Merge pull request #33 from DNXLabs/feature/self_service_portal

Feature/self service portal

README.md

@@ -43,6 +43,7 @@ The following resources will be created:
 | name | Name prefix for the resources of this stack | `any` | n/a | yes |
 | organization\_name | Name of organization to use in private certificate | `string` | `"ACME, Inc"` | no |
 | security\_group\_id | Optional security group id to use instead of the default created | `string` | `""` | no |
+| self\_service\_saml\_provider\_arn | (Optional) The ARN of the IAM SAML identity provider for portal if self portal is enabled. | `any` | `null` | no |
 | split\_tunnel | With split\_tunnel false, all client traffic will go through the VPN. | `bool` | `true` | no |
 | subnet\_ids | Subnet ID to associate clients (each subnet passed will create an VPN association - costs involved) | `list(string)` | n/a | yes |
 | tags | Extra tags to attach to resources | `map(string)` | `{}` | no |

_variables.tf

@@ -91,3 +91,9 @@ variable "active_directory_id" {
   default     = null
   description = "The ID of the Active Directory to be used for authentication. If not provided, the default directory will be used."
 }
+
+variable "self_service_saml_provider_arn" {
+  default     = null
+  description = "(Optional) The ARN of the IAM SAML identity provider for portal if self portal is enabled."
+}
+

vpn-endpoint.tf

@@ -12,6 +12,7 @@ resource "aws_ec2_client_vpn_endpoint" "default" {
     type                       = var.authentication_type
     root_certificate_chain_arn = var.authentication_type != "certificate-authentication" ? null : aws_acm_certificate.root.arn
     saml_provider_arn          = var.authentication_saml_provider_arn
+    self_service_saml_provider_arn  = var.enable_self_service_portal == true ? var.self_service_saml_provider_arn : null
     active_directory_id        = var.active_directory_id
   }