Remove aws
- Remove aws/ folder at author's request.
This commit is contained in:
parent
e1060fdbbe
commit
d9560a610f
@ -1,85 +0,0 @@
|
||||
# 使用 CloudFormation 在 Amazon EC2 上部署
|
||||
|
||||
*其他语言版本: [English](README.md), [简体中文](README-zh.md)。*
|
||||
|
||||
使用这个模板,你可以在 Amazon Elastic Compute Cloud(Amazon EC2)上快速搭建一个 IPsec VPN 服务器。在继续之前,请参见 EC2 [定价细节](https://aws.amazon.com/cn/ec2/pricing/on-demand/)。在部署中使用 `t2.micro` 服务器实例可能符合 [AWS 免费套餐](https://aws.amazon.com/cn/free/) 的资格。
|
||||
|
||||
可用的自定义参数:
|
||||
|
||||
- Amazon EC2 实例类型
|
||||
> **注:** 在某些 AWS 区域中,此模版提供的某些实例类型可能不可用。比如 `m5a.large` 可能无法在 `ap-east-1` 区域部署(仅为假设)。在此情况下,你会在部署过程中遇到此错误:`The requested configuration is currently not supported. Please check the documentation for supported configurations`。新开放的 AWS 区域更容易出现此问题,因为它们提供的实例类型较少。如需了解更多关于实例可用性的信息,请参见 [https://instances.vantage.sh/](https://instances.vantage.sh/)。
|
||||
- VPN 服务器的操作系统(Ubuntu 20.04/18.04, Debian 9, CentOS 7, Amazon Linux 2)
|
||||
> **注:** 在 EC2 上使用 Debian 9 映像之前,你需要先在 AWS Marketplace 上订阅:[Debian 9](https://aws.amazon.com/marketplace/pp/B073HW9SP3)。
|
||||
- 你的 VPN 用户名
|
||||
- 你的 VPN 密码
|
||||
- 你的 VPN IPsec PSK(预共享密钥)
|
||||
|
||||
> **注:** \*不要\* 在值中使用这些字符: `\ " '`
|
||||
|
||||
确保使用 **AWS 账户根用户** 或者有 **管理员权限** 的 **IAM 用户** 部署此模板。
|
||||
|
||||
右键单击这个 [**模板链接**](https://raw.githubusercontent.com/hwdsl2/setup-ipsec-vpn/master/aws/cloudformation-template-ipsec.json),并将它保存到你的计算机上的一个新文件。然后在 ["创建堆栈" 向导](https://console.aws.amazon.com/cloudformation/home#/stacks/new)中将其作为模板源上传。继续创建堆栈,在最后一步你需要确认(选择)此模板可以创建 IAM 资源。
|
||||
|
||||
<details>
|
||||
<summary>
|
||||
点这里查看屏幕截图
|
||||
</summary>
|
||||
|
||||
![上传模板](images/upload-the-template.png)
|
||||
![指定参数](images/specify-parameters.png)
|
||||
![确认 IAM](images/confirm-iam.png)
|
||||
</details>
|
||||
|
||||
点击下面的图标开始:
|
||||
|
||||
[![Launch stack](images/cloudformation-launch-stack-button.png)](https://console.aws.amazon.com/cloudformation/home#/stacks/new)
|
||||
|
||||
要指定一个 AWS 区域,你可以使用导航栏上你的帐户信息右侧的选择器。当你在最后一步中点击 "create stack" 之后,请等待堆栈创建和 VPN 安装完成,可能需要最多 15 分钟。一旦堆栈的部署状态变成 **"CREATE_COMPLETE"** ,你就可以连接到 VPN 服务器了。单击 **Outputs** 选项卡以查看你的 VPN 登录信息,然后继续下一步:[配置 VPN 客户端](../README-zh.md#下一步)。
|
||||
|
||||
> **注:** IKEv2 模式的客户端配置文件可以在你的 VPN 服务器的 `/root` 目录中找到。要使用 SSH 连接到服务器,请参见下面的 "常见问题" 小节。
|
||||
|
||||
> **注:** 如果你删除使用此模板部署的 CloudFormation 堆栈,在部署期间添加的密钥对将不会自动被清理。要管理你的密钥对,请转到 EC2 控制台 -> 密钥对。
|
||||
|
||||
## 常见问题
|
||||
|
||||
<details>
|
||||
<summary>
|
||||
部署后如何通过 SSH 连接到服务器?
