IoT Static IP Endpoints

IoT Static IP Endpoints establishes a secure virtual private network (VPN) connection with IoT devices without compromising your network security posture. This secure connection occurs over a set of static IP addresses using a single port number, allowing IoT device traffic destined for multiple AWS service endpoints to be tunneled through those IP addresses. This Guidance uses OpenVPN as the VPN system to create a secure client-to-server connection in a routed configuration mode.


Establish secure connections

Secure connection between IoT devices and different AWS services using static IP addresses.

Share secure static IP addresses

Static IP addresses can be shared with third-party security organizations and added to their firewall rules.

Connect IoT devices to AWS services

Static IP addresses can handle fully qualified domain name (FQDN) entries, allowing IoT devices’ outbound connections to the AWS service.


The diagram below presents the architecture you can build using the example code on GitHub.

IoT Static IP Endpoints architecture

The code deploys an Amazon Virtual Private Cloud (Amazon VPC) with a public and a private subnet in two Availability Zones. Within the Amazon VPC, an Auto Scaling Group (ASG) deploys a range of instances that run the OpenVPN server software. An Elastic File System (EFS) share is created and mounted as /mnt/efs/fs1/ovpn_data, and used as the common location for all OpenVPN software configurations.

A Network Load Balancer (NLB) is set up with the appropriate protocol, either UDP or TCP, and a port number on which it listens. It also allocates an Elastic IP (EIP) address for each zone, which serves as the static IP address for incoming connections.

Two AWS Lambda functions request either the creation or revocation of an OpenVPN client configuration. Additionally, IoT Static IP Endpoints creates a set of Amazon CloudWatch metrics and an Amazon CloudWatch dashboard for monitoring health and status.

IoT Static IP Endpoints

Version 1.0.0
Release date: 02/2021
Author: AWS

Additional resources

Did this Guidance help you?
Provide feedback 
Build icon
Deploy an AWS Solution yourself

Browse our library of AWS Solutions to get answers to common architectural problems.

Learn more 
Find an APN partner
Find an AWS Partner Solution

Find AWS Partners to help you get started.

Explore icon
Explore Guidance

Find prescriptive architectural diagrams, sample code, and technical content for common use cases.

Learn more