Use Terraform to deploy Wireguard on AWS

$ wg genkey | tee server-privatekey | wg pubkey > server-publickey
aws ssm put-parameter \
--region ap-east-1 \
--name /wireguard/wg-server-private-key \
--type SecureString \
--key-id alias/aws/ssm \
--value "$(cat server-privatekey)"
aws ec2 describe-vpcs — vpc-ids=vpc-084a85c00a9b367cdaws ec2 describe-subnets — filters “Name=vpc-id,Values=vpc-084a85c00a9b367cd” — query ‘Subnets[*].{ID:SubnetId,CIDR:CidrBlock}’
[
{
“ID”: “subnet-0e0a42622c88cde3c”,
“CIDR”: “172.31.0.0/20”
},
{
“ID”: “subnet-0d8de7662ad823bd0”,
“CIDR”: “172.31.16.0/20”
},
{
“ID”: “subnet-0e75c34d3fbc916c2”,
“CIDR”: “172.31.32.0/20”
}
]
aws ec2 describe-key-pairs
provider "aws" {region     = "ap-east-1"
}
resource "aws_eip" "wireguard" {
vpc = true
tags = {
Name = "wireguard"
}
}
module "wireguard" {
source = "git@github.com:jmhale/terraform-wireguard.git"
ssh_key_id = "lg-2016"
instance_type = "t3.micro"
vpc_id = "vpc-084a85c00a9b367cd"
subnet_ids = ["subnet-0e0a42622c88cde3c"]
use_eip = true
eip_id = "${aws_eip.wireguard.id}"
wg_server_net = "10.168.2.1/24" # client IPs MUST exist in this net
wg_client_public_keys = [
{ "10.168.2.2/32" = "E5Ep3FzI75VSEHiZjH0Mb6jvmF9kmvhAtUOSqCtI/WY=" }, # make sure these are= correct
]
}
then run
terraform init
terraform apply
terraform state list
aws_eip.wireguard
module.wireguard.data.aws_ami.ubuntu
module.wireguard.data.aws_iam_policy_document.ec2_assume_role
module.wireguard.data.aws_iam_policy_document.wireguard_policy_doc
module.wireguard.data.aws_ssm_parameter.wg_server_private_key
module.wireguard.data.template_file.user_data
module.wireguard.data.template_file.wg_client_data_json[0]
module.wireguard.aws_autoscaling_group.wireguard_asg
module.wireguard.aws_iam_instance_profile.wireguard_profile[0]
module.wireguard.aws_iam_policy.wireguard_policy[0]
module.wireguard.aws_iam_role.wireguard_role[0]
module.wireguard.aws_iam_role_policy_attachment.wireguard_roleattach[0]
module.wireguard.aws_launch_configuration.wireguard_launch_config
module.wireguard.aws_security_group.sg_wireguard_admin
module.wireguard.aws_security_group.sg_wireguard_external
terraform state show aws_eip.wireguard
# aws_eip.wireguard:
resource “aws_eip” “wireguard” {
domain = “vpc”
id = “eipalloc-06abd84943a7203cd”
network_border_group = “ap-east-1”
public_dns = “ec2–18–167–158–196.ap-east-1.compute.amazonaws.com”
public_ip = “18.167.158.196”
public_ipv4_pool = “amazon”
tags = {
“Name” = “wireguard”
}
vpc = true
}

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store