AWS Amazon EC2 Customer Gateway
This page shows how to write Terraform and CloudFormation for Amazon EC2 Customer Gateway and write them securely.
aws_customer_gateway (Terraform)
The Customer Gateway in Amazon EC2 can be configured in Terraform with the resource name aws_customer_gateway
. The following sections describe 5 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_customer_gateway" "vgw-lakewood" {
bgp_asn = 65001
ip_address = "165.127.10.10"
type = "ipsec.1"
tags {
resource "aws_customer_gateway" "vpnhub-aws1-pub" {
tags = merge(var.tags, {
Name = "vpnhub-aws1-pub"
})
ip_address = "128.174.0.21"
resource "aws_customer_gateway" "aws-joyent-us-east" {
bgp_asn = "65000"
ip_address = "8.12.41.196"
tags = {
Name = "aws-joyent-us-east"
}
resource "aws_customer_gateway" "google" {
bgp_asn = 65000
ip_address = google_compute_address.vpn.address
type = "ipsec.1"
tags = {
resource "aws_customer_gateway" "google" {
bgp_asn = 65000
ip_address = google_compute_address.vpn.address
type = "ipsec.1"
tags = {
Parameters
-
arn
optional computed - string -
bgp_asn
required - string -
device_name
optional - string -
id
optional computed - string -
ip_address
required - string -
tags
optional - map from string to string -
type
required - string
Explanation in Terraform Registry
Provides a customer gateway inside a VPC. These objects can be connected to VPN gateways via VPN connections, and allow you to establish tunnels between your network and the VPC.
Tips: Best Practices for The Other AWS Amazon EC2 Resources
In addition to the aws_default_vpc, AWS Amazon EC2 has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
aws_default_vpc
Ensure to avoid using default VPC
It is better to define the own VPC and use it.
aws_network_acl_rule
Ensure your network ACL rule blocks unwanted inbound traffic
It is better to block unwanted inbound traffic.
aws_ebs_volume
Ensure to use a customer-managed key for EBS volume encryption
It is better to use a customer-managed key for EBS volume encryption. It can be gain more control over the encryption by using customer-managed keys (CMK).
aws_instance
Ensure to avoid storing AWS access keys in user data
It is better to avoid storing AWS access keys in user data. `aws_iam_instance_profile` could be used instead.
aws_security_group
Ensure your security group blocks unwanted inbound traffic
It is better to block unwanted inbound traffic.
AWS::EC2::CustomerGateway (CloudFormation)
The CustomerGateway in EC2 can be configured in CloudFormation with the resource name AWS::EC2::CustomerGateway
. The following sections describe 10 examples of how to use the resource and its parameters.
Example Usage from GitHub
Type: "AWS::EC2::CustomerGateway"
Properties:
BgpAsn: 65000
IpAddress: "90.70.96.58"
Type: "ipsec.1"
Tags:
Type: AWS::EC2::CustomerGateway
Properties:
Type: ipsec.1
BgpAsn: '65000'
IpAddress:
Ref: VPNAddress
Type: "AWS::EC2::CustomerGateway"
Properties:
BgpAsn: "65000"
IpAddress:
Ref: "RouterIpAddress"
Type: "ipsec.1"
Type: AWS::EC2::CustomerGateway
Properties:
Type: ipsec.1
BgpAsn: '65000'
IpAddress: !GetAtt EC2Web1.PublicIp
Tags:
Type: "AWS::EC2::CustomerGateway"
Properties:
BgpAsn: 65000
IpAddress: 1.1.1.1 # Public IP of remote VPN device
Type: ipsec.1
VirtualPrivateGateway:
"resourceType": "AWS::EC2::CustomerGateway",
"resourceId": "cgw-5699703f",
"awsRegion": "Not Applicable",
"availabilityZone": "Not Applicable",
"tags": {
"Name": "MyCustomerGateway-Gamma"
"resourceType": "AWS::EC2::CustomerGateway",
"resourceId": "cgw-5699703f",
"awsRegion": "Not Applicable",
"availabilityZone": "Not Applicable",
"tags": {
"Name": "MyCustomerGateway-Gamma"
"Type" : "AWS::EC2::CustomerGateway",
"Properties" : {
"Type" : "ipsec.1",
"BgpAsn" : { "Ref" : "CustomerGatewayGreenAsn" },
"IpAddress" : { "Ref" : "CustomerGatewayGreenIpAddress" }
}
"Type" : "AWS::EC2::CustomerGateway",
"Properties" : {
"Type" : "ipsec.1",
"BgpAsn" : "65000",
"IpAddress" : { "Ref": "IpAddressUS" },
"Tags" : [ { "Key" : "Name", "Value" : "Prod_USColoCGW" } ]
"Type" : "AWS::EC2::CustomerGateway",
"Properties" : {
"Type" : "ipsec.1",
"BgpAsn" : "65000",
"IpAddress" : { "Ref": "IpAddressUS" },
"Tags" : [ { "Key" : "Name", "Value" : "Prod_USColoCGW" } ]
Parameters
-
BgpAsn
required - Integer -
IpAddress
required - String -
Tags
optional - List of Tag -
Type
required - String
Explanation in CloudFormation Registry
Specifies a customer gateway.
Frequently asked questions
What is AWS Amazon EC2 Customer Gateway?
AWS Amazon EC2 Customer Gateway is a resource for Amazon EC2 of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS Amazon EC2 Customer Gateway?
For Terraform, the Blaag/terraform-bdhsv, techservicesillinois/aws-enterprise-vpc and mrwacky42/terrabase source code examples are useful. See the Terraform Example section for further details.
For CloudFormation, the BOURGUITSamuel/P10_OC_PROJECT, varunes/AWS-CF-Template-Library and anri-c/my-aws-cf-templates source code examples are useful. See the CloudFormation Example section for further details.