Here is some information about this architecture.
Here are the steps you can follow to build this solution on your own.
In this lesson, we're going to set up a secure and robust AWS Virtual Private Cloud (VPC) configuration. Our goal is to create a site-to-site VPN connection between an AWS VPC and a customer's on-premises network. This setup allows secure communication between the cloud and on-premises resources.
The configuration includes the following components:
Terraform Block: This sets the required versions for Terraform and the AWS provider.
AWS Provider Block: This defines the region and profile.
VPC: An isolated virtual network within AWS.
Site-to-Site VPN Connection: Includes Customer Gateway, Virtual Private Gateway, and VPN Connection resources.
Let's dive into the explanation of these components and the code.
These define the versions required for both Terraform and the AWS provider, ensuring that our code executes with the correct versions.
This is an isolated virtual network where we can launch AWS resources, providing us with control over the networking environment.
This represents the customer's VPN device in the on-premises network.
This is the VPN concentrator on the Amazon side of the VPN connection.
This establishes the actual VPN connection between the Virtual Private Gateway and the Customer Gateway.
Now, let's dive into the code.
If you're using the Skillmix Labs feature, open the lab settings (the beaker icon) on the right side of the code editor. Then, click the Start Lab button to start hte lab environment.
Wait for the credentials to load. Then run this in the terminal:
$ aws configure --profile smx-lab
AWS Access Key ID [None]:
AWS Secret Access Key [None]:
Default region name [None]: us-west-2
Default output format [None]: jsonBe sure to name your credentials profile 'smx-lab'.
Note: If you're using your own AWS account you'll need to ensure that you've created and configured a named AWS CLI profile named smx-lab.
We'll do all of our work in a file called main.tf. Create that file in your root project directory now and open it for editing.
Next, we'll create the Terraform block. Append the following code to the main.tf file:
terraform {
required_version = ">= 1.5.0"
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 5.11.0"
}
}
}
Explanation: This block sets the required versions for Terraform and AWS provider.
Next, we'll create the AWS provider block. Append the following code to the main.tf file:
provider "aws" {
region = "us-west-2"
profile = "smx-lab"
}
Explanation: This block configures the AWS provider for the us-west-2 region and the smx-lab profile.
Next, we'll create the VPC resource. Append the following code to the main.tf file:
resource "aws_vpc" "my_vpc" {
cidr_block = "10.0.0.0/16"
}
Explanation: This block creates a VPC with a CIDR block of 10.0.0.0/16.
Next, we'll create the Customer Gateway. Append the following code to the main.tf file:
resource "aws_customer_gateway" "my_customer_gateway" {
bgp_asn = 65000
ip_address = "1.2.3.4"
type = "ipsec.1"
}
Explanation: This block creates a Customer Gateway with the specified IP address and BGP ASN.
Next, we'll create the Virtual Private Gateway. Append the following code to the main.tf file:
resource "aws_vpn_gateway" "my_vpn_gateway" {
vpc_id = aws_vpc.my_vpc.id
}
Explanation: This block creates a Virtual Private Gateway and attaches it to the VPC.
Finally, we'll create the VPN connection. Append the following code to the main.tf file:
resource "aws_vpn_connection" "my_vpn_connection" {
customer_gateway_id = aws_customer_gateway.my_customer_gateway.id
vpn_gateway_id = aws_vpn_gateway.my_vpn_gateway.id
type = "ipsec.1"
static_routes_only = true
}
Explanation: This block establishes a VPN connection between the Customer Gateway and the Virtual Private Gateway, using IPsec protocol.
And that's it! This code configures a VPC with a site-to-site VPN connection to a customer's premises. It's a powerful way to securely extend your on-premises network into the AWS cloud. Feel free to reach out with any questions or clarifications. Happy learning!