Connect EC2 Instances Through VPN
What is VPN?
VPN or Virtual Private Network is the opportunity to establish a protected network connection when using public networks. VPNs encrypt your internet traffic and disguise your online identity. This makes it more difficult for third parties to track your activities online and steal data. The encryption takes place in real time. It can be implement to the server for increasing the security, in this article show you how to make secure connectivity to the AWS EC2 Instance using VPN Connection.
Architecture Design
Pre-requisites:
- VPC which consist of public subnet
- EC2 instance for simulate the VPN Connection
Step by step:
- Prepare the ec2 instance and vpc
2. Create the VPN Server
- Select the platform of the VPN server by search on the AWS Marketplaces (e.g Open VPN), next until you launch the instance.
- Now you have two EC2 Instance: Web Server and VPN Server
Note: Best practice for creating VPN server is attach the Elastic IP, so the IP Public will be static,
- Login to the VPN Server using SSH and setup the VPN Server Configuration.
When you success for SSH it will be provided the configuration, choose the like following configuration and left other configuration as Yes.
Configure the initial user and password of the VPN Server
You can login the dashboard of VPN server by using the /admin above, and setup the user name and passwod first (default is openvpn and you need to configure the password cause it’s use the user of vpn server in linux).
3. Setup the user configuration
- Add the client for the VPN server, go to the USER MANAGEMENT, add the username and the password. Then save setting and don’t forget to finish by click the Update Configuration.
- You don’t have to checklist as an admin, you have to download the VPN Client apps, by visit the link Client UI (http://ip-address:943/), without /admin. Login with the user and password that defined before and you will be provided the option of the platform Open VPN, then you can download the VPN Apps as you want.
- Download and install the apps, then login with the username and password that you create in vpn server, then if you can connect it will be displayed as bellow.
NOTE:
- Until this step your computer was connected by using the VPN Server in AWS
- You can connected to the server using the IP Private, but you have to setup the security group first.
4. Setup the security group to allow the SSH of the web server just from the security group of the VPN Server. So your web server just can be SSH by your VPN Server.
- Setup the inbound rule of the security group web server by accessing SSH and ICMP from the security group ID of the VPN Server.
5. Testing the connection via the private IP of the web server, don’t forget for attach the key pairs.
6. Finally you can connect to the server through the VPN
Note: best practices is the web server just have the private IP so you can delete the IP Public and now the security is increased.
That all how to connect to your EC2 Instance through VPN Server, now your EC2 is more secure, hope this useful for you. Thank you!
Source: https://openvpn.net/vpn-server-resources/amazon-web-services-ec2-byol-appliance-quick-start-guide/
