Troposphere template for creating a simple OpenVPN server Raw
from troposphere import (Base64, Join, FindInMap, | |
Parameter, Ref, Tags, Template) | |
import troposphere.ec2 as ec2 | |
# Mappings of OpenVPN AMIs | |
OPENVPN_AMI = { | |
'ap-northeast-1': {"AMI": 'ami-5ea72b5e'}, # Asia Pacific (Tokyo) | |
'ap-southeast-1': {"AMI": 'ami-365c5764'}, # Asia Pacific (Singapore) | |
'ap-southeast-2': {"AMI": 'ami-831d51b9'}, # Asia Pacific (Sydney) | |
'eu-central-1': {"AMI": 'ami-507f7e4d'}, # EU (Frankfurt) | |
'eu-west-1': {"AMI": 'ami-03644074'}, # EU (Ireland) | |
'sa-east-1': {"AMI": 'ami-4fd55f52'}, # South America (Sao Paulo) | |
'us-east-1': {"AMI": 'ami-5fe36434'}, # US East (N. Virginia) | |
'us-west-1': {"AMI": 'ami-8bf40fcf'}, # US West (N. California) | |
'us-west-2': {"AMI": 'ami-9fe2f2af'} # US West (Oregon) | |
} | |
ASCII_CHAR = "[\\x20-\\x7E]*" | |
INVALID_ASCII_MSG = "can contain only ASCII characters." | |
t = Template() | |
t.add_version("2010-09-09") | |
t.add_description("OpenVPN server template") | |
Project = t.add_parameter(Parameter( | |
"Project", | |
Type="String", | |
Description="OpenVPN-server", | |
Default="OpenVPN-server", | |
MinLength="1", | |
MaxLength="255", | |
AllowedPattern=ASCII_CHAR, | |
ConstraintDescription=INVALID_ASCII_MSG, | |
)) | |
KeyName = t.add_parameter(Parameter( | |
"KeyName", | |
ConstraintDescription="must be the name of an existing EC2 KeyPair.", | |
Type="AWS::EC2::KeyPair::KeyName", | |
Default="openvpn", | |
Description="Name of an existing EC2 KeyPair to enable SSH access to the instances", | |
)) | |
InstanceType = t.add_parameter(Parameter( | |
"InstanceType", | |
Default="t2.micro", | |
ConstraintDescription="must be a valid EC2 instance type.", | |
Type="String", | |
Description="Instance type for EC2 instance.", | |
AllowedValues=["t2.micro", "t2.medium", "m3.medium", "m3.large", "m3.xlarge", "m3.2xlarge"], | |
)) | |
t.add_mapping("AWSRegion2AMI", OPENVPN_AMI) | |
VPNSecurityGroup = t.add_resource(ec2.SecurityGroup( | |
"VPNSecurityGroup", | |
SecurityGroupIngress=[ | |
# By default 22 is locked for security reasons | |
# {"ToPort": "22", "IpProtocol": "tcp", "CidrIp": "0.0.0.0/0", "FromPort": "22"}, | |
{"ToPort": "443", "IpProtocol": "tcp", "CidrIp": "0.0.0.0/0", "FromPort": "443"}, | |
{"ToPort": "1194", "IpProtocol": "udp", "CidrIp": "0.0.0.0/0", "FromPort": "1194"}], | |
GroupDescription="Enable SSH access to the instance and VPN access via configured port. ", | |
Tags=Tags( | |
Name=Join("-", ["SG-VPN", Ref(Project)]), | |
), | |
)) | |
OpenVPNInstance = t.add_resource(ec2.Instance( | |
"OpenVPNInstance", | |
ImageId=FindInMap("AWSRegion2AMI", Ref("AWS::Region"), "AMI"), | |
SecurityGroups=[Ref(VPNSecurityGroup)], | |
KeyName=Ref(KeyName), | |
InstanceType=Ref(InstanceType), | |
UserData=Base64(Join("", [ | |
"public_hostname=openvpn\n", | |
"admin_user=openvpn\n", | |
"admin_pw=openvpn\n", | |
"reroute_gw=1\n", | |
"reroute_dns=1\n" | |
])), | |
Tags=Tags( | |
Name=Join("-", ["EC2-VPN", Ref(Project)]), | |
), | |
)) | |
print(t.to_json()) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment