create a Web site-to-Web site VPN in CloudFormation


To create a site-to-site VPN (Digital Non-public Community) utilizing AWS CloudFormation, you should use the AWS::EC2::VPNGateway and AWS::EC2::VPNConnection sources. Right here’s an instance CloudFormation template to create a site-to-site VPN:

AWSTemplateFormatVersion: '2010-09-09'
Sources:
  VpnGateway:
    Sort: AWS::EC2::VPNGateway
    Properties:
      Sort: ipsec.1
      Tags:
        - Key: Title
          Worth: SiteToSiteVPN

  VpnConnection:
    Sort: AWS::EC2::VPNConnection
    Properties:
      Sort: ipsec.1
      CustomerGatewayId: <CUSTOMER_GATEWAY_ID>
      VpnGatewayId: !Ref VpnGateway
      StaticRoutesOnly: true
      Tags:
        - Key: Title
          Worth: SiteToSiteVPNConnection

  VpnConnectionRoute:
    Sort: AWS::EC2::VPNConnectionRoute
    Properties:
      DestinationCidrBlock: <DESTINATION_CIDR_BLOCK>
      VpnConnectionId: !Ref VpnConnection

Within the above template, it’s worthwhile to exchange <CUSTOMER_GATEWAY_ID> with the ID of the shopper gateway representing the distant web site, and <DESTINATION_CIDR_BLOCK> with the CIDR block of the distant community you wish to connect with.

This template creates a VPN gateway (VpnGateway) and a VPN connection (VpnConnection). It additionally creates a VPN connection route (VpnConnectionRoute) to specify the vacation spot CIDR block that ought to be routed via the VPN connection.

Word that you could be want to switch the template based mostly in your particular necessities, corresponding to configuring the shopper gateway or making further community changes.

Upon getting the CloudFormation template prepared, you possibly can create the stack utilizing the AWS CloudFormation console, AWS CLI, or AWS SDKs. The stack creation course of will provision the mandatory sources to ascertain the site-to-site VPN connection.

Leave a Reply

Your email address will not be published. Required fields are marked *