reference deployment

Aviatrix User VPN on AWS

Centralized controller and wizard for access control and configuration

This Quick Start builds a highly available, secure, Aviatrix User VPN solution on the Amazon Web Services (AWS) Cloud in about 10-15 minutes. It deploys the Aviatrix Controller, Aviatrix gateways, authentication services, and log analytics.

The gateways enable you to configure SSL VPN termination, routing, and security policies. The Aviatrix Controller has a user-friendly interface for customizing user VPN services, and enables monitoring and cloud network visualization.

After you deploy this Quick Start and wizard to establish your Aviatrix User VPN service, you can extend the environment beyond the AWS Cloud. With the Aviatrix Controller, you can configure VPN access to other VPCs, network providers, an on-premises infrastructure, or even other public cloud providers.  

This Quick Start was developed by Aviatrix Systems in collaboration with AWS. Aviatrix Systems is an APN Partner.

AWS Service Catalog administrators can add this architecture to their own catalog.

  •  What you'll build
  • The Quick Start creates, deploys, and configures the following functional and automation components and services:

    • An Amazon Elastic Compute Cloud (Amazon EC2) instance for the Aviatrix Controller
    • An Aviatrix security group (named AviatrixSecurityGroup)
    • An Elastic IP address assigned to the Aviatrix Controller
    • An Aviatrix IAM EC2 role and attached policy
    • An Aviatrix IAM App role and attached policy
    • AWS Key Management Service (AWS KMS)



  •  How to deploy
  • To build an Aviatrix user VPN solution on AWS in about 10-15 minutes:

    1. If you don't already have an AWS account, sign up at
    2. Subscribe to the Amazon Machine Image (AMI) for Aviatrix in AWS Marketplace. Choose the Aviatrix Secure Networking Platform PAYG - Metered license.
    3. Launch the Quick Start. You can choose from two options:
    4. Set up the Aviatrix Controller.
    5. Create a primary access account.
    6. Deploy the user VPN service.

    Amazon may share user-deployment information with the AWS Partner that collaborated with AWS on this solution.  

  •  Cost and licenses
  • You are responsible for the cost of the AWS services used while running this Quick Start reference deployment. There is no additional cost for using this Quick Start.

    The AWS CloudFormation template for this Quick Start includes configuration parameters that you can customize. Some of these settings, such as instance type, will affect the cost of deployment. For cost estimates, see the pricing pages for each AWS service you will be using. Prices are subject to change.

    Additionally, the solution creates a unique AWS Key Management Service (AWS KMS) customer master key (CMK), which has a low monthly cost, to protect network configuration information. For details, see the AWS KMS pricing webpage.

    You are also responsible for the Aviatrix license that is required to deploy the Aviatrix user VPN solution. Subscribe to an Amazon Machine Image (AMI) for Aviatrix software in AWS Marketplace, choosing the following licensing option: