This section is incomplete. The missing parts will be developed during the workshop.
Enhance the Makefile in the infrastructure git project with the following content:
AWS_REGION := eu-central-1
REMOTE_VPN_DEVICE_IP := 213.61.81.133
###############################################################################################
.PHONY: transit-vpn
transit-vpn:
aws cloudformation deploy \
--no-fail-on-empty-changeset \
--template-file transit/vpn.yml \
--stack-name vpn \
--parameter-overrides RemoteVpnDeviceIp="$(REMOTE_VPN_DEVICE_IP)" \
--region $(AWS_REGION)
Make sure to use the correct cidr in the MASTER_VPC_CIDR and the correct transit gateway id in the TRANSIT_GW_ID variable.
Create a new cloudformation template in transit/vpn.yml and define the VPN connection in there:
---
AWSTemplateFormatVersion: 2010-09-09
Description: VPN setup to Datacenter
Parameters:
RemoteVpnDeviceIp:
Description: External IP Address of the Customer VPN Device.
Type: String
MinLength: '7'
MaxLength: '15'
AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})"
ConstraintDescription: Must be a valid IP Address x.x.x.x
Resources:
VPNGateway:
Type: AWS::EC2::VPNGateway
Properties:
Type: ipsec.1
CustomerGateway:
Type: AWS::EC2::CustomerGateway
Properties:
Type: ipsec.1
BgpAsn: '65000'
IpAddress:
Ref: RemoteVpnDeviceIp
Tags:
- Key: Name
Value: !Sub 'Gateway to ${RemoteVpnDeviceIp}'
VPNConnection:
Type: AWS::EC2::VPNConnection
Properties:
Type: ipsec.1
StaticRoutesOnly: 'true'
CustomerGatewayId:
Ref: CustomerGateway
VpnGatewayId:
Ref: VPNGateway
Create the Cloudformation stack with the following command in the transit AWS account
AWS_PROFILE=myorg-transit make transit-vpn
After the creation attach the VPN connection to the Transit gateway.