Creating a Core Network Foundation in AWS with SSH, VPN & NAT access

By: Morten Jensen

For both test and build purposes I often find myself reusing parts of past CloudFormation templates. Over time I’ve found that the foundation of the templates like VPC, subnets, routing tables etc remain roughly the same. I have also found that the AWS VPN solution often isn’t suitable because of e.g. NAT, lack of port forwarding, lack of “hardware VPN”, expertise etc.

I have therefore started to standardise the Core stack in a single – and simple – template; and rely on Cross Reference Stacks to build in layers/tiers.

The stack provides for:

I have fully automated the OpenVPN set-up and all that’s required for VPN connectivity is an OpenVPN client and to generate the client configuration from the EC2 instance via a very simple script that takes as input an arbitrary client name.

The result and instructions can be found in the Virtuability cfn-templates github repository.

Note that: