This week has got me back onto AWS after spending the last few weeks in Azure for the certifications. The overall project Im working on is to build an AWS environment to automate transformation of data from csv's and load into a nosql database. the last few days though has been sorting out secure access into the environment, generally we lock external access down to a bastion or the EC2 hosts via Security groups but this customer moves around a little and generally has dynamic IP's that frequently change.
So a VPN solution was needed but we needed to keep costs down to a minimum ,solutions I had used before like cisco anyconnect etc were out of the running.
OpenVpn was perfect for this and didnt take very long to get the initial solution up and running integrating it with easy-rsa to give us certificate authentication.
Deploying onto a t2.micro ubuntu instance meant we could keep some costs within the free teir for now ( the 1 cpu/1gb of memory didnt seem to be a problem for it) and the 2 connection limit was ideal for current requirements, we can easily add more for about $15 per year so it never going to be a costly solution.
The fundamentals worked but I wondered if it could be better, I use Authenticator everywhere now, access to AWS accounts, facebook etc so decided to integrate that into the OpenVPN as well, authentication was now to present the correct certificate, username and the Google Authenticator code, works reliably and we now have secure access into the AWS environment , any data transferred will be going across the tunnel. obviously we can further restrict traffic within the environement as we continue to build the full solution.
If you would like to know more or perhaps get help introducing a VPN solution into your environment whether thats cloud based or on premise then get in touch firstname.lastname@example.org
Further posts to come as I build the overall solution.