To create a site-to-site VPN (Digital Personal Community) utilizing AWS CloudFormation, you need to use the AWS::EC2::VPNGateway and AWS::EC2::VPNConnection assets. Right here’s an instance CloudFormation template to create a site-to-site VPN:
AWSTemplateFormatVersion: '2010-09-09'
Sources:
VpnGateway:
Sort: AWS::EC2::VPNGateway
Properties:
Sort: ipsec.1
Tags:
- Key: Identify
Worth: SiteToSiteVPN
VpnConnection:
Sort: AWS::EC2::VPNConnection
Properties:
Sort: ipsec.1
CustomerGatewayId: <CUSTOMER_GATEWAY_ID>
VpnGatewayId: !Ref VpnGateway
StaticRoutesOnly: true
Tags:
- Key: Identify
Worth: SiteToSiteVPNConnection
VpnConnectionRoute:
Sort: AWS::EC2::VPNConnectionRoute
Properties:
DestinationCidrBlock: <DESTINATION_CIDR_BLOCK>
VpnConnectionId: !Ref VpnConnection
Within the above template, you might want to substitute <CUSTOMER_GATEWAY_ID> with the ID of the shopper gateway representing the distant website, and <DESTINATION_CIDR_BLOCK> with the CIDR block of the distant community you wish to hook up with.
This template creates a VPN gateway (VpnGateway) and a VPN connection (VpnConnection). It additionally creates a VPN connection route (VpnConnectionRoute) to specify the vacation spot CIDR block that must be routed by the VPN connection.
Observe that you could be want to change the template primarily based in your particular necessities, equivalent to configuring the shopper gateway or making further community changes.
After you have the CloudFormation template prepared, you’ll be able to create the stack utilizing the AWS CloudFormation console, AWS CLI, or AWS SDKs. The stack creation course of will provision the mandatory assets to determine the site-to-site VPN connection.
