To create a site-to-site VPN (Digital Non-public Community) utilizing AWS CloudFormation, you need to use the AWS::EC2::VPNGateway and AWS::EC2::VPNConnection sources. Right here’s an instance CloudFormation template to create a site-to-site VPN:
AWSTemplateFormatVersion: '2010-09-09'
Assets:
VpnGateway:
Sort: AWS::EC2::VPNGateway
Properties:
Sort: ipsec.1
Tags:
- Key: Title
Worth: SiteToSiteVPN
VpnConnection:
Sort: AWS::EC2::VPNConnection
Properties:
Sort: ipsec.1
CustomerGatewayId: <CUSTOMER_GATEWAY_ID>
VpnGatewayId: !Ref VpnGateway
StaticRoutesOnly: true
Tags:
- Key: Title
Worth: SiteToSiteVPNConnection
VpnConnectionRoute:
Sort: AWS::EC2::VPNConnectionRoute
Properties:
DestinationCidrBlock: <DESTINATION_CIDR_BLOCK>
VpnConnectionId: !Ref VpnConnection
Within the above template, it’s worthwhile to substitute <CUSTOMER_GATEWAY_ID> with the ID of the shopper gateway representing the distant website, and <DESTINATION_CIDR_BLOCK> with the CIDR block of the distant community you need to connect with.
This template creates a VPN gateway (VpnGateway) and a VPN connection (VpnConnection). It additionally creates a VPN connection route (VpnConnectionRoute) to specify the vacation spot CIDR block that needs to be routed by the VPN connection.
Notice that you could be want to change the template based mostly in your particular necessities, resembling configuring the shopper gateway or making further community changes.
Upon getting the CloudFormation template prepared, you may create the stack utilizing the AWS CloudFormation console, AWS CLI, or AWS SDKs. The stack creation course of will provision the mandatory sources to determine the site-to-site VPN connection.
