# Terraform configuration to create a Site-to-Site VPN connection.

provider "aws" {
  region = "us-east-1"
}

# --- 1. Data Source for Default VPC ---
data "aws_vpc" "default" {
  default = true
}

# --- 2. Create Customer Gateway ---
resource "aws_customer_gateway" "main" {
  bgp_asn    = 65000 # Your on-premises BGP ASN
  ip_address = "198.51.100.1" # !!! IMPORTANT: Replace with your actual on-premises public IP address !!!
  type       = "ipsec.1"

  tags = {
    Name = "MyTerraformCustomerGateway"
  }
}

# --- 3. Create Virtual Private Gateway and Attach to VPC ---
resource "aws_vpn_gateway" "main" {
  vpc_id = data.aws_vpc.default.id
  amazon_side_asn = "64512" # AWS side ASN

  tags = {
    Name = "MyTerraformVPNGateway"
  }
}

# --- 4. Create VPN Connection ---
resource "aws_vpn_connection" "main" {
  vpn_gateway_id      = aws_vpn_gateway.main.id
  customer_gateway_id = aws_customer_gateway.main.id
  type                = "ipsec.1"
  static_routes_only  = true # For simplicity, using static routes

  tags = {
    Name = "MyTerraformVPNConnection"
  }
}

# --- Outputs ---
output "customer_gateway_id" {
  value       = aws_customer_gateway.main.id
  description = "The ID of the Customer Gateway."
}

output "vpn_gateway_id" {
  value       = aws_vpn_gateway.main.id
  description = "The ID of the Virtual Private Gateway."
}

output "vpn_connection_id" {
  value       = aws_vpn_connection.main.id
  description = "The ID of the VPN Connection."
}