Last active
December 15, 2019 20:03
-
-
Save pkazmierczak/6886e01508c470934c4d to your computer and use it in GitHub Desktop.
Cloudformation template for creating a simple OpenVPN server
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"AWSTemplateFormatVersion": "2010-09-09", | |
"Description": "OpenVPN server template", | |
"Mappings": { | |
"AWSRegion2AMI": { | |
"ap-northeast-1": { | |
"AMI": "ami-5ea72b5e" | |
}, | |
"ap-southeast-1": { | |
"AMI": "ami-365c5764" | |
}, | |
"ap-southeast-2": { | |
"AMI": "ami-831d51b9" | |
}, | |
"eu-central-1": { | |
"AMI": "ami-507f7e4d" | |
}, | |
"eu-west-1": { | |
"AMI": "ami-03644074" | |
}, | |
"sa-east-1": { | |
"AMI": "ami-4fd55f52" | |
}, | |
"us-east-1": { | |
"AMI": "ami-5fe36434" | |
}, | |
"us-west-1": { | |
"AMI": "ami-8bf40fcf" | |
}, | |
"us-west-2": { | |
"AMI": "ami-9fe2f2af" | |
} | |
} | |
}, | |
"Parameters": { | |
"InstanceType": { | |
"AllowedValues": [ | |
"t2.micro", | |
"t2.medium", | |
"m3.medium", | |
"m3.large", | |
"m3.xlarge", | |
"m3.2xlarge" | |
], | |
"ConstraintDescription": "must be a valid EC2 instance type.", | |
"Default": "t2.micro", | |
"Description": "Instance type for EC2 instance.", | |
"Type": "String" | |
}, | |
"KeyName": { | |
"ConstraintDescription": "must be the name of an existing EC2 KeyPair.", | |
"Default": "openvpn", | |
"Description": "Name of an existing EC2 KeyPair to enable SSH access to the instances", | |
"Type": "AWS::EC2::KeyPair::KeyName" | |
}, | |
"Project": { | |
"AllowedPattern": "[\\x20-\\x7E]*", | |
"ConstraintDescription": "can contain only ASCII characters.", | |
"Default": "OpenVPN-server", | |
"Description": "OpenVPN-server", | |
"MaxLength": "255", | |
"MinLength": "1", | |
"Type": "String" | |
} | |
}, | |
"Resources": { | |
"OpenVPNInstance": { | |
"Properties": { | |
"ImageId": { | |
"Fn::FindInMap": [ | |
"AWSRegion2AMI", | |
{ | |
"Ref": "AWS::Region" | |
}, | |
"AMI" | |
] | |
}, | |
"InstanceType": { | |
"Ref": "InstanceType" | |
}, | |
"KeyName": { | |
"Ref": "KeyName" | |
}, | |
"SecurityGroups": [ | |
{ | |
"Ref": "VPNSecurityGroup" | |
} | |
], | |
"Tags": [ | |
{ | |
"Key": "Name", | |
"Value": { | |
"Fn::Join": [ | |
"-", | |
[ | |
"EC2-VPN", | |
{ | |
"Ref": "Project" | |
} | |
] | |
] | |
} | |
} | |
], | |
"UserData": { | |
"Fn::Base64": { | |
"Fn::Join": [ | |
"", | |
[ | |
"public_hostname=openvpn\n", | |
"admin_user=openvpn\n", | |
"admin_pw=openvpn\n", | |
"reroute_gw=1\n", | |
"reroute_dns=1\n" | |
] | |
] | |
} | |
} | |
}, | |
"Type": "AWS::EC2::Instance" | |
}, | |
"VPNSecurityGroup": { | |
"Properties": { | |
"GroupDescription": "Enable SSH access to the instance and VPN access via configured port. ", | |
"SecurityGroupIngress": [ | |
{ | |
"CidrIp": "0.0.0.0/0", | |
"FromPort": "443", | |
"IpProtocol": "tcp", | |
"ToPort": "443" | |
}, | |
{ | |
"CidrIp": "0.0.0.0/0", | |
"FromPort": "1194", | |
"IpProtocol": "udp", | |
"ToPort": "1194" | |
} | |
], | |
"Tags": [ | |
{ | |
"Key": "Name", | |
"Value": { | |
"Fn::Join": [ | |
"-", | |
[ | |
"SG-VPN", | |
{ | |
"Ref": "Project" | |
} | |
] | |
] | |
} | |
} | |
] | |
}, | |
"Type": "AWS::EC2::SecurityGroup" | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment