AWS Amazon EC2 VPN Gateway
This page shows how to write Terraform and CloudFormation for Amazon EC2 VPN Gateway and write them securely.
aws_vpn_gateway (Terraform)
The VPN Gateway in Amazon EC2 can be configured in Terraform with the resource name aws_vpn_gateway
. The following sections describe 2 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_vpn_gateway" "west" {
count = var.vpn_enabled
tags = {
Name = "west_vpn_gateway"
}
resource "aws_vpn_gateway" "vpn_gw" {
vpc_id = aws_vpc.eks.id
tags = map(
"Name", "eks aws vpn gateway"
)
Parameters
-
amazon_side_asn
optional computed - string -
arn
optional computed - string -
availability_zone
optional - string -
id
optional computed - string -
tags
optional - map from string to string -
vpc_id
optional computed - string
Explanation in Terraform Registry
Provides a resource to create a VPC VPN Gateway.
Tips: Best Practices for The Other AWS Amazon EC2 Resources
In addition to the aws_default_vpc, AWS Amazon EC2 has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
aws_default_vpc
Ensure to avoid using default VPC
It is better to define the own VPC and use it.
aws_network_acl_rule
Ensure your network ACL rule blocks unwanted inbound traffic
It is better to block unwanted inbound traffic.
aws_ebs_volume
Ensure to use a customer-managed key for EBS volume encryption
It is better to use a customer-managed key for EBS volume encryption. It can be gain more control over the encryption by using customer-managed keys (CMK).
aws_instance
Ensure to avoid storing AWS access keys in user data
It is better to avoid storing AWS access keys in user data. `aws_iam_instance_profile` could be used instead.
aws_security_group
Ensure your security group blocks unwanted inbound traffic
It is better to block unwanted inbound traffic.
AWS::EC2::VPNGateway (CloudFormation)
The VPNGateway in EC2 can be configured in CloudFormation with the resource name AWS::EC2::VPNGateway
. The following sections describe 10 examples of how to use the resource and its parameters.
Example Usage from GitHub
Type: AWS::EC2::VPNGateway
Properties:
Type: ipsec.1
Tags:
- Key: Name
Value:
Type: "AWS::EC2::VPNGateway"
Properties:
Type: ipsec.1
VPCGatewayAttachment:
Type: "AWS::EC2::VPCGatewayAttachment"
Type: "AWS::EC2::VPNGateway"
Properties:
Type: "ipsec.1"
VpnConnection:
Type: "AWS::EC2::VPNConnection"
Type: "AWS::EC2::VPNGateway"
Properties:
Type: ipsec.1
VPNconnection:
Type: "AWS::EC2::VPNConnection"
Properties:
Type: "AWS::EC2::VPNGateway"
Properties:
Type: ipsec.1
VPNconnection:
Type: "AWS::EC2::VPNConnection"
Properties:
"Type": "AWS::EC2::VPNGateway",
"Properties": {
"Type": "ipsec.1",
"Tags": [
{
"Key": "Name",
"Type": "AWS::EC2::VPNGateway",
"Properties": {
"Type": "ipsec.1",
"Tags": [
{
"Key": "Name",
"Type": "AWS::EC2::VPNGatewayRoutePropagation"
},
"aclentry1": {
"Properties": {
"CidrBlock": "172.16.0.0/24",
"Egress": "true",
"Type" : "AWS::EC2::VPNGateway",
"Properties" : {
"Type" : "ipsec.1"
}
},
"VpnConnectionGreen" : {
"Type" : "AWS::EC2::VPNGateway",
"Properties" : {
"Type" : "ipsec.1",
"Tags" : [ { "Key" : "Name", "Value" : "Production" } ]
}
},
Parameters
-
AmazonSideAsn
optional - Long -
Tags
optional - List of Tag -
Type
required - String
Explanation in CloudFormation Registry
Specifies a virtual private gateway. A virtual private gateway is the endpoint on the VPC side of your VPN connection. You can create a virtual private gateway before creating the VPC itself.
For more information, see AWS Site-to-Site VPN in the AWS Site-to-Site VPN User Guide.
Frequently asked questions
What is AWS Amazon EC2 VPN Gateway?
AWS Amazon EC2 VPN Gateway is a resource for Amazon EC2 of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS Amazon EC2 VPN Gateway?
For Terraform, the heldersepu/hs-scripts and mfamador/terraform-aws-eks-cluster source code examples are useful. See the Terraform Example section for further details.
For CloudFormation, the librannk/AWS-CloudFormation-tmplte, djoreilly/aws-vpn-testing and anri-c/my-aws-cf-templates source code examples are useful. See the CloudFormation Example section for further details.