Create a VPN server on demand and terminate when needed.
CloudFormation Templates are forthcoming but for now here's the install process:
-
Create an AWS account
-
Create a Security Group that allows port 1194 inbound from 0.0.0.0/0 and SSH in only from your trusted IP (like your house)
-
Create an SNS Topic for notifications. Subscribe to the topic with your email address
-
Create an IAM EC2 Role that allows S3 Read and Write
-
Create two S3 buckets, one for holding the VPN config file, one for holding the generated VPN keys
-
Create an SSH Key, download, and stash it somewhere safe. You shouldn't ever need it unless you need to SSH to the instance for some reason and troubleshoot something
-
Upload the included OpenVPN config file (or one that you've created) to the config S3 bucket
-
Create a new Lambda function with the following environemnt variables populated with your values:
SNS_TOPIC_ARN = The TopicARN you created in step 3, IAM_PROFILE = The IAM EC2 Role you created in step 4, OPENVPN_KEY_BUCKET_NAME = The key bucket you created in step 5, OPENVPN_CONFIG_BUCKET_NAME = The config bucket you created in step 5, AMI_ID = The AMI of the instance you want to launch. All testing was done with the Amazon Linux AMI, SECURITY_GROUP_ID = The SecurityGroupID you created in step 2, INSTANCE_TYPE = The type of instance to use. t2.nano or t2.micro should work fine, KEY_NAME = The name of the key you created in step 6
-
Create a new IOT device following Amazon's setup instructions for the IOT button
-
Create a rule for the IOT button to the Lambda function you created in step 8
-
Create a Lambda function with the following environment variables populated with your values. Set up a trigger for the S3 bucket for keys you created in step 5. The trigger should be on Object PUT operations SNS_TOPIC_ARN = The TopicARN you created in step 3
Enjoy VPN goodness