|
||||
</summary>
|
||||
|
||||
你需要你的 Amazon EC2 实例的用户名和私钥,才能通过 SSH 登录到该实例。
|
||||
|
||||
EC2 上的每个 Linux 服务器发行版本都有它自己的默认登录用户名。新实例默认禁用密码登录,必须使用私钥或 “密钥对” 登录。
|
||||
|
||||
默认用户名列表:
|
||||
> **参考链接:** [https://docs.aws.amazon.com/zh_cn/AWSEC2/latest/UserGuide/connection-prereqs.html#connection-prereqs-private-key](https://docs.aws.amazon.com/zh_cn/AWSEC2/latest/UserGuide/connection-prereqs.html#connection-prereqs-private-key)
|
||||
|
||||
| 发行版本 | 默认登录用户名 |
|
||||
| --- | --- |
|
||||
| Ubuntu (`Ubuntu *.04`) | `ubuntu` |
|
||||
| Debian (`Debian 9`) | `admin` |
|
||||
| CentOS (`CenOS 7`) | `centos` |
|
||||
| Amazon Linux 2 | `ec2-user` |
|
||||
|
||||
此模板在部署期间为你生成一个密钥对,并且在成功创建堆栈后,其中的私钥将在 **Outputs** 选项卡下以文本形式提供。
|
||||
|
||||
如果要通过 SSH 访问 VPN 服务器,则需要将 **Outputs** 选项卡中的私钥保存到你的计算机上的一个新文件。
|
||||
|
||||
> **注:** 在保存到你的计算机之前,你可能需要修改私钥的格式,比如用换行符替换所有的空格。在保存后,需要为该私钥文件设置[适当的权限](https://docs.aws.amazon.com/zh_cn/AWSEC2/latest/UserGuide/connection-prereqs.html#connection-prereqs-private-key)才能使用。
|
||||
|
||||
![显示密钥](images/show-key.png)
|
||||
|
||||
要为私钥文件设置适当的权限,请在该文件所在的目录下运行以下命令:
|
||||
```bash
|
||||
$ sudo chmod 400 key-file.pem
|
||||
```
|
||||
|
||||
使用 SSH 登录到 EC2 实例的示例命令:
|
||||
```bash
|
||||
$ ssh -i path/to/your/key-file.pem instance-username@instance-ip-address
|
||||
```
|
||||
</details>
|
||||
|
||||
## 作者
|
||||
|
||||
版权所有 (C) 2020-2022 [S. X. Liang](https://github.com/scottpedia)
|
@ -1,85 +0,0 @@
|
||||
# Deploy to Amazon EC2 using CloudFormation
|
||||
|
||||
*Read this in other languages: [English](README.md), [简体中文](README-zh.md).*
|
||||
|
||||
This template will create a fully-working IPsec VPN server on Amazon Elastic Compute Cloud (Amazon EC2). Please make sure to check the EC2 [pricing details](https://aws.amazon.com/ec2/pricing/on-demand/) before continuing. Using a `t2.micro` server instance for your deployment may qualify for the [AWS Free Tier](https://aws.amazon.com/free/).
|
||||
|
||||
Available customization parameters:
|
||||
|
||||
- Amazon EC2 instance type
|
||||
> **Note:** It is possible that not all instance type options offered by this template are available in a specific AWS region. For example, you may not be able to deploy an `m5a.large` instance in `ap-east-1` (hypothetically). In that case, you might experience the following error during deployment: `The requested configuration is currently not supported. Please check the documentation for supported configurations`. Newly released regions are more prone to having this problem as there are less variety of instances. For more info about instance type availability, refer to [https://instances.vantage.sh/](https://instances.vantage.sh/).
|
||||
- OS for your VPN server (Ubuntu 20.04/18.04, Debian 9, CentOS 7, Amazon Linux 2)
|
||||
> **Note:** Before using the Debian 9 image on EC2, you need to first subscribe at the AWS Marketplace: [Debian 9](https://aws.amazon.com/marketplace/pp/B073HW9SP3).
|
||||
- Your VPN username
|
||||
- Your VPN password
|
||||
- Your VPN IPsec PSK (pre-shared key)
|
||||
|
||||
> **Note:** DO NOT use these special characters within values: `\ " '`
|
||||
|
||||
Make sure to deploy this template with an **AWS Account Root User** or an **IAM Account** with **Administrator Access**.
|
||||
|
||||
Right-click this [**template link**](https://raw.githubusercontent.com/hwdsl2/setup-ipsec-vpn/master/aws/cloudformation-template-ipsec.json) and save as a file on your computer. Then upload it as the template source in the [stack creation wizard](https://console.aws.amazon.com/cloudformation/home#/stacks/new). Continue creating the stack, and in the final step make sure to confirm that this template may create IAM resources.
|
||||
|
||||
<details>
|
||||
<summary>
|
||||
Click here to view screenshots
|
||||
</summary>
|
||||
|
||||
![Upload the template](images/upload-the-template.png)
|
||||
![Specify parameters](images/specify-parameters.png)
|
||||
![Confirm IAM](images/confirm-iam.png)
|
||||
</details>
|
||||
|
||||
Click the icon below to start:
|
||||
|
||||
[![Launch stack](images/cloudformation-launch-stack-button.png)](https://console.aws.amazon.com/cloudformation/home#/stacks/new)
|
||||
|
||||
You may choose an AWS region using the selector to the right of your account information on the navigation bar. After you click "create stack" in the final step, please wait for the stack creation and VPN setup to complete, which may take up to 15 minutes. As soon as the stack's status changes to **"CREATE_COMPLETE"**, you are ready to connect to the VPN server. Click the **Outputs** tab to view your VPN login details. Then continue to [Next steps: Configure VPN Clients](../README.md#next-steps).
|
||||
|
||||
> **Note:** Client configuration files for IKEv2 mode can be found in the `/root` folder of your VPN server. To connect to the VPN server using SSH, refer to the FAQs section below.
|
||||
|
||||
> **Note:** If you delete a CloudFormation stack deployed using this template, the key pair that was added during deployment won't be automatically cleaned up. To manage your key pairs, go to EC2 console -> Key Pairs.
|
||||
|
||||
## FAQs
|
||||
|
||||
<details>
|
||||
<summary>
|
||||
How to connect to the server via SSH after deployment?
|
||||
</summary>
|
||||
|
||||
You need to know the username and the private key for your Amazon EC2 instance in order to login to it via SSH.
|
||||
|
||||
Each Linux server distribution on EC2 has its own default login username. Password login is disabled by default for new instances, and the use of private keys, or "key pairs", is enforced.
|
||||
|
||||
List of default usernames:
|
||||
> **Reference:** [https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/connection-prereqs.html](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/connection-prereqs.html)
|
||||
|
||||
| Distribution | Default Login Username |
|
||||
| --- | --- |
|
||||
| Ubuntu (`Ubuntu *.04`) | `ubuntu` |
|
||||
| Debian (`Debian 9`) | `admin` |
|
||||
| CentOS (`CenOS 7`) | `centos` |
|
||||
| Amazon Linux 2 | `ec2-user` |
|
||||
|
||||
This template generates a key pair for you during deployment, and the private key will be available as text under the **Outputs** tab after the stack is successfully created.
|
||||
|
||||
You will need to save the private key from the **Outputs** tab to a file on your computer, if you want to access the VPN server via SSH.
|
||||
|
||||
> **Note:** You may need to format the private key by replacing all spaces with newlines, before saving to a file. The file will need to be set with [proper permissions](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/connection-prereqs.html#connection-prereqs-private-key) before using.
|
||||
|
||||
![Show key](images/show-key.png)
|
||||
|
||||
To apply proper permissions to your private key file, run the following command under the directory where the file is located:
|
||||
```bash
|
||||
$ sudo chmod 400 key-file.pem
|
||||
```
|
||||
|
||||
Example command to login to your EC2 instance using SSH:
|
||||
```bash
|
||||
$ ssh -i path/to/your/key-file.pem instance-username@instance-ip-address
|
||||
```
|
||||
</details>
|
||||
|
||||
## Author
|
||||
|
||||
Copyright (C) 2020-2022 [S. X. Liang](https://github.com/scottpedia)
|
@ -1,869 +0,0 @@
|
||||
{
|
||||
"AWSTemplateFormatVersion": "2010-09-09",
|
||||
"Mappings": {
|
||||
"OS": {
|
||||
"Ubuntu1804": {
|
||||
"HelperInstallationCommands": "export DEBIAN_FRONTEND=noninteractive\napt-get -yq update\napt-get -yq install python3-pip\npython3 -m pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-py3-latest.tar.gz\n"
|
||||
},
|
||||
"Ubuntu2004": {
|
||||
"HelperInstallationCommands": "export DEBIAN_FRONTEND=noninteractive\napt-get -yq update\napt-get -yq install python3-pip\npython3 -m pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-py3-latest.tar.gz\n"
|
||||
},
|
||||
"Debian9": {
|
||||
"HelperInstallationCommands": "export DEBIAN_FRONTEND=noninteractive\napt-get -yq update\napt-get -yq install python3-pip\npython3 -m pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-py3-latest.tar.gz\n"
|
||||
},
|
||||
"CentOS7": {
|
||||
"HelperInstallationCommands": "yum -y install python3 wget\npython3 -m pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-py3-latest.tar.gz\n"
|
||||
},
|
||||
"AmazonLinux2": {
|
||||
"HelperInstallationCommands": "export PATH=\"$PATH:/opt/aws/bin\"\n"
|
||||
}
|
||||
}
|
||||
},
|
||||
"Metadata": {
|
||||
"AWS::CloudFormation::Designer": {
|
||||
"0a162613-8f2e-4864-be99-75d946934a4a": {
|
||||
"size": {
|
||||
"width": 350,
|
||||
"height": 440
|
||||
},
|
||||
"position": {
|
||||
"x": 290,
|
||||
"y": 70
|
||||
},
|
||||
"z": 1,
|
||||
"embeds": [
|
||||
"5198eb6d-da4f-43e2-8a4b-b9bff02b26a2"
|
||||
]
|
||||
},
|
||||
"5198eb6d-da4f-43e2-8a4b-b9bff02b26a2": {
|
||||
"size": {
|
||||
"width": 290,
|
||||
"height": 360
|
||||
},
|
||||
"position": {
|
||||
"x": 310,
|
||||
"y": 110
|
||||
},
|
||||
"z": 2,
|
||||
"parent": "0a162613-8f2e-4864-be99-75d946934a4a",
|
||||
"embeds": [
|
||||
"9d4cbbc2-f521-436d-bb4a-85b82cf22a2a",
|
||||
"464ea4ae-199c-4917-9404-aed674a8615a",
|
||||
"ec256f27-66c3-423c-9d98-b9f0f634e7b8",
|
||||
"4731d93c-f3fc-420a-b535-f0b99840f356",
|
||||
"40c2d4e7-f01a-45b2-8878-a06680aa2216"
|
||||
],
|
||||
"dependson": [
|
||||
"0a162613-8f2e-4864-be99-75d946934a4a",
|
||||
"464ea4ae-199c-4917-9404-aed674a8615a"
|
||||
]
|
||||
},
|
||||
"4731d93c-f3fc-420a-b535-f0b99840f356": {
|
||||
"size": {
|
||||
"width": 230,
|
||||
"height": 130
|
||||
},
|
||||
"position": {
|
||||
"x": 350,
|
||||
"y": 320
|
||||
},
|
||||
"z": 3,
|
||||
"parent": "5198eb6d-da4f-43e2-8a4b-b9bff02b26a2",
|
||||
"embeds": [
|
||||
"5262ea47-2337-4be8-a4d1-1f0af38a1731"
|
||||
],
|
||||
"iscontainedinside": [
|
||||
"0a162613-8f2e-4864-be99-75d946934a4a"
|
||||
],
|
||||
"dependson": [
|
||||
"5198eb6d-da4f-43e2-8a4b-b9bff02b26a2"
|
||||
]
|
||||
},
|
||||
"5262ea47-2337-4be8-a4d1-1f0af38a1731": {
|
||||
"size": {
|
||||
"width": 60,
|
||||
"height": 60
|
||||
},
|
||||
"position": {
|
||||
"x": 440,
|
||||
"y": 350
|
||||
},
|
||||
"z": 4,
|
||||
"parent": "4731d93c-f3fc-420a-b535-f0b99840f356",
|
||||
"embeds": [],
|
||||
"isassociatedwith": [
|
||||
"db7c3441-9f9a-4677-a14d-bccfc06714d1"
|
||||
],
|
||||
"dependson": [
|
||||
"4731d93c-f3fc-420a-b535-f0b99840f356",
|
||||
"9d3d19ab-d561-4f59-89de-73498eeeebda",
|
||||
"464ea4ae-199c-4917-9404-aed674a8615a"
|
||||
]
|
||||
},
|
||||
"464ea4ae-199c-4917-9404-aed674a8615a": {
|
||||
"size": {
|
||||
"width": 60,
|
||||
"height": 60
|
||||
},
|
||||
"position": {
|
||||
"x": 510,
|
||||
"y": 220
|
||||
},
|
||||
"z": 3,
|
||||
"parent": "5198eb6d-da4f-43e2-8a4b-b9bff02b26a2",
|
||||
"embeds": [],
|
||||
"dependson": [
|
||||
"0a162613-8f2e-4864-be99-75d946934a4a"
|
||||
]
|
||||
},
|
||||
"40c2d4e7-f01a-45b2-8878-a06680aa2216": {
|
||||
"size": {
|
||||
"width": 60,
|
||||
"height": 60
|
||||
},
|
||||
"position": {
|
||||
"x": 430,
|
||||
"y": 140
|
||||
},
|
||||
"z": 3,
|
||||
"parent": "5198eb6d-da4f-43e2-8a4b-b9bff02b26a2",
|
||||
"embeds": [],
|
||||
"iscontainedinside": [
|
||||
"5198eb6d-da4f-43e2-8a4b-b9bff02b26a2"
|
||||
],
|
||||
"dependson": [
|
||||
"4731d93c-f3fc-420a-b535-f0b99840f356",
|
||||
"9d4cbbc2-f521-436d-bb4a-85b82cf22a2a",
|
||||
"99fce86e-18b8-4b1b-a572-7bef3c5cece7",
|
||||
"58a1ab6f-49ac-4ffa-93c7-3f708bf65871",
|
||||
"ec256f27-66c3-423c-9d98-b9f0f634e7b8"
|
||||
]
|
||||
},
|
||||
"9d4cbbc2-f521-436d-bb4a-85b82cf22a2a": {
|
||||
"size": {
|
||||
"width": 60,
|
||||
"height": 60
|
||||
},
|
||||
"position": {
|
||||
"x": 350,
|
||||
"y": 140
|
||||
},
|
||||
"z": 3,
|
||||
"parent": "5198eb6d-da4f-43e2-8a4b-b9bff02b26a2",
|
||||
"embeds": []
|
||||
},
|
||||
"ec256f27-66c3-423c-9d98-b9f0f634e7b8": {
|
||||
"size": {
|
||||
"width": 60,
|
||||
"height": 60
|
||||
},
|
||||
"position": {
|
||||
"x": 430,
|
||||
"y": 220
|
||||
},
|
||||
"z": 3,
|
||||
"parent": "5198eb6d-da4f-43e2-8a4b-b9bff02b26a2",
|
||||
"embeds": [],
|
||||
"iscontainedinside": [
|
||||
"0a162613-8f2e-4864-be99-75d946934a4a"
|
||||
]
|
||||
},
|
||||
"5bb16646-dc1e-4661-9164-6ecc6848dc83": {
|
||||
"source": {
|
||||
"id": "4731d93c-f3fc-420a-b535-f0b99840f356"
|
||||
},
|
||||
"target": {
|
||||
"id": "5198eb6d-da4f-43e2-8a4b-b9bff02b26a2"
|
||||
},
|
||||
"z": 3
|
||||
},
|
||||
"99fce86e-18b8-4b1b-a572-7bef3c5cece7": {
|
||||
"size": {
|
||||
"width": 60,
|
||||
"height": 60
|
||||
},
|
||||
"position": {
|
||||
"x": 150,
|
||||
"y": 250
|
||||
},
|
||||
"z": 1,
|
||||
"embeds": []
|
||||
},
|
||||
"58a1ab6f-49ac-4ffa-93c7-3f708bf65871": {
|
||||
"size": {
|
||||
"width": 60,
|
||||
"height": 60
|
||||
},
|
||||
"position": {
|
||||
"x": 150,
|
||||
"y": 170
|
||||
},
|
||||
"z": 1,
|
||||
"embeds": []
|
||||
},
|
||||
"d3fab7a7-d694-435e-930d-ff7693dffbbc": {
|
||||
"size": {
|
||||
"width": 60,
|
||||
"height": 60
|
||||
},
|
||||
"position": {
|
||||
"x": 110,
|
||||
"y": 90
|
||||
},
|
||||
"z": 1,
|
||||
"embeds": []
|
||||
},
|
||||
"2c5cc5a9-5a17-4d54-80ea-56e204c9c1a1": {
|
||||
"size": {
|
||||
"width": 60,
|
||||
"height": 60
|
||||
},
|
||||
"position": {
|
||||
"x": 70,
|
||||
"y": 170
|
||||
},
|
||||
"z": 1,
|
||||
"embeds": []
|
||||
},
|
||||
"e81dfbbc-e8ee-4f4b-adb0-b314056ab0b3": {
|
||||
"size": {
|
||||
"width": 60,
|
||||
"height": 60
|
||||
},
|
||||
"position": {
|
||||
"x": 70,
|
||||
"y": 250
|
||||
},
|
||||
"z": 1,
|
||||
"embeds": []
|
||||
},
|
||||
"9d3d19ab-d561-4f59-89de-73498eeeebda": {
|
||||
"source": {
|
||||
"id": "0a162613-8f2e-4864-be99-75d946934a4a"
|
||||
},
|
||||
"target": {
|
||||
"id": "464ea4ae-199c-4917-9404-aed674a8615a"
|
||||
},
|
||||
"z": 3
|
||||
},
|
||||
"361e0035-6c5a-48df-8339-3e31f19bf032": {
|
||||
"source": {
|
||||
"id": "9d4cbbc2-f521-436d-bb4a-85b82cf22a2a"
|
||||
},
|
||||
"target": {
|
||||
"id": "40c2d4e7-f01a-45b2-8878-a06680aa2216"
|
||||
},
|
||||
"z": 3
|
||||
}
|
||||
}
|
||||
},
|
||||
"Resources": {
|
||||
"VpnVpc": {
|
||||
"Type": "AWS::EC2::VPC",
|
||||
"Properties": {
|
||||
"CidrBlock": "10.0.0.0/24"
|
||||
},
|
||||
"Metadata": {
|
||||
"AWS::CloudFormation::Designer": {
|
||||
"id": "0a162613-8f2e-4864-be99-75d946934a4a"
|
||||
}
|
||||
}
|
||||
},
|
||||
"VpnSubnet": {
|
||||
"Type": "AWS::EC2::Subnet",
|
||||
"Properties": {
|
||||
"VpcId": {
|
||||
"Ref": "VpnVpc"
|
||||
},
|
||||
"CidrBlock": "10.0.0.0/24",
|
||||
"MapPublicIpOnLaunch": true,
|
||||
"AvailabilityZone": {
|
||||
"Fn::Select": [
|
||||
"0",
|
||||
{
|
||||
"Fn::GetAZs": ""
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"Metadata": {
|
||||
"AWS::CloudFormation::Designer": {
|
||||
"id": "5198eb6d-da4f-43e2-8a4b-b9bff02b26a2"
|
||||
}
|
||||
},
|
||||
"DependsOn": [
|
||||
"VpnVpc",
|
||||
"VpcInternetGateway"
|
||||
]
|
||||
},
|
||||
"VpnRouteTable": {
|
||||
"Type": "AWS::EC2::RouteTable",
|
||||
"Properties": {
|
||||
"VpcId": {
|
||||
"Ref": "VpnVpc"
|
||||
}
|
||||
},
|
||||
"Metadata": {
|
||||
"AWS::CloudFormation::Designer": {
|
||||
"id": "4731d93c-f3fc-420a-b535-f0b99840f356"
|
||||
}
|
||||
},
|
||||
"DependsOn": [
|
||||
"VpnSubnet"
|
||||
]
|
||||
},
|
||||
"PublicInternetRoute": {
|
||||
"Type": "AWS::EC2::Route",
|
||||
"Properties": {
|
||||
"DestinationCidrBlock": "0.0.0.0/0",
|
||||
"RouteTableId": {
|
||||
"Ref": "VpnRouteTable"
|
||||
},
|
||||
"GatewayId": {
|
||||
"Ref": "VpcInternetGateway"
|
||||
}
|
||||
},
|
||||
"Metadata": {
|
||||
"AWS::CloudFormation::Designer": {
|
||||
"id": "5262ea47-2337-4be8-a4d1-1f0af38a1731"
|
||||
}
|
||||
},
|
||||
"DependsOn": [
|
||||
"VpnRouteTable",
|
||||
"VpcInternetGateway",
|
||||
"InternetGatewayAttachment"
|
||||
]
|
||||
},
|
||||
"VpnInstance": {
|
||||
"Type": "AWS::EC2::Instance",
|
||||
"CreationPolicy": {
|
||||
"ResourceSignal": {
|
||||
"Timeout": "PT15M"
|
||||
}
|
||||
},
|
||||
"Properties": {
|
||||
"UserData": {
|
||||
"Fn::Base64": {
|
||||
"Fn::Join": [
|
||||
"",
|
||||
[
|
||||
"#!/bin/bash -xe\n",
|
||||
"trap 'cfn-signal -e 1 ",
|
||||
" --stack ",
|
||||
{
|
||||
"Ref": "AWS::StackName"
|
||||
},
|
||||
" --resource VpnInstance ",
|
||||
" --region ",
|
||||
{
|
||||
"Ref": "AWS::Region"
|
||||
},
|
||||
"' ERR\n",
|
||||
"sleep 60\n",
|
||||
{
|
||||
"Fn::FindInMap": [
|
||||
"OS",
|
||||
{
|
||||
"Ref": "OS"
|
||||
},
|
||||
"HelperInstallationCommands"
|
||||
]
|
||||
},
|
||||
"export VPN_IPSEC_PSK='",
|
||||
{
|
||||
"Ref": "VpnIpsecPsk"
|
||||
},
|
||||
"'\n",
|
||||
"export VPN_USER='",
|
||||
{
|
||||
"Ref": "VpnUser"
|
||||
},
|
||||
"'\n",
|
||||
"export VPN_PASSWORD='",
|
||||
{
|
||||
"Ref": "VpnPassword"
|
||||
},
|
||||
"'\n",
|
||||
"wget -t 3 -T 30 -nv -O vpn.sh https://git.io/vpnsetup\n",
|
||||
"sh vpn.sh\n",
|
||||
"cfn-signal -e 0 ",
|
||||
" --stack ",
|
||||
{
|
||||
"Ref": "AWS::StackName"
|
||||
},
|
||||
" --resource VpnInstance ",
|
||||
" --region ",
|
||||
{
|
||||
"Ref": "AWS::Region"
|
||||
},
|
||||
"\n"
|
||||
]
|
||||
]
|
||||
}
|
||||
},
|
||||
"SecurityGroupIds": [
|
||||
{
|
||||
"Fn::GetAtt": [
|
||||
"VpnSecurityGroup",
|
||||
"GroupId"
|
||||
]
|
||||
}
|
||||
],
|
||||
"SubnetId": {
|
||||
"Ref": "VpnSubnet"
|
||||
},
|
||||
"AvailabilityZone": {
|
||||
"Fn::Select": [
|
||||
"0",
|
||||
{
|
||||
"Fn::GetAZs": ""
|
||||
}
|
||||
]
|
||||
},
|
||||
"InstanceType": {
|
||||
"Ref": "InstanceType"
|
||||
},
|
||||
"KeyName": {
|
||||
"Fn::GetAtt": [
|
||||
"KeyPairInfo",
|
||||
"KeyName"
|
||||
]
|
||||
},
|
||||
"ImageId": {
|
||||
