AWS
This guide will show you how to connect your AWS cloud to the GoodAccess Gateway via a site-to-site connection using the IPsec protocol.
Step 1 - Creating a new cloud connection
Log in to the GoodAccess Control Panel, and go to Network > Clouds & Branches.
Click + Add new, enter the Cloud name and subnet, and select Gateway.
Choose IPSec Protocol, fill out the Settings configuration form, and click Save.
You may return to the configuration via the Edit button of your Cloud at any time.
Example of configuration (Default preset):
Cloud/Branch subnet - Subnet of your AWS VPC network
Shared Secret - Create a new strong password
Public IP - IP of your AWS virtual private gateway
IKE Lifetime (Phase 1) - 8 hours (28800 seconds)
Tunnel Lifetime (Phase 2) - 1 hour (3600 seconds)
Dead Peer Detection Delay - 30 seconds
Encryption (Phase 1) - aes256
Encryption (Phase 2) - aes256
Integrity (Phase 1) - sha256
Integrity (Phase 2) - sha256
Diffie-Hellman Groups (Phase 1) - 16 - modp4096
Diffie-Hellman Groups (Phase 2) - 16 - modp4096
Step 2 - Opening the VPC service
Log in to AWS, and go to Services > VPC (you can use the searchbar).
Step 3 - Creating a new customer gateway
Go to Virtual Private Network (VPN) > Customer Gateways and click Create customer gateway.
Give the customer gateway a name and set the configuration as follows:
BGP ASN - 65000
IP address - IP of your GoodAccess Gateway
Click Create customer gateway to confirm your settings.
Step 4 - Creating a new virtual private gateway
If you already have a virtual private gateway attached to your VPC, skip this section and continue with Step 5 - Creating a new VPN connection.
Go to Virtual Private Network (VPN) > Virtual Private Gateways and click Create virtual private gateway.
Give the virtual private gateway a name, and choose Amazon default ASN.
Click Create virtual private gateway to confirm your settings.
Select the newly created virtual private gateway and click Attach to VPC.
Step 5 - Creating a new VPN connection
Go to Virtual Private Network (VPN) > Site-to-Site VPN Connections and click Create VPN connection.
Give the VPN connection a name and set the configuration as follows:
Target gateway type - Virtual private gateway
Customer gateway - Existing
Routing options - Static
Static IP prefixes - Subnet of your GoodAccess Gateway
Open Tunnel 1 options:
Pre-Shared key for Tunnel 1 - Shared Secret (Step 1)
Select Edit tunnel 1 options
Phase I & II - Must match configuration from GoodAccess (Step 1)
Click Create VPN connection to confirm your settings.
Step 6 - Adding new routes
Go to Virtual Private Cloud (VPC) > Route Tables. Click Edit routes and Add the following routes:
Destination | Target |
Subnet of VPC | Local (default) |
0.0.0.0/0 | Local Gateway (default) |
Subnet of your GoodAccess Gateway |
Don't forget to Save changes.
You have now successfully connected your AWS cloud to GoodAccess.
You may check the status of the connection in:
GoodAccess - Control Panel > Clouds & Branches > Edit button > Test connection
AWS - Virtual Private Network (VPN) > Site-to-Site VPN Connections
The configuration shows two tunnels created for the same VPN connection to AWS. We recommend using the first one.
If you have a second gateway and want backup, you can use the second tunnel for a high availability solution.
Last updated