Guided Walkthroughs

Configuration Packages

By Implementation

Service Control PoliciesConfig RulesAuto Remediation RulesConformance PacksAmazon GuardDutyAmazon InspectorAWS Security HubAWS Network FirewallRoute53 Resolver SecurityAmazon MacieS3 Bucket PoliciesCloudWatch Alarms and Event RulesAWS WAFAWS Secrets ManagerAWS Systems ManagerSecurity Groups & NACLsAWS KMSAWS SSOIAM PoliciesVPC Endpoint PoliciesCloudFormation Guard RulesLoad BalancersRDS Event SubscriptionsAWS Resource Access Manager (RAM)

By Service Protected

Reference Guides

Other

VPC Security Controls

Site-to-Site VPN

Configuration template to deploy a Site-to-Site VPN connection for an existing VPC between a virtual private gateway (VGW) on the AWS side, and a VPN device (customer gateway) on the remote side

This template includes the following settings: 

  • Amazon Configuration Side:
    • Existing VPC Id where the connection will be configured
    • (Optional) Gateway name and BGP ASN for the Amazon VPN gateway
  • Remote Side
    • Public IP Address for the remote gateway
    • Gateway Name and BGP ASN for the remote VPN gateway
  • Static or Dynamic (BGP) routing mode:
    • With static routes, you can provide predefined IP CIDRs to add to the VPN tunnel configuration
    • Dynamic routing will enable automatic route propagation from the VPN tunnel to the provided Route Table Ids

Note: Once the VPN connection is active, you can download additional tunnel settings such as pre-shared key and the public IP address from the VPC Console > VPN Connections > Download Configuration

Items
4
Size
0.7 KB
Missing Parameters
AWSTemplateFormatVersion: "2010-09-09"
Description: ""
Resources:
  VpcVpnGateway:
    Type: "AWS::EC2::VPNGateway"
    Properties:
      Type: "ipsec.1"
  VpcVpnGatewayAttachment:
    Type: "AWS::EC2::VPCGatewayAttachment"
    Properties:
      VpcId: ""
      VpnGatewayId:
        Ref: "VpcVpnGateway"
  CustomerGateway:
    Type: "AWS::EC2::CustomerGateway"
    Properties:
      Type: "ipsec.1"
      IpAddress: ""
      BgpAsn: 65000
  VpnConnection:
    Type: "AWS::EC2::VPNConnection"
    Properties:
      Type: "ipsec.1"
      VpnGatewayId:
        Ref: "VpcVpnGateway"
      CustomerGatewayId:
        Ref: "CustomerGateway"
      StaticRoutesOnly: false
Parameters: {}
Metadata: {}
Conditions: {}

Actions



Customize Template

Amazon Side

Remote Side

Routing Configuration

* Required field

Upgrade to Premium for More Features
Sign up

Guided Walkthroughs
Step-by-step configuration wizards for your environment
Dedicated Security Account
AWS Backup Strategy
VPC Connectivity Setup
Automated Patching
All Guides
Configuration Packages
Pre-built packages for common configuration
Common SCPs
CloudFormation Guard Rules
Auto Remediation Rules
IAM Monitoring & Compliance
All Packages
Automated Assessments
  • 350+ security checks
  • Well-architected reviews
  • Detailed compliance reports
  • Remediation templates
  • Email summaries
  • Learn more