f205ecd6f8
Add CentOS 7/8 and Amazon Linux 2 support to Cloudformation template. See #901 for details. Co-authored-by: Scottpedia
4.8 KiB
Deploy to Amazon EC2 using CloudFormation (Beta)
Read this in other languages: English, 简体中文.
Note: This deployment template is still in BETA. You may encounter failures during deployment. In that case, please open a new issue.
This template will create a fully-working IPsec VPN server on Amazon Elastic Compute Cloud (Amazon EC2). Please make sure to check the EC2 pricing details before continuing. Using a t2.micro server instance for your deployment may qualify for the AWS Free Tier.
Available customization parameters:
- Amazon EC2 instance type
Note
: It is possible that not all instance type options offered by this template are available in a specific AWS region. For example, you may not be able to deploy an
m5a.largeinstance inap-east-1(hypothetically). In that case, you might experience the following error during deployment:The requested configuration is currently not supported. Please check the documentation for supported configurations. Newly released regions are more prone to having this problem as there are less variety of instances. For more info about instance type availability in AWS regions, you might want to visit https://ec2instances.info/.
- OS for your VPN server (Ubuntu 20.04/18.04/16.04, Debian 9, CentOS 7/8, AmazonLinux2)
Note: Before using the Debian 9 image on EC2, you need to first subscribe at the AWS Marketplace: Debian 9.
- Your VPN username
- Your VPN password
- Your VPN IPsec PSK (pre-shared key)
Note: DO NOT use these special characters within values:
\ " '
Make sure to deploy this template with an AWS Account Root User or an IAM Account with Administrator Access.
Right-click this template link and save as a file on your computer. Then upload it as the template source in the stack creation wizard.
At step 4, make sure to confirm that this template may create IAM resources.
Click the icon below to start:
You may choose an AWS region using the selector to the right of your account information on the navigation bar. After you click "create stack" in the final step, please wait for the stack creation and VPN setup to complete, which may take up to 15 minutes. As soon as the stack's status changes to "CREATE_COMPLETE", you are ready to connect to the VPN server. Click the Outputs tab to view your VPN login details. Then continue to Next steps: Configure VPN Clients.
FAQs
How to connect to the server via SSH after deployment?
You need to know the username and the private key for your instance in order to login to it via SSH.
Each Linux server distribution on AWS has its own default login username, while password login is disabled since the use of private key, or "key pairs", is enforced.
The following is a list of default usernames used by the distributions provided:
Reference: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/connection-prereqs.html
| Distribution | Default Login Username |
|---|---|
Ubuntu (Ubuntu *.04) |
ubuntu |
Debian (Debian 9 only) |
admin |
CentOS (CenOS 7 and CentOS 8) |
centos |
| AmazonLinux2 | ec2-user |
For the private key(aka "Key pair"), this template generates one for you during deployment, and it will be available as text under the Outputs tab after the stack is successfully created.
You will need to save the private key from the Outputs tab to a file on your computer, if you want to access the VPN server via SSH.
Note: You may need to format the private key by replacing all spaces with newlines, before saving to a file. The file also needs to be set with proper permission before it can be used by SSH client.
To add proper permissions to your private key file, run the following command under the directory where the file is located:
sudo chmod 400 my-key-pair.pem
As a result, the command to login to your instance should look like:
$ ssh -i path/to/your/key.pem instance-username@instance-ip-address
Author
Copyright (C) 2020 S. X. Liang
Screenshots
