AWS VPC access from Raspberry Pi

Question

We have some services running in AWS VPC. These services only accessible within VPC only. For development purpose, need access to these services from office location. So trying to setup WiFi access point on Raspberry Pi and planning to connect Raspberry Pi to VPC by AWS Site-to-Site VPN. But Raspberry Pi connected to by Ethernet. AWS VPN (Customer Gateways) needs private IP of the Appliance, in this case I will be using Raspberry Pi which will not have public IP but just local private IP (on Ethernet)

Is there a way to make this workable ?

Answer 1

If you do not currently have any connection between the office network and the VPC, then this will need to be established across the Internet. It requires a Customer Gateway, which is the device on your corporate network that is accessible from the Internet, which will terminate that end of the VPN connection.

If the Raspberry Pi is your VPN endpoint, then it will need to be reachable from the Internet. Alternatively, a different network device will need to be accessible, which can then forward traffic to the Raspberry Pi.

See: What is AWS Site-to-Site VPN?

If the Raspberry Pi is behind the firewall and therefore not accessible from the Internet, then in theory it cannot be used for the connection. However, I have seen cases where a VPN termination endpoint makes an outbound request to the Internet and, in doing so, allow "return" traffic to come back in via a stateful firewall if the traffic appears to be a "response" to the outbound request. I've seen that operate between two AWS VPCs, it might be possible to achieve a similar result with your own firewall.