At BeCloud we are utilizing AWS site-to-site VPN's more and more.  To help get our engineers up to speed quickly, I wrote this quick guide to assist them in quickly configuring site-to-site VPN connections.  I included links to AWS CLI Reference pages.

Step 1

Odoo • Image and Text

Create Customer Gateway

The customer gateway provides information about your VPN customer endpoint device.  You must provide the IP to the endpoints external interface.

Example CLI command with specified IP address for outside interface

aws ec2 create-customer-gateway --type ipsec.1 --public-ip 12.1.2.3 --bgp-asn 65534


Step 2

Odoo • Image and Text

Create Virtual Private Gateway

The virtual private gateway is the enpoint on the VPC side of your VPN connection.

Example CLI command to create a VPG.

aws ec2 create-vpn-gateway --type ipsec.1


Step 3

Odoo • Image and Text

Create Site-to-Site VPN Connection

This creates a VPN connection between the VPG and the Customer Gateway you created in the previous steps.

Example CLI command with specified IP address for outside interface

aws ec2 create-vpn-connection \

    --type ipsec.1 \

   --customer-gateway-id cgw-001122334455abcabc \

   --vpn-gateway-id vgw-1c1c1c1c1c1c2f2f  \

   --tag-specification 'ResourceType=vpn-connection,Tags=[{Key=Name, Value=BGPVPN}]'


Step 4

Odoo • Image and Text

Download Configuration

Once the above steps are configured you can download the configuration for your specific customer device. Make sure you configure static routes if BGP is not utilized.

Example CLI command to configure static route

aws ec2 create-vpn-connection-route --vpn-connection-id vpn-40f41529 --destination-cidr-block 11.12.0.0/16