"Fn::GetAtt": [
|
||||
"AMIInfo",
|
||||
"AMIId"
|
||||
]
|
||||
}
|
||||
},
|
||||
"Metadata": {
|
||||
"AWS::CloudFormation::Designer": {
|
||||
"id": "40c2d4e7-f01a-45b2-8878-a06680aa2216"
|
||||
}
|
||||
},
|
||||
"DependsOn": [
|
||||
"VpnRouteTable",
|
||||
"VpnServerVolume",
|
||||
"KeyPairCreation",
|
||||
"AMIInfoFunction",
|
||||
"VpnSecurityGroup"
|
||||
]
|
||||
},
|
||||
"VpnSecurityGroup": {
|
||||
"Type": "AWS::EC2::SecurityGroup",
|
||||
"Properties": {
|
||||
"GroupDescription": "The VPN Security Group, allowing ingress UDP traffic at port 4500 and 500.",
|
||||
"GroupName": "VpnSecurityGroup",
|
||||
"VpcId": {
|
||||
"Ref": "VpnVpc"
|
||||
},
|
||||
"SecurityGroupIngress": [
|
||||
{
|
||||
"CidrIp": "0.0.0.0/0",
|
||||
"IpProtocol": "tcp",
|
||||
"FromPort": 22,
|
||||
"ToPort": 22
|
||||
},
|
||||
{
|
||||
"CidrIp": "0.0.0.0/0",
|
||||
"IpProtocol": "udp",
|
||||
"FromPort": 500,
|
||||
"ToPort": 500
|
||||
},
|
||||
{
|
||||
"CidrIp": "0.0.0.0/0",
|
||||
"IpProtocol": "udp",
|
||||
"FromPort": 4500,
|
||||
"ToPort": 4500
|
||||
}
|
||||
],
|
||||
"SecurityGroupEgress": [
|
||||
{
|
||||
"CidrIp": "0.0.0.0/0",
|
||||
"IpProtocol": -1
|
||||
}
|
||||
]
|
||||
},
|
||||
"Metadata": {
|
||||
"AWS::CloudFormation::Designer": {
|
||||
"id": "ec256f27-66c3-423c-9d98-b9f0f634e7b8"
|
||||
}
|
||||
}
|
||||
},
|
||||
"VpnServerVolume": {
|
||||
"Type": "AWS::EC2::Volume",
|
||||
"Properties": {
|
||||
"AvailabilityZone": {
|
||||
"Fn::Select": [
|
||||
"0",
|
||||
{
|
||||
"Fn::GetAZs": ""
|
||||
}
|
||||
]
|
||||
},
|
||||
"Size": 8
|
||||
},
|
||||
"Metadata": {
|
||||
"AWS::CloudFormation::Designer": {
|
||||
"id": "9d4cbbc2-f521-436d-bb4a-85b82cf22a2a"
|
||||
}
|
||||
}
|
||||
},
|
||||
"VpcInternetGateway": {
|
||||
"Type": "AWS::EC2::InternetGateway",
|
||||
"Properties": {},
|
||||
"Metadata": {
|
||||
"AWS::CloudFormation::Designer": {
|
||||
"id": "464ea4ae-199c-4917-9404-aed674a8615a"
|
||||
}
|
||||
},
|
||||
"DependsOn": [
|
||||
"VpnVpc"
|
||||
]
|
||||
},
|
||||
"EC2SRTA4VJU5": {
|
||||
"Type": "AWS::EC2::SubnetRouteTableAssociation",
|
||||
"Properties": {
|
||||
"RouteTableId": {
|
||||
"Ref": "VpnRouteTable"
|
||||
},
|
||||
"SubnetId": {
|
||||
"Ref": "VpnSubnet"
|
||||
}
|
||||
},
|
||||
"Metadata": {
|
||||
"AWS::CloudFormation::Designer": {
|
||||
"id": "5bb16646-dc1e-4661-9164-6ecc6848dc83"
|
||||
}
|
||||
}
|
||||
},
|
||||
"KeyPairCreation": {
|
||||
"Type": "AWS::Lambda::Function",
|
||||
"Properties": {
|
||||
"Handler": "index.handler",
|
||||
"Runtime": "python3.7",
|
||||
"Role": {
|
||||
"Fn::GetAtt": [
|
||||
"LambdaExecutionRole",
|
||||
"Arn"
|
||||
]
|
||||
},
|
||||
"Timeout": 30,
|
||||
"Code": {
|
||||
"ZipFile": {
|
||||
"Fn::Join": [
|
||||
"\n",
|
||||
[
|
||||
"import boto3",
|
||||
"import cfnresponse",
|
||||
"import string",
|
||||
"import random",
|
||||
"'''",
|
||||
"This python program should be embedded into its designated cloudformation",
|
||||
"template as the inline code of one of the lambda functions.",
|
||||
"'''",
|
||||
"def handler(event, context):",
|
||||
" try:",
|
||||
" keyName = 'setup-ipsec-vpn-' + ''.join(random.SystemRandom().choice(string.ascii_letters + string.digits) for _ in range(10))",
|
||||
" region = event['ResourceProperties']['Region']",
|
||||
" ec2 = boto3.client('ec2',region)",
|
||||
" response = ec2.create_key_pair(",
|
||||
" KeyName=keyName",
|
||||
" )",
|
||||
" keyMaterial = response['KeyMaterial']",
|
||||
" cfnresponse.send(event, context, cfnresponse.SUCCESS, {'KeyMaterial':keyMaterial, 'KeyName':keyName}, 'KeyPairInfo')",
|
||||
" except Exception:",
|
||||
" cfnresponse.send(event, context, cfnresponse.FAILED, {})"
|
||||
]
|
||||
]
|
||||
}
|
||||
}
|
||||
},
|
||||
