https://github.com/romankurnovskii/openvpn_ec2_cf_template
https://github.com/romankurnovskii/openvpn_ec2_cf_template
aws cloudformation ec2 openvpn-server
Last synced: about 1 year ago
JSON representation
- Host: GitHub
- URL: https://github.com/romankurnovskii/openvpn_ec2_cf_template
- Owner: romankurnovskii
- License: mit
- Created: 2023-04-25T13:00:04.000Z (about 3 years ago)
- Default Branch: main
- Last Pushed: 2024-01-08T21:22:42.000Z (over 2 years ago)
- Last Synced: 2025-04-05T15:11:22.785Z (about 1 year ago)
- Topics: aws, cloudformation, ec2, openvpn-server
- Language: Shell
- Homepage:
- Size: 10.7 KB
- Stars: 3
- Watchers: 2
- Forks: 4
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# OpenVPN on AWS EC2 with CloudFormation
A quick and easy way to set up and maintain your own VPN using the open-source version of OpenVPN on an Amazon Web Services (AWS) EC2 instance.
## Features
- Simple setup using AWS CloudFormation
- OpenVPN server on an AWS EC2 instance
- Configurable instance type and region
- Automatic client configuration generation
- Secure key storage in an S3 bucket
- Automated server updates and maintenance
## Quick Start
- Sign in to your [AWS Management Console](https://console.aws.amazon.com/)
- Click on the "Create Stack" button in the [CloudFormation Console](https://console.aws.amazon.com/cloudformation/home)
- Upload the provided CloudFormation template and follow the prompts
- Once the stack creation is complete, go to the **Outputs** tab in CloudFormation to find the S3 URL for your client configuration
- Download the client configuration file (`client.ovpn`) and use it with your OpenVPN client software
### From CLI
```
stack_name=MyStack
aws cloudformation create-stack --stack-name "$stack_name" --capabilities CAPABILITY_NAMED_IAM --template-body file:///Users/r/Desktop/github/openvpn_ec2_cf_template/cf_template.yml
aws cloudformation describe-stacks --stack-name "$stack_name"
# aws cloudformation describe-stacks --stack-name "$stack_name" --query "Stacks[0].Outputs"
# aws cloudformation describe-stack-events --stack-name "$stack_name"
output_json=$(aws cloudformation describe-stacks --stack-name "$stack_name" --query "Stacks[0].Outputs")
echo $output_json
s3_url=$(echo $output_json | jq -r '.[] | select(.OutputKey=="ClientConfigurationUrl").OutputValue' | sed 's|https://s3.console.aws.amazon.com/s3/object/||')
bucket_name=$(echo $s3_url | cut -d '/' -f 1)
echo "bucket_name: $bucket_name"
s3_file="s3://${s3_url}"
echo "s3_file: $s3_file"
aws s3 cp "$s3_file" .
# ==== remove
aws s3 rm "s3://${bucket_name}/" --recursive
aws s3 ls "s3://${bucket_name}/"
# aws s3api delete-bucket --bucket your-bucket-name
aws cloudformation delete-stack --stack-name "$stack_name"
```
## Details
### Cost
The cost of running this VPN solution mainly depends on the selected EC2 instance type and the data transfer. The default instance type is **t3a.nano**, which should be sufficient for most personal VPN use cases.
The cost for this instance type is approximately **$3-4/month**, depending on the region for instance **ondemand**. Current setup is for spot, so it can be **~$1-2/month**.
### Technical Details
This project uses AWS CloudFormation to create and manage the following resources:
- EC2 instance (Ubuntu) with OpenVPN server
- EC2 security group for allowing VPN and SSH access
- Elastic IP address associated with the EC2 instance
- S3 bucket for securely storing client configurations
- IAM role and policies for granting necessary permissions
- The provided Bash scripts automate the installation and configuration of OpenVPN, as well as generating client configuration files.