In another article I described how to set up a VPN using WireGuard on a dedicated EC2 instance at AWS.
If you happen to run a Kubernetes cluster then the configuration becomes even simpler, as we don’t have to set up a dedicated EC2 instance but can build upon the infrastructure provided by Kubernetes.
Most of our resources at AWS aren’t publicly accessible via the Internet.
Instead we placed them in a separate VPC to isolate them from any malicious access by an attacker or even accidental access by ourselves.
However from time to time we do want to access the resources directly:
- During local development it may save us an enormous amount of time not having to build complex tunneling solutions within our application.
- Certain systems should never be exposed via the public Internet but should only be reachable for dedicated and authenticated users.
My first approach was to use AWS’s internal VPN solution which turned out to be both complex to setup as well as pretty expensive to use.
So while looking for alternatives my colleague Lukas pointed me towards WireGuard which turned out to be exactly what I was looking for.
In this posting I will describe how to setup a WireGuard VPN at AWS completely from scratch, using Terraform as infrastructure as code framework.