Skip to content

tdeckers/site-to-site

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
cloudformation
cloudformation
 
 
functions
functions
 
 
terraform
terraform
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
TODO.md
TODO.md
 
 
env.sh
env.sh
 
 
private.sh
private.sh
 
 

Repository files navigation

published

Site-to-site VPN Controller

Overview

The code and configuration in this repo allows you to deploy a solution that can automatically set up and tear down a VPN connection between your home network and AWS. With the VPN connection in place, you can directly access cloud resources from your home network over a secure connection.

The VPN Connection attaches to a specific VPC and route table in AWS. Any resource (e.g. EC2 instance) provisioned in a subnet configured with the route table will be accessible.

This repo assumes Meraki MX to be the home side of the VPN Connection. Other VPN solutions might be possible, but instructions are not included here.

For a detailed overview of the purpose and use of this solution, check out this post.

Prerequisites

  • AWS account and CLI configured
  • Terraform installed
  • S3 bucket. Used for remote state and cloud formation template. For my setup requires public access of the S3 bucket. You can change that.
  • (optional) Meraki account and MX for home side of the VPN tunnel. You can use alternative VPN solutions, but this repo doesn't provide instruction.

Before using terraform:

  • Ensure AWS credentials are set. Run aws configure if needed.
  • Update private.sh with AWS and Meraki details
  • verify and update provider.tf as needed.
  • update backend.tf with your S3 bucket. If you want to use local state, you can remove the file.

Deploy

  1. Build lambda functions
    make build
  1. (only needed once) Initialize terraform
    make init
  1. Deploy infrastructure to AWS
    source ./env.sh
    make deploy

Usage

The deployment will create a number of resources in your AWS account. Most importantly, it'll create an API Gateway endpoint that you can trigger to create and delete the VPN connection.

Navigate to the API Gateway Console. Under APIs, find Site-to-site API. Click on ANY and then on Test. This will open a page to trigger API calls.

To verify if a VPN connection is already create, select Method GET and click on Test at the bottom of the page.

To create a VPN connection, select Method POST and add on as the Request Body. After about 10 minutes the VPN connection is created and optionally Meraki MX is configured.

To tear down the VPN connection, select Method POST and add off as the Request Body.

About

Automation for site-to-site VPN (AWS - Meraki MX)

Resources

Readme

License

BSD-3-Clause license
Activity

Stars

5 stars

Watchers

3 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages