I have been following this guide to setup my AWS architecture, but instead of an ssh bastion host/jump box I'd prefer to use a VPN. There are lots of guides on connecting a VPC directly to a customer router, say for connecting the office to your AWS infrastructure.
However I'd like to make several individual users who can connect to the VPN directly from their laptops no matter their location. Just like individual employees can VPN into the office network, I'd like a solution where a few users could VPN directly into the AWS infrastructure.
Is that baked into AWS, or do I have to configure a separate EC2 instance with OpenVPN/Openswan to handle it?
Best Answer
I would suggest using an OpenVPN solution: https://docs.openvpn.net/how-to-tutorialsguides/virtual-platforms/amazon-ec2-appliance-ami-quick-start-guide/
Alternatively, if you don't want to spin up an instance just for that, you could terminate the VPN at your own firewall and provide routes to the AWS environment from there. Then you could either build your own VPN solution onsite or use whatever solution came with your edge gear.