Bug #8062
closed
Fixes to AWS VPC VPN wizard
100%
Description
A mixture of bug fixes and featured for the vpc vpn wizard.
Use FRR BGP instead of OpenBGP¶
OpenBGP currently doesn't work with IPsec due to: https://redmine.pfsense.org/issues/6223. Switching to FRR made BGP usable again.
Added support for assuming role using EC2 instance profiles¶
Rather than having to enter the access/secret keys on the GUI, this allows one to use an IAM role attached to the pfsense instance to give it the necessary permissions to configure the VPN. The AWS SDK will pull temporary credentials out of the instance metadata automatically. It's a more secure and usable approach since it does away with having to manage access keys yourself. It's also the recommended approach by AWS:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html
This works cross account too.
The old method is still there so you can use either.
Made security group configuration optional¶
The sec group configuration part of the wizard goes through every single security group inside a VPC and opens it up to the subnets routed over the VPN. This approach is a bit heavy handed and not necessary if you have something else managing your security groups already (e.g. Terraform, Cloud Formation).
I couldn't find this on Github so attached the relevant files here. Please let me know if this is not the right place.
Used aws-wizard 0.7 as a base for this and tested on 2.4.0
Updated by 
Updated by