#!/bin/bash # A script to create a Site-to-Site VPN connection using AWS CLI. # --- Configuration --- REGION="us-east-1" CUSTOMER_GATEWAY_IP="198.51.100.1" # !!! IMPORTANT: Replace with your actual on-premises public IP address !!! BGP_ASN=65000 # Your on-premises BGP ASN CGW_NAME="MyCLICustomerGateway" VGW_NAME="MyCLIVirtualPrivateGateway" VPN_CONN_NAME="MyCLIVPNConnection" # --- 1. Get Default VPC --- echo "--- Getting Default VPC ID ---" VPC_ID=$(aws ec2 describe-vpcs \ --filters "Name=is-default,Values=true" \ --query "Vpcs[0].VpcId" \ --region $REGION \ --output text) if [ -z "$VPC_ID" ]; then echo "Error: Could not find a default VPC. Exiting." exit 1 fi echo "Default VPC ID: $VPC_ID" # --- 2. Create Customer Gateway --- echo -e "\n--- Creating Customer Gateway: $CGW_NAME ---" CGW_ID=$(aws ec2 create-customer-gateway \ --type ipsec.1 \ --public-ip $CUSTOMER_GATEWAY_IP \ --bgp-asn $BGP_ASN \ --tag-specifications "ResourceType=customer-gateway,Tags=[{Key=Name,Value=$CGW_NAME}]" \ --region $REGION \ --query 'CustomerGateway.CustomerGatewayId' --output text) echo "Customer Gateway created with ID: $CGW_ID" # --- 3. Create Virtual Private Gateway and Attach to VPC --- echo -e "\n--- Creating Virtual Private Gateway: $VGW_NAME ---" VGW_ID=$(aws ec2 create-vpn-gateway \ --type ipsec.1 \ --amazon-side-asn 64512 \ --tag-specifications "ResourceType=vpn-gateway,Tags=[{Key=Name,Value=$VGW_NAME}]" \ --region $REGION \ --query 'VpnGateway.VpnGatewayId' --output text) echo "Virtual Private Gateway created with ID: $VGW_ID. Attaching to VPC '$VPC_ID'..." aws ec2 attach-vpn-gateway \ --vpc-id $VPC_ID \ --vpn-gateway-id $VGW_ID \ --region $REGION echo "Waiting for VGW to attach..." sleep 10 # Give it some time to attach # --- 4. Create VPN Connection --- echo -e "\n--- Creating VPN Connection: $VPN_CONN_NAME ---" VPN_CONN_ID=$(aws ec2 create-vpn-connection \ --type ipsec.1 \ --customer-gateway-id $CGW_ID \ --vpn-gateway-id $VGW_ID \ --options "StaticRoutesOnly=true" \ --tag-specifications "ResourceType=vpn-connection,Tags=[{Key=Name,Value=$VPN_CONN_NAME}]" \ --region $REGION \ --query 'VpnConnection.VpnConnectionId' --output text) echo "VPN Connection created with ID: $VPN_CONN_ID. Waiting for it to be available..." aws ec2 wait vpn-connection-available \ --vpn-connection-ids $VPN_CONN_ID \ --region $REGION echo "VPN Connection is available." # --- 5. Output VPN Configuration --- echo -e "\n--- VPN Connection Setup Complete! ---" echo "VPN Connection ID: $VPN_CONN_ID" echo "You can download the configuration file for your on-premises device using:" echo "aws ec2 get-vpn-connection-device-types --vpn-connection-id $VPN_CONN_ID --region $REGION" echo "aws ec2 get-vpn-connection-device-sample-configuration --vpn-connection-id $VPN_CONN_ID --vpn-connection-device-type-id --internet-key-exchange-version ikev2 --output text" read -p "Press Enter to delete the VPN connection and clean up resources..." # --- Clean Up --- echo -e "\n--- Cleaning up resources ---" # Delete VPN Connection echo "Deleting VPN Connection '$VPN_CONN_ID' நான்குக" aws ec2 delete-vpn-connection \ --vpn-connection-id $VPN_CONN_ID \ --region $REGION echo "Waiting for VPN connection to be deleted..." aws ec2 wait vpn-connection-deleted \ --vpn-connection-ids $VPN_CONN_ID \ --region $REGION echo "VPN Connection deleted." # Detach and Delete Virtual Private Gateway echo "Detaching Virtual Private Gateway '$VGW_ID' from VPC '$VPC_ID' நான்குக" aws ec2 detach-vpn-gateway \ --vpc-id $VPC_ID \ --vpn-gateway-id $VGW_ID \ --region $REGION echo "Waiting for VGW to detach..." sleep 10 # Give it some time to detach echo "Deleting Virtual Private Gateway '$VGW_ID' நான்குக" aws ec2 delete-vpn-gateway \ --vpn-gateway-id $VGW_ID \ --region $REGION echo "Virtual Private Gateway deleted." # Delete Customer Gateway echo "Deleting Customer Gateway '$CGW_ID' நான்குக" aws ec2 delete-customer-gateway \ --customer-gateway-id $CGW_ID \ --region $REGION echo "Customer Gateway deleted." echo -e "\n--- Site-to-Site VPN demonstration and cleanup complete ---"