What does this AWS Solutions Implementation do?

This solution establishes a secure virtual private network (VPN) connection with IoT devices without compromising your network security posture. This secure connection occurs over a set of static IP addresses using a single port number, allowing IoT device traffic destined for multiple AWS service endpoints to be tunneled through those IP addresses. This solution uses OpenVPN as the VPN system to create a secure client-to-server connection in a routed configuration mode.

Benefits

Establish secure connections

Secure connection between IoT devices and different AWS services using static IP addresses.

Share secure static IP addresses

Static IP addresses can be shared with third-party security organizations and added to their firewall rules.

Connect IoT devices to AWS services

Static IP addresses can handle fully qualified domain name (FQDN) entries, allowing IoT devices’ outbound connections to the AWS service.

AWS Solutions Implementation overview

The diagram below presents the architecture you can automatically deploy using the solution's implementation guide and accompanying AWS CloudFormation template.

IoT Static IP Endpoints | Architecture Diagram
 Click to enlarge

IoT Static IP Endpoints Solutions Implementation architecture

The AWS CloudFormation template deploys an Amazon Virtual Private Cloud (Amazon VPC) with a public and a private subnet in two Availability Zones. Within the Amazon VPC, an Auto Scaling Group (ASG) deploys a range of instances that run the OpenVPN server software. An Elastic File System (EFS) share is created and mounted as /mnt/efs/fs1/ovpn_data, and used as the common location for all OpenVPN software configurations.

A Network Load Balancer (NLB) is set up with the appropriate protocol, either UDP or TCP, and a port number on which it listens. It also allocates an Elastic IP (EIP) address for each zone, which serves as the static IP address for incoming connections.

Two AWS Lambda functions request either the creation or revocation of an OpenVPN client configuration. Additionally, this solution creates a set of Amazon CloudWatch metrics and an Amazon CloudWatch dashboard that monitors the health and status of the solution.

 

 

IoT Static IP Endpoints

Version 1.0.0
Release date: 02/2021
Author: AWS

Estimated deployment time: 10 min

Estimated cost  Source Code  CloudFormation template 
Use the button below to subscribe to updates for this Solutions Implementation.
Note: To subscribe to RSS updates, you must have an RSS plug-in enabled for the browser you are using.
Did this Solutions Implementation help you?
Provide feedback 
Build icon
Deploy a Solution yourself

Browse our library of AWS Solutions Implementations to get answers to common architectural problems.

Learn more 
Find an APN partner
Find an APN Partner

Find AWS certified consulting and technology partners to help you get started.

Learn more 
Explore icon
Explore Solutions Consulting Offers

Browse our portfolio of Consulting Offers to get AWS-vetted help with solution deployment.

Learn more