"Metadata": {
|
||||
"AWS::CloudFormation::Designer": {
|
||||
"id": "99fce86e-18b8-4b1b-a572-7bef3c5cece7"
|
||||
}
|
||||
},
|
||||
"DependsOn": [
|
||||
"LambdaExecutionRole"
|
||||
]
|
||||
},
|
||||
"AMIInfo": {
|
||||
"Type": "Custom::AMIInfo",
|
||||
"Properties": {
|
||||
"Region": {
|
||||
"Ref": "AWS::Region"
|
||||
},
|
||||
"ServiceToken": {
|
||||
"Fn::GetAtt": [
|
||||
"AMIInfoFunction",
|
||||
"Arn"
|
||||
]
|
||||
},
|
||||
"Distribution": {
|
||||
"Ref": "OS"
|
||||
}
|
||||
},
|
||||
"Metadata": {
|
||||
"AWS::CloudFormation::Designer": {
|
||||
"id": "2c5cc5a9-5a17-4d54-80ea-56e204c9c1a1"
|
||||
}
|
||||
},
|
||||
"DependsOn": [
|
||||
"AMIInfoFunction"
|
||||
]
|
||||
},
|
||||
"AMIInfoFunction": {
|
||||
"Type": "AWS::Lambda::Function",
|
||||
"Properties": {
|
||||
"Handler": "index.handler",
|
||||
"Runtime": "python3.7",
|
||||
"Role": {
|
||||
"Fn::GetAtt": [
|
||||
"LambdaExecutionRole",
|
||||
"Arn"
|
||||
]
|
||||
},
|
||||
"Code": {
|
||||
"ZipFile": {
|
||||
"Fn::Join": [
|
||||
"\n",
|
||||
[
|
||||
"import boto3",
|
||||
"import cfnresponse",
|
||||
"'''",
|
||||
"This python script should be embeded into its designated cloudformation template.",
|
||||
"Its function is to sort out the correct AMI image to use for each of the distribution options available.",
|
||||
"'''",
|
||||
"def creation_date(e):",
|
||||
" return e['CreationDate']",
|
||||
"",
|
||||
"def handler(event, context):",
|
||||
" try:",
|
||||
" regionName = event['ResourceProperties']['Region']",
|
||||
" distribution = event['ResourceProperties']['Distribution']",
|
||||
" ec2 = boto3.client('ec2',regionName)",
|
||||
" AMIName = {",
|
||||
" 'Ubuntu1804': 'ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-*',",
|
||||
" 'Ubuntu2004': 'ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*',",
|
||||
" 'Debian9': 'debian-stretch-hvm-x86_64-gp2-*',",
|
||||
" 'CentOS7': 'CentOS 7.9.2009 x86_64',",
|
||||
" 'AmazonLinux2': 'amzn2-ami-hvm-*.*-x86_64-gp2',",
|
||||
" }[distribution]",
|
||||
" response = ec2.describe_images(Filters=[{'Name':'name', 'Values':[AMIName]}], Owners=['099720109477', '379101102735', '125523088429', 'amazon'])",
|
||||
" images = response['Images']",
|
||||
" images.sort(key=creation_date,reverse=True)",
|
||||
" AMIId = images[0]['ImageId']",
|
||||
" cfnresponse.send(event, context, cfnresponse.SUCCESS, {'AMIId':AMIId}, 'AMIInfo')",
|
||||
" except Exception:",
|
||||
" cfnresponse.send(event, context, cfnresponse.FAILED, {})"
|
||||
]
|
||||
]
|
||||
}
|
||||
},
|
||||
"Timeout": 30
|
||||
},
|
||||
"Metadata": {
|
||||
"AWS::CloudFormation::Designer": {
|
||||
"id": "58a1ab6f-49ac-4ffa-93c7-3f708bf65871"
|
||||
}
|
||||
},
|
||||
"DependsOn": [
|
||||
"LambdaExecutionRole"
|
||||
]
|
||||
},
|
||||
"LambdaExecutionRole": {
|
||||
"Type": "AWS::IAM::Role",
|
||||
"Properties": {
|
||||
"AssumeRolePolicyDocument": {
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Principal": {
|
||||
"Service": "lambda.amazonaws.com"
|
||||
},
|
||||
"Action": [
|
||||
"sts:AssumeRole"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Principal": {
|
||||
"Service": [
|
||||
"ec2.amazonaws.com"
|
||||
]
|
||||
},
|
||||
"Action": [
|
||||
"sts:AssumeRole"
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"Path": "/",
|
||||
"Policies": [
|
||||
{
|
||||
"PolicyName": "root",
|
||||
"PolicyDocument": {
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": "*",
|
||||
"Resource": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"Metadata": {
|
||||
"AWS::CloudFormation::Designer": {
|
||||
"id": "d3fab7a7-d694-435e-930d-ff7693dffbbc"
|
||||
}
|
||||
}
|
||||
},
|
||||
"KeyPairInfo": {
|
||||
"Type": "Custom::KeyPairInfo",
|
||||
"Properties": {
|
||||
"Region": {
|
||||
"Ref": "AWS::Region"
|
||||
},
|
||||
"ServiceToken": {
|
||||
"Fn::GetAtt": [
|
||||
"KeyPairCreation",
|
||||
"Arn"
|
||||
]
|
||||
}
|
||||
},
|
||||
"Metadata": {
|
||||
"AWS::CloudFormation::Designer": {
|
||||
"id": "e81dfbbc-e8ee-4f4b-adb0-b314056ab0b3"
|
||||
}
|
||||
},
|
||||
"DependsOn": [
|
||||
"KeyPairCreation"
|
||||
]
|
||||
},
|
||||
"InternetGatewayAttachment": {
|
||||
"Type": "AWS::EC2::VPCGatewayAttachment",
|
||||
"Properties": {
|
||||
"InternetGatewayId": {
|
||||
"Ref": "VpcInternetGateway"
|
||||
},
|
||||
"VpcId": {
|
||||
"Ref": "VpnVpc"
|
||||
}
|
||||
},
|
||||
"Metadata": {
|
||||
"AWS::CloudFormation::Designer": {
|
||||
"id": "9d3d19ab-d561-4f59-89de-73498eeeebda"
|
||||
}
|
||||
}
|
||||
},
|
||||
"EC2VA41EUF": {
|
||||
"Type": "AWS::EC2::VolumeAttachment",
|
||||
"Properties": {
|
||||
"Device": "/dev/sdh",
|
||||
"VolumeId": {
|
||||
"Ref": "VpnServerVolume"
|
||||
},
|
||||
"InstanceId": {
|
||||
"Ref": "VpnInstance"
|
||||
}
|
||||
},
|
||||
"Metadata": {
|
||||
"AWS::CloudFormation::Designer": {
|
||||
"id": "361e0035-6c5a-48df-8339-3e31f19bf032"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"Parameters": {
|
||||
"VpnUser": {
|
||||
"Type": "String",
|
||||
"Description": "Your VPN username"
|
||||
},
|
||||
"VpnIpsecPsk": {
|
||||
"Type": "String",
|
||||
"Description": "Your VPN IPsec PSK (pre-shared key)"
|
||||
},
|
||||
"VpnPassword": {
|
||||
"Type": "String",
|
||||
"Description": "Your VPN password"
|
||||
},
|
||||
"OS": {
|
||||
"Type": "String",
|
||||
"Description": "The OS of your VPN server. Default: Ubuntu 20.04",
|
||||
"Default": "Ubuntu2004",
|
||||
"AllowedValues": [
|
||||
"Ubuntu2004",
|
||||
"Ubuntu1804",
|
||||
"Debian9",
|
||||
"CentOS7",
|
||||
"AmazonLinux2"
|
||||
]
|
||||
},
|
||||
"InstanceType": {
|
||||
"Type": "String",
|
||||
"Description": "The instance type of your VPN server. Using t2.micro may qualify for the AWS Free Tier.",
|
||||
"AllowedValues": [
|
||||
"t2.micro",
|
||||
"t3.nano",
|
||||
"m5.large",
|
||||
"t3.micro",
|
||||
"t3.small",
|
||||
"t2.nano",
|
||||
"t2.small",
|
||||
"t3a.nano",
|
||||
"t3a.micro",
|
||||
"t3a.small",
|
||||
"m5a.large",
|
||||
"t1.micro"
|
||||
],
|
||||
"Default": "t2.micro"
|
||||
}
|
||||
},
|
||||
"Outputs": {
|
||||
"VPNAddress": {
|
||||
"Description": "This is the public IP of your newly-launched VPN server.",
|
||||
"Value": {
|
||||
"Fn::GetAtt": [
|
||||
"VpnInstance",
|
||||
"PublicIp"
|
||||
]
|
||||
}
|
||||
},
|
||||
"VPNUsername": {
|
||||
"Description": "Your VPN username",
|
||||
"Value": {
|
||||
"Ref": "VpnUser"
|
||||
}
|
||||
},
|
||||
"VPNPassword": {
|
||||
"Description": "Your VPN password",
|
||||
"Value": {
|
||||
"Ref": "VpnPassword"
|
||||
}
|
||||
},
|
||||
"VPNKey": {
|
||||
"Description": "Your VPN IPsec PSK (pre-shared key)",
|
||||
"Value": {
|
||||
"Ref": "VpnIpsecPsk"
|
||||
}
|
||||
},
|
||||
"EC2PrivateKeyMaterial": {
|
||||
"Description": "The content of your private key for accessing the VPN server via SSH. Save it as a file for use when connecting.",
|
||||
"Value": {
|
||||
"Fn::GetAtt": [
|
||||
"KeyPairInfo",
|
||||
"KeyMaterial"
|
||||
]
|
||||
}
|
||||
},
|
||||
"NextStep": {
|
||||
"Description": "Learn how to configure VPN clients.",
|
||||
"Value": "https://github.com/hwdsl2/setup-ipsec-vpn#next-steps"
|
||||
}
|
||||
}
|
||||
}
|
Binary file not shown.
Before Width: | Height: | Size: 1.2 KiB |
Binary file not shown.
Before Width: | Height: | Size: 214 KiB |
Binary file not shown.
Before Width: | Height: | Size: 437 KiB |
Binary file not shown.
Before Width: | Height: | Size: 180 KiB |
Binary file not shown.
Before Width: | Height: | Size: 240 KiB |
Loading…
Reference in New Issue
Block a user