Automate VPN connection and its TGW attachment

Cloud, Network, Scripting 1 Minute

If you use the CloudFormation resource AWS::EC2::VPNConnection to create the VPN connection and attach it to the Transit Gateway (TGW), you may notice that it does not return the TGW attachment ID. So it is a bit annoying if you would like to tag the attachment and associate the attachment to a non-default TGW route table.

I am currently working on a project that needs to:

  • Create two VPN Site-to-Site VPN connections, and attach them to the TGW. One for primary PoP, the other is for the failover PoP.
  • Automate the failover between these two PoP.

For this post, I will share how I automate the VPN connection creation and TGW attachment (with proper tag and route table association). Later on I will create another post to share how I automate the failover.

The idea is quite simple:

  1. Create customer gateway.
  2. Create VPN connection and TGW attachment.
  3. Send the above VPN connection ID to a Lambda function (custom resource) to get its TGW attachment ID and also tag it.
  4. Use above TGW attachment ID to create TGW route table association.

If you are interested, here are the source codes vpn-tgw-attachment.

Advertisement

Published by Jackie Chen

Published

One thought on “Automate VPN connection and its TGW attachment

  1. Pingback: Automate VPN failover via TGW attachment – Jackie Chen's IT Workshop

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s