Updates AWS Client VPN to Working Configuration

Tested with AWS VPN with zScalar disabled.

To be tagged v3.4.1

base/aws_client_vpn/certificate.tf

@@ -7,6 +7,12 @@ resource "aws_acm_certificate" "cert" {
     create_before_destroy = true
   }
 
+  provisioner "local-exec" {
+    # For this purpose, the certificate is frequently not ready by the time
+    # we attempt to use it. This buys a little time, but is a hack.
+    command = "sleep 10"
+  }
+
   tags = merge(var.standard_tags, var.tags)
 }
 

base/aws_client_vpn/outputs.tf

@@ -1,6 +1,7 @@
-output "WARNING" {
-  value = "WARNING: Recreating the endpoint may require intervention from the zScalar team. (Not yet known for sure)"
-}
+# If we work with zScalar, and they exclude something, this warning may need to be put back
+#output "WARNING" {
+#  value = "WARNING: Recreating the endpoint may require intervention from the zScalar team. (Not yet known for sure)"
+#}
 
 # For finding out what's really available:
 #output "endpoint_details" {

base/aws_client_vpn/vpn.tf

@@ -35,9 +35,9 @@ resource "aws_ec2_client_vpn_endpoint" "vpn" {
     cloudwatch_log_stream = aws_cloudwatch_log_stream.vpn.name
   }
 
-  # Possible required with zscalar?
-  transport_protocol = "udp"
-
+  # Could not get UDP working on OSX
+  transport_protocol = "tcp"
+}
 
 resource "aws_ec2_client_vpn_network_association" "vpn_subnets" {
   count = local.redundancy_count
@@ -57,6 +57,7 @@ resource "aws_ec2_client_vpn_network_association" "vpn_subnets" {
 resource "aws_ec2_client_vpn_route" "default" {
   count = local.redundancy_count
   client_vpn_endpoint_id = aws_ec2_client_vpn_endpoint.vpn.id
-  destination_cidr_block = "10.0.0.0/8"
+  #destination_cidr_block = "10.0.0.0/8"
+  destination_cidr_block = "0.0.0.0/0"
   target_vpc_subnet_id   = aws_ec2_client_vpn_network_association.vpn_subnets[count.index].subnet_id
 }