VPC Ninja - Part 2 - Private subnets with VPN (continued)

Support Mobycast
https://glow.fm/mobycast

In this episode, we cover the following topics:

• Before we get started, a CAVEAT. There are other (potentially BETTER) ways of accessing resources on private subnets. 
  • We'll talk about these (such as AWS Client VPN or AWS Systems Manager Session Manager) in future episodes. 
  • But a great choice (with the most flexibility/power) remains our current choice: a third-party software-only VPN solution. 
• There are many options for third-party software VPNs, both commercial and open source. Some of the options we considered include: 
  • SoftEther 
  • Openswan 
  • OpenVPN (* our choice) 
• Discussion of the different flavors and pricing models for OpenVPN Access Server.
• Step-by-step walkthrough of installing OpenVPN Access Server via the AWS Marketplace. 
  • Including how to setup TLS for your VPN server. 
• We detail the process of how to create private subnets within a VPC. 
  • Create new subnets to be used as private subnets, keeping in mind a multi-AZ design. 
  • Routing table considerations. 
  • Setting up a NAT gateway to forward Internet traffic for private subnets. 
• Some pro tips to keep in mind when building out your cloud network. 
  • CIDR block considerations (the "Goldilocks" approach to sizing). 
  • Did you know that NAT gateways are SPOFs? We discuss how to improve availability. 

Links

• VPC with Public and Private Subnets (NAT)
• Software VPN
• OpenVPN
• SoftEther
• Openswan
• Amazon Web Services EC2 BYOL appliance quick start guide
• AWS Certificate Manager
• ZeroSSL

End Song
Tachyon, by Roy England

For a full transcription of this episode, please visit the episode webpage.

We'd love to hear from you! You can reach us at:

• Web: https://mobycast.fm
• Voicemail: 844-818-0993
• Email: [email protected]
• Twitter: https://twitter.com/hashtag/mobycast
• Reddit: https://reddit.com/r/mobycast