rich-nahra/vpn.ts

## vpn.ts
import cdk = require('@aws-cdk/core');
import ec2 = require('@aws-cdk/aws-ec2');

export class DnsStack extends cdk.Stack {
  constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) {
    super(scope, id, props);

    const numVpc = 1
    const keyName = 'mykp' //cdk doesn't seem to have api for ec2 keypair. create manually.
    const remoteSubnets = ['x.x.x.x/x']
    const remoteWanIP = 'x.x.x.x'

    for (let index = 1; index <= numVpc; index++) {
      const vpc = new ec2.Vpc(this, `vpc${index}`, {
        cidr: `10.${index-1}.0.0/20`,
        maxAzs: 2,
        subnetConfiguration: [
          {
            name: `vpc${index}-private`,
            subnetType: ec2.SubnetType.PRIVATE,
          },
          {
            name: `vpc${index}-public`,
            subnetType: ec2.SubnetType.PUBLIC
          }
        ],
        vpnGateway: true,
       })
      const vpn = vpc.addVpnConnection(`vpn${index}`, {
        ip: remoteWanIP,
        staticRoutes: remoteSubnets
      })
      const sg = new ec2.SecurityGroup(this, `vpn${index}`, {
        vpc
      })
      vpc.availabilityZones.forEach((az, i) => {
        i++;
        let vm = new ec2.Instance(this, `vpc${index}-vm${i}`, {
          vpc: vpc,
          instanceName: `vpc${index}-vm${i}`,
          keyName,
          instanceType: new ec2.InstanceType('t2.micro'),
          machineImage: new ec2.AmazonLinuxImage(),
          availabilityZone: az,
        })
        vm.connections.allowInternally(ec2.Port.tcp(22))
        vm.connections.allowFromAnyIpv4(ec2.Port.allIcmp());
        vm.connections.addSecurityGroup(sg);
        remoteSubnets.forEach(s => {
          vm.connections.allowFrom(ec2.Peer.ipv4(s), ec2.Port.tcp(22), 'allow ssh over vpn from customer subnet')
        })
      })
    }
  }
}
	import cdk = require('@aws-cdk/core');
	import ec2 = require('@aws-cdk/aws-ec2');

	export class DnsStack extends cdk.Stack {
	constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) {
	super(scope, id, props);

	const numVpc = 1
	const keyName = 'mykp' //cdk doesn't seem to have api for ec2 keypair. create manually.
	const remoteSubnets = ['x.x.x.x/x']
	const remoteWanIP = 'x.x.x.x'

	for (let index = 1; index <= numVpc; index++) {
	const vpc = new ec2.Vpc(this, `vpc${index}`, {
	cidr: `10.${index-1}.0.0/20`,
	maxAzs: 2,
	subnetConfiguration: [
	{
	name: `vpc${index}-private`,
	subnetType: ec2.SubnetType.PRIVATE,
	},
	{
	name: `vpc${index}-public`,
	subnetType: ec2.SubnetType.PUBLIC
	}
	],
	vpnGateway: true,
	})
	const vpn = vpc.addVpnConnection(`vpn${index}`, {
	ip: remoteWanIP,
	staticRoutes: remoteSubnets
	})
	const sg = new ec2.SecurityGroup(this, `vpn${index}`, {
	vpc
	})
	vpc.availabilityZones.forEach((az, i) => {
	i++;
	let vm = new ec2.Instance(this, `vpc${index}-vm${i}`, {
	vpc: vpc,
	instanceName: `vpc${index}-vm${i}`,
	keyName,
	instanceType: new ec2.InstanceType('t2.micro'),
	machineImage: new ec2.AmazonLinuxImage(),
	availabilityZone: az,
	})
	vm.connections.allowInternally(ec2.Port.tcp(22))
	vm.connections.allowFromAnyIpv4(ec2.Port.allIcmp());
	vm.connections.addSecurityGroup(sg);
	remoteSubnets.forEach(s => {
	vm.connections.allowFrom(ec2.Peer.ipv4(s), ec2.Port.tcp(22), 'allow ssh over vpn from customer subnet')
	})
	})
	}
	}
	}