AWS Amazon EC2 VPN Gateway Route Propagation
This page shows how to write Terraform and CloudFormation for Amazon EC2 VPN Gateway Route Propagation and write them securely.
aws_vpn_gateway_route_propagation (Terraform)
The VPN Gateway Route Propagation in Amazon EC2 can be configured in Terraform with the resource name aws_vpn_gateway_route_propagation
. The following sections describe 3 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_vpn_gateway_route_propagation" "vgw-public-routes" {
count = length(data.aws_availability_zones.azs.names)
vpn_gateway_id = aws_vpn_gateway.vgw.id
route_table_id = element(var.vgw-public-route-table-id,count.index )
}
resource "aws_vpn_gateway_route_propagation" "vgw-public-routes" {
count = length(data.aws_availability_zones.azs.names)
vpn_gateway_id = aws_vpn_gateway.vgw.id
route_table_id = element(var.vgw-public-route-table-id,count.index )
}
resource "aws_vpn_gateway_route_propagation" "public" {
route_table_id = aws_route_table.public.id
vpn_gateway_id = aws_vpn_gateway.default.id
}
resource "aws_vpn_gateway_route_propagation" "private" {
Parameters
-
id
optional computed - string -
route_table_id
required - string -
vpn_gateway_id
required - string
Explanation in Terraform Registry
Requests automatic route propagation between a VPN gateway and a route table.
Note: This resource should not be used with a route table that has the
propagating_vgws
argument set. If that argument is set, any route propagation not explicitly listed in its value will be removed.
Tips: Best Practices for The Other AWS Amazon EC2 Resources
In addition to the aws_default_vpc, AWS Amazon EC2 has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
aws_default_vpc
Ensure to avoid using default VPC
It is better to define the own VPC and use it.
aws_network_acl_rule
Ensure your network ACL rule blocks unwanted inbound traffic
It is better to block unwanted inbound traffic.
aws_ebs_volume
Ensure to use a customer-managed key for EBS volume encryption
It is better to use a customer-managed key for EBS volume encryption. It can be gain more control over the encryption by using customer-managed keys (CMK).
aws_instance
Ensure to avoid storing AWS access keys in user data
It is better to avoid storing AWS access keys in user data. `aws_iam_instance_profile` could be used instead.
aws_security_group
Ensure your security group blocks unwanted inbound traffic
It is better to block unwanted inbound traffic.
AWS::EC2::VPNGateway (CloudFormation)
The VPNGateway in EC2 can be configured in CloudFormation with the resource name AWS::EC2::VPNGateway
. The following sections describe 10 examples of how to use the resource and its parameters.
Example Usage from GitHub
Type: AWS::EC2::VPNGateway
Properties:
Type: ipsec.1
Tags:
- Key: Name
Value:
Type: "AWS::EC2::VPNGateway"
Properties:
Type: ipsec.1
VPCGatewayAttachment:
Type: "AWS::EC2::VPCGatewayAttachment"
Type: "AWS::EC2::VPNGateway"
Properties:
Type: "ipsec.1"
VpnConnection:
Type: "AWS::EC2::VPNConnection"
Type: "AWS::EC2::VPNGateway"
Properties:
Type: ipsec.1
VPNconnection:
Type: "AWS::EC2::VPNConnection"
Properties:
Type: "AWS::EC2::VPNGateway"
Properties:
Type: ipsec.1
VPNconnection:
Type: "AWS::EC2::VPNConnection"
Properties:
"Type": "AWS::EC2::VPNGateway",
"Properties": {
"Type": "ipsec.1",
"Tags": [
{
"Key": "Name",
"Type": "AWS::EC2::VPNGateway",
"Properties": {
"Type": "ipsec.1",
"Tags": [
{
"Key": "Name",
"Type": "AWS::EC2::VPNGatewayRoutePropagation"
},
"aclentry1": {
"Properties": {
"CidrBlock": "172.16.0.0/24",
"Egress": "true",
"Type" : "AWS::EC2::VPNGateway",
"Properties" : {
"Type" : "ipsec.1"
}
},
"VpnConnectionGreen" : {
"Type" : "AWS::EC2::VPNGateway",
"Properties" : {
"Type" : "ipsec.1",
"Tags" : [ { "Key" : "Name", "Value" : "Production" } ]
}
},
Parameters
-
AmazonSideAsn
optional - Long -
Tags
optional - List of Tag -
Type
required - String
Explanation in CloudFormation Registry
Specifies a virtual private gateway. A virtual private gateway is the endpoint on the VPC side of your VPN connection. You can create a virtual private gateway before creating the VPC itself.
For more information, see AWS Site-to-Site VPN in the AWS Site-to-Site VPN User Guide.
Frequently asked questions
What is AWS Amazon EC2 VPN Gateway Route Propagation?
AWS Amazon EC2 VPN Gateway Route Propagation is a resource for Amazon EC2 of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS Amazon EC2 VPN Gateway Route Propagation?
For Terraform, the sayindil/Terraform, sharmamukesh76/Terraform-advanced and ericdahl/tf-vpn-sandbox source code examples are useful. See the Terraform Example section for further details.
For CloudFormation, the librannk/AWS-CloudFormation-tmplte, djoreilly/aws-vpn-testing and anri-c/my-aws-cf-templates source code examples are useful. See the CloudFormation Example section for further details.