# AWS EC2實例創建與VPN連線
## Today's Goal:
- Understand basics of AWS EC2 service
- Understand VPC architechture
- Create an EC2 instance on AWS
- Setup VPN connection to AWS VPC and access private resources
## Introduction
### What is EC2
Elastic Compute Cloud (EC2) is a compute platform with customizable core, storage, memory and operating system images.
Some advanced features:
- Auto-scaling: automatically launch new instances on high loading
- Load balancing: distributing traffics to multiple instances
- Marketplace: provides more pre-installed software or environment on different platforms
### What is VPC
Amazon Virtual Private Cloud (Amazon VPC)
*(Introduced last time)*
### What is AWS Client VPN
> AWS Client VPN 是以用戶端為基礎的受管 VPN 服務,能讓您安全地存取您的 AWS 資源或您的內部部署網路。您可以藉由 AWS Client VPN 來設定使用者可以連線的端點,以建立安全 TLS VPN 工作階段。如此可讓用戶端使用以 OpenVPN 為基礎的 VPN 用戶端,從任何位置存取 AWS 或內部部署中的資源。如需詳細資訊,請參閱 AWS Client VPN 管理員指南。
- Difference between site-to-site VPN
## Workshop
### Create an EC2 instance
- Go to EC2 service
- Select "launch instances"
- Enter instance name
- Choose "Application & OS Images" > select Amazon linux 2
- Choose "Instance type" > select "t2.micro"
- Select Key pair for login credential > Create new key pair
- Remember to save the private key
- Setup Network settings > select existing security group
### Connecting to an instance
#### Public access:
- fetch public IP of the instance
- use the following command to connect:
```bash
ssh -i id_rsa.pem ec2-user@your-public-ip
```
#### Private access:
- Client VPN
- Site-to-site VPN (Not in this tutorial)
- Setup rsa key pair with this instruction:
- https://docs.aws.amazon.com/zh_tw/vpn/latest/clientvpn-admin/client-authentication.html#mutual
- Create VPN endpoint:
- In VPC > Client VPN Endpoints > create client VPN endpoint
- Client IPv4 CIDR: `10.0.0.0/22`
- Select imported certificate in "Server certificate ARN" > `server`
- Select "Use mutual authentication"
- Associate target network
- In VPC > Client VPN Endpoints > `your created VPN endpoint`
- Select Target network accoications > Assoicate target network
- Select the same VPC and subnet of the instance
- Add authorized rule
- In VPC > Client VPN Endpoints > `your created VPN endpoint`
- Select Authorization rules > Add Authorization rules
- Destination network to enable access: ~~`10.0.0.0/22`~~(Use the same IPv4 CIDR of your VPC)
- Connect via OpenVPN
- In VPC > Client VPN Endpoints > `your created VPN endpoint`
- Download client configuration
- Add the following contents to the .ovpn file:
```
<cert>
Contents of client certificate (.crt) file
</cert>
<key>
Contents of private key (.key) file
</key>
```
- Download & install openvpn client
- Connect to the vpn
```bash
sudo apt install openvpn
openvpn <config.ovpn>
```
- Connect to EC2 instance
```bash
ssh -i id_rsa.pem ec2-user@private-ip
```
## Reference
- https://aws.amazon.com/tw/ec2/
- https://docs.aws.amazon.com/zh_tw/vpc/latest/userguide/what-is-amazon-vpc.html
- https://docs.aws.amazon.com/zh_tw/vpn/latest/clientvpn-admin/cvpn-getting-started.html
- https://docs.aws.amazon.com/zh_tw/vpn/latest/clientvpn-admin/client-authentication.html#mutual
Sign in via Google
Sign in via Facebook
Sign in via X(Twitter)
Sign in via GitHub
Sign in via Dropbox
Sign in with Wallet
Connect another wallet