By Implementation

Service Control PoliciesConfig RulesAuto Remediation RulesConformance PacksAmazon GuardDutyAmazon InspectorAWS Security HubAWS Network FirewallRoute53 Resolver SecurityAmazon MacieS3 Bucket PoliciesCloudWatch Alarms and Event RulesAWS WAFAWS Secrets ManagerAWS Systems ManagerSecurity Groups & NACLsAWS KMSIAM PoliciesVPC Endpoint PoliciesAmazon ECRRDS Event Subscriptions

By Service Protected

Configuration Packages

Strategy Guides

Other

VPC Security Controls

Site-to-Site VPN

Configuration template to deploy a Site-to-Site VPN connection for an existing VPC between a virtual private gateway (VGW) on the AWS side, and a VPN device (customer gateway) on the remote side

This template includes the following settings: 

  • Amazon Configuration Side:
    • Existing VPC Id where the connection will be configured
    • (Optional) Gateway name and BGP ASN for the Amazon VPN gateway
  • Remote Side
    • Public IP Address for the remote gateway
    • Gateway Name and BGP ASN for the remote VPN gateway
  • Static or Dynamic (BGP) routing mode:
    • With static routes, you can provide predefined IP CIDRs to add to the VPN tunnel configuration
    • Dynamic routing will enable automatic route propagation from the VPN tunnel to the provided Route Table Ids

Note: Once the VPN connection is active, you can download additional tunnel settings such as pre-shared key and the public IP address from the VPC Console > VPN Connections > Download Configuration

Items
4
Size
0.7 KB
Missing Parameters
AWSTemplateFormatVersion: "2010-09-09"
Description: ""
Resources:
  VpcVpnGateway:
    Type: "AWS::EC2::VPNGateway"
    Properties:
      Type: "ipsec.1"
  VpcVpnGatewayAttachment:
    Type: "AWS::EC2::VPCGatewayAttachment"
    Properties:
      VpcId: ""
      VpnGatewayId:
        Ref: "VpcVpnGateway"
  CustomerGateway:
    Type: "AWS::EC2::CustomerGateway"
    Properties:
      Type: "ipsec.1"
      IpAddress: ""
      BgpAsn: 65000
  VpnConnection:
    Type: "AWS::EC2::VPNConnection"
    Properties:
      Type: "ipsec.1"
      VpnGatewayId:
        Ref: "VpcVpnGateway"
      CustomerGatewayId:
        Ref: "CustomerGateway"
      StaticRoutesOnly: false
Parameters: {}
Metadata: {}
Conditions: {}

Actions



Customize Template

Amazon Side

Remote Side

Routing Configuration

* Required field