key used for the WireGuard server string n/a yes

Outputs

No outputs.

Usage

  hosted_zone_id = "Z0123456789"
  vpn_domain_name = "proxy.example.com"
  
  vpc_id = "vpc-xxxxxxxxxxx"
  subnet_id = "subnet-xxxxxxxxxxx"

  keypair = "my-key-pair"
  wg_private_key = "abcdef0123456789"
  peer_public_key = "fedcba987654321"
  peer_public_ip = "203.147.201.32"
  peer_private_ip = "192.168.0.101"

About

Terraform module that creates a reverse proxy using a combination of WireGuard and iptables

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages