AWS Amazon EC2 VPN Connection Route
This page shows how to write Terraform and CloudFormation for Amazon EC2 VPN Connection Route and write them securely.
aws_vpn_connection_route (Terraform)
The VPN Connection Route in Amazon EC2 can be configured in Terraform with the resource name aws_vpn_connection_route
. The following sections describe 2 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_vpn_connection_route" "aws-third-party-infrastructuree-vpn" {
destination_cidr_block = "10.215.0.0/16"
vpn_connection_id = aws_vpn_connection.aws-third-party-infrastructure-vpn.id
}
resource "aws_vpn_connection_route" "aws-third-party-infrastructure-1" {
resource "aws_vpn_connection_route" "vpn_connection_route_1" {
destination_cidr_block = azurerm_virtual_network.vnet.address_space[0]
vpn_connection_id = aws_vpn_connection.vpn_connection_1.id
}
resource "aws_vpn_connection_route" "vpn_connection_route_2" {
Parameters
-
destination_cidr_block
required - string -
id
optional computed - string -
vpn_connection_id
required - string
Explanation in Terraform Registry
Provides a static route between a VPN connection and a customer gateway.
Tips: Best Practices for The Other AWS Amazon EC2 Resources
In addition to the aws_default_vpc, AWS Amazon EC2 has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
aws_default_vpc
Ensure to avoid using default VPC
It is better to define the own VPC and use it.
aws_network_acl_rule
Ensure your network ACL rule blocks unwanted inbound traffic
It is better to block unwanted inbound traffic.
aws_ebs_volume
Ensure to use a customer-managed key for EBS volume encryption
It is better to use a customer-managed key for EBS volume encryption. It can be gain more control over the encryption by using customer-managed keys (CMK).
aws_instance
Ensure to avoid storing AWS access keys in user data
It is better to avoid storing AWS access keys in user data. `aws_iam_instance_profile` could be used instead.
aws_security_group
Ensure your security group blocks unwanted inbound traffic
It is better to block unwanted inbound traffic.
AWS::EC2::VPNConnectionRoute (CloudFormation)
The VPNConnectionRoute in EC2 can be configured in CloudFormation with the resource name AWS::EC2::VPNConnectionRoute
. The following sections describe 10 examples of how to use the resource and its parameters.
Example Usage from GitHub
Type: AWS::EC2::VPNConnectionRoute
Properties:
DestinationCidrBlock: !Ref InternalAccessCIDRBlock
VpnConnectionId: !Ref VPNConnection
Outputs:
# Type: "AWS::EC2::VPNConnectionRoute"
# Properties:
# DestinationCidrBlock:
# VpnConnectionId: !Ref VPNConnection
Type: "AWS::EC2::VPNConnectionRoute"
Properties:
VpnConnectionId: !Ref VPNConnection
DestinationCidrBlock: "192.168.100.0/24"
VPNGatewayRoutePropagation:
Type: AWS::EC2::VPNConnectionRoute
Properties:
VpnConnectionId: !Ref VPNConnection
DestinationCidrBlock: !Ref 01VpcCIDR
VPNConnectionRoute2:
Type: 'AWS::EC2::VPNConnectionRoute'
Properties:
DestinationCidrBlock:
Ref: TunnelInsideCidr1
VpnConnectionId:
Ref: VpnConnection
"AWS::EC2::VPNConnectionRoute": {
"Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpn-connection-route.html",
"Properties": {
"DestinationCidrBlock": {
"Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpn-connection-route.html#cfn-ec2-vpnconnectionroute-cidrblock",
"PrimitiveType": "String",
"Type" : "AWS::EC2::VPNConnectionRoute",
"Properties" : {
"DestinationCidrBlock" : {"Fn::Join":["",["",{"Ref":"CustomerPrivateIP"}]]},
"VpnConnectionId" : {"Ref" : "VPNConnection"}
}
}
"AWS::EC2::VPNConnectionRoute": {
"Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpn-connection-route.html",
"Properties": {
"DestinationCidrBlock": {
"Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpn-connection-route.html#cfn-ec2-vpnconnectionroute-cidrblock",
"PrimitiveType": "String",
"AWS::EC2::VPNConnectionRoute": {
"Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpn-connection-route.html",
"Properties": {
"DestinationCidrBlock": {
"Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpn-connection-route.html#cfn-ec2-vpnconnectionroute-cidrblock",
"PrimitiveType": "String",
"Type": "AWS::EC2::VPNConnectionRoute",
"Properties": {
"VpnConnectionId": { "Ref": "VPCVPNConnection"},
"DestinationCidrBlock": { "Ref": "OfficeLocalCIDRParam"}
}
}
Parameters
-
DestinationCidrBlock
required - String -
VpnConnectionId
required - String
Explanation in CloudFormation Registry
Specifies a static route for a VPN connection between an existing virtual private gateway and a VPN customer gateway. The static route allows traffic to be routed from the virtual private gateway to the VPN customer gateway.
For more information, see AWS Site-to-Site VPN in the AWS Site-to-Site VPN User Guide.
Frequently asked questions
What is AWS Amazon EC2 VPN Connection Route?
AWS Amazon EC2 VPN Connection Route is a resource for Amazon EC2 of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS Amazon EC2 VPN Connection Route?
For Terraform, the wellcometrust/ncw-terraform-modules and gmirsky/aws-azure-vpn source code examples are useful. See the Terraform Example section for further details.
For CloudFormation, the myshkin5/aws-musings, djoreilly/aws-vpn-testing and BOURGUITSamuel/P10_OC_PROJECT source code examples are useful. See the CloudFormation Example section for further details.