AWS Knowledge Center Videos: “How do I create a VPN with Amazon VPC?”

AWS Knowledge Center Videos: “How do I create a VPN with Amazon VPC?”


Hi there! My name is Ben and I’m a Cloud Support Engineer
here at AWS. At some point you may need
to build a secure connection between your office and the cloud
using the AWS VPN service. I’m going to be walking you through the three main components
that build this connection. First in the AWS console
you want to create what is known
as the Customer Gateway. This represents the customer’s
office side of the connection. Here you will specify
your firewall’s public IP and then AS number
if you intend to use BGP or dynamic routing. Secondly, at the Virtual
Private Gateway which represents the VPN endpoint
at the AWS side of your connection. And finally the VPN Connection. This component is solely based off
the previous two components which I mentioned. It will automatically provide
a downloadable config file which you can use to configure
office firewall to bring up the VPN. Let’s take a look at each of these. First to create a VPN you want
to go to your VPC Console. Then go to the left hand side
and scroll all the way to the bottom. Click on Customer Gateways. Click the Create
Customer Gateway button. In this dialog box
you want to give it a name that you recognize from a list, for example we could say
something like OregonOffice. Next, choose the type of routing
you intend to use. You have two options –
you have Static and Dynamic. I’m just going to choose Static
for this example. Lastly, you want to choose
the public IP of your office, your on premise office firewall. For this example
I’ll just say 12.34.56.78. Click the Yes, Create button. So secondly you want to go
to the Virtual Private Gateways now. And click the Create Virtual
Private Gateway button. Give it a name that you recognize. So for example if you have
a dev VPC and prod VPC you may want to say
something like DevVPC. I’m gonna right click this
and attach it to the appropriate VPC, the VPC that you want
to communicate with. Finally, you can go down
to the VPN Connections. Click the Create
VPN Connection button. And give it a name
that recognize. So we’ll just call this
our DevVPN. Choose the vgw
that you just created, as well as the cgw
that you just created. Again choose the type of routing
that you’re going to be using. In our case it’s Static. For Static IP prefixes you want
to specify the private network behind your on premise firewall, for example maybe 192.168.0.0/16. Click the Yes, Create button. Don’t be alarmed that this
process takes a few minutes. Feel free to go grab
a cup of coffee while you wait. Once your VPN has finished creating
select it from the list, and click the Download
Configuration button above. You’ll notice that the dialog box
gives you an option of different vendors, platforms and software. So far my example I’m just
going to say Cisco ASA. Click the Yes, Download button and save the file
to your local machine. So you can open this file and it’s
going to have all the parameters and information you need
to bring the VPN up from your on premise firewall
at this point. And just remember
if you get stuck you can always contact us here
at AWS Support. We’re happy to help.

12 Comments

  • Chards shi says:

    I've create AWS VPN,but I how do when i type i IPSec preshare and public ip in the just created vpn of window 7,then what's the password and user ? I use win 7 set up vpn to connect it.something wrong ?please help me

  • Misha Yufit says:

    Hi,
    I have two questions.
    1. Once allocated CIDR for VPC, can you change the CIDR ?
    2. Can you please explain how to configure a Lambda Function for Amazon private VPC Access, I am trying to create automatic snapshots for EC2 instances using Lambda.

    Thank you

  • Adrian Wheat says:

    I really like this VPN service “kanat unique one” (Google it). Easy to set up & use. Allows accessibility Google in areas where it`s blocked, and speed is great. I`m a low bandwidth user, but I just updated Fb & it downloaded in seconds, exactly like at home. This service is ideal for you also. I find it truly remarkable!

  • Zephyr Morales says:

    This VPN solution known as “kanat unique one” (Google it) works smoothly. Setup was simple and very quick. I just recently renewed my 1 year membership to the service. This vpn service provider is my personal favorite it protects my pc from online hackers and trojans on the net!

  • Adrian Wheat says:

    VPIN is user-friendly. Activating and deactivating it is very handy. It is the best VPN for me personally “fetching zonet com” (Google it). I`ve utilized this VPN service for 2 years and have experienced no difficulties with the program. The software is consistently updated every few months. I am surprised by the internet security and protection.

  • Zelig Urbina says:

    I`d give five stars to this VPN service “fetching zonet com” (Google it). I started utilizing it 6 months ago. Had a loading concern a few times but online chat helped me out satisfactorily. It was also easy to activate the software program and also hooking up was quick. I suggest the service, I like it!

  • Alain Abrahan says:

    You forgot to tes the vpn at least in windows those cisco settings are to complicate I did everything but I don't know how to connect using my windows VPN connection on my local machine to connect to the EC2 instance

  • applebenny says:

    Big Question: Is Amazon working together with the goverment and tell them my personal data, if i do something like file sharing over this vpn?

  • Naresh M says:

    Simply Thank you so much

  • Selva Yogesh says:

    Hi,
    While proceeding with download configuration, it list the names of the firewall. But unfortunately I don't find the name of my firewall listed on download configuration. In this case what should I do further.

  • Vilensky Dmitry says:

    Very bad and unclear explanation

  • Girish Kr says:

    Do not see "VPN Connections" as it in video. It might be old UI.

Leave a Reply

Your email address will not be published. Required fields are marked *