forked from johnbrandborg/aws-clientvpn-helper
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcreate-client-config.sh
executable file
·51 lines (39 loc) · 1.51 KB
/
create-client-config.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
#!/bin/bash
set -ex
source variables.cfg
./easy-rsa/easyrsa3/easyrsa build-client-full $CLIENTNAME nopass
aws acm import-certificate \
--certificate=fileb://./pki/issued/$CLIENTNAME.crt \
--private-key=fileb://./pki/private/$CLIENTNAME.key \
--certificate-chain=fileb://./pki/ca.crt
aws ssm put-parameter \
--name="/clientvpn/$CLIENTNAME.crt" \
--description="Compressed Client Certificate for AWS Client VPN" \
--value=file://./pki/issued/$CLIENTNAME.crt \
--type="SecureString" \
--tier="Advanced" \
--overwrite > /dev/null
aws ssm put-parameter \
--name="/clientvpn/$CLIENTNAME.key" \
--description="Compressed Client Key for AWS Client VPN" \
--value=file://./pki/private/$CLIENTNAME.key \
--type="SecureString" \
--tier="Advanced" \
--overwrite > /dev/null
: ${ENDPOINTID:=$(aws ec2 describe-client-vpn-endpoints \
--output=text \
--filters="Name=tag:Name,Values=$SERVERNAME"\
--query='ClientVpnEndpoints[].ClientVpnEndpointId')}
if [ -n "$ENDPOINTID" ]; then
aws ec2 export-client-vpn-client-configuration \
--client-vpn-endpoint-id $ENDPOINTID \
--output text > $OVPNCFGFILE
echo "cert $CLIENTNAME.crt" >> $OVPNCFGFILE
echo "key $CLIENTNAME.key" >> $OVPNCFGFILE
else
echo " ERROR: No Client VPN Endpoint could be found."; exit 1
fi
mkdir -p $WORKDIR/$CLIENTNAME
cp $OVPNCFGFILE $WORKDIR/$CLIENTNAME
cp pki/issued/$CLIENTNAME.crt $WORKDIR/$CLIENTNAME/
cp pki/private/$CLIENTNAME.key $WORKDIR/$CLIENTNAME/