What does this AWS Solutions Implementation do?
This solution establishes a secure virtual private network (VPN) connection with IoT devices without compromising your network security posture. This secure connection occurs over a set of static IP addresses using a single port number, allowing IoT device traffic destined for multiple AWS service endpoints to be tunneled through those IP addresses. This solution uses OpenVPN as the VPN system to create a secure client-to-server connection in a routed configuration mode.
Establish secure connections
Share secure static IP addresses
Connect IoT devices to AWS services
AWS Solutions Implementation overview
The diagram below presents the architecture you can automatically deploy using the solution's implementation guide and accompanying AWS CloudFormation template.
IoT Static IP Endpoints Solutions Implementation architecture
The AWS CloudFormation template deploys an Amazon Virtual Private Cloud (Amazon VPC) with a public and a private subnet in two Availability Zones. Within the Amazon VPC, an Auto Scaling Group (ASG) deploys a range of instances that run the OpenVPN server software. An Elastic File System (EFS) share is created and mounted as /mnt/efs/fs1/ovpn_data, and used as the common location for all OpenVPN software configurations.
A Network Load Balancer (NLB) is set up with the appropriate protocol, either UDP or TCP, and a port number on which it listens. It also allocates an Elastic IP (EIP) address for each zone, which serves as the static IP address for incoming connections.
Two AWS Lambda functions request either the creation or revocation of an OpenVPN client configuration. Additionally, this solution creates a set of Amazon CloudWatch metrics and an Amazon CloudWatch dashboard that monitors the health and status of the solution.
Browse our library of AWS Solutions Implementations to get answers to common architectural problems.
Find AWS certified consulting and technology partners to help you get started.
Browse our portfolio of Consulting Offers to get AWS-vetted help with solution deployment.