Trying to understand pricing. I want to create a single VPN endpoint and client connection from my home network to an AWS VPC.
I’ve looked around and can’t make sense of the pricing. What am I being billed for and what each of that costs. Any help?
Thanks in advance.
If this is just for a personal project or hobby stuff, I would instead suggest setting up SSM for connecting to private EC2s. Then have an EC2 that you only spin up when needed.
Managed client VPN is very very expensive. My company almost didn’t go with it due to cost.
Using USE1 pricing: https://aws.amazon.com/vpn/pricing/
You pay $0.10 per hour per subnet in your VPC to have the VPN endpoint available and listening.
You pay $0.05 per hour per connected client.
So for example if you have a VPC with 3 subnets that you want to access and you have a single home PC connected 24/7 you’ll pay: (3x $0.10 + 1x $0.05) x 24 x 31 = $260.40 a month (31 days)
If you connect and disconnect as needed, you’ll still pay the full whack for the subnet connections, but the connected client cost will be pro-rated per hour.
Don’t. Set up a t4g.micro with openvpn if you really need it. Use ssm if you can. But aws’ vpn solution is really just a tick the box thing that isn’t cheap and doesn’t make a lot of sense. If you are small, run your own. If you are big, run your own. Theirs just doesn’t make a lot of sense, and definitely not in your scenario.
If you just need a single vpn endpoint, use the opensource version of openvpn. A bit hacky but will get the job done.
there is a load of solutions online.
You can even run a small ec2 in , maybe a micro instance in VPc, and use this docker image:
Again, this is only for personal uses.
For production or mass user usage, I would go with openvpn server.
aws vpn has tons of bugs, and had to stray from it in my previous role, had many connection issues, and found openvpn much more stable.
First of all, Thank you so much for this.
Second, YIKES.
Is there a more cost-effective solution?
Also, I was planning to put the vpn endpoint om an existing VPC/subnet that has other resources and then create peerings between them. Is that possible?
vs creating a site-to-site connection at home for $36 a month + data transfer out costs.
If you want a cheap option, setup openVPN on a small EC2 within a public subnet and make sure to use IPv6 only.
Probably the cheapest connectivity you’ll be able to find, but you’ll be limited by your DC2 bandwidth.
Haven’t tested it though, you may want to doublecheck if you can create a VPN tunnel over ipV6 with openVPN
Yes, there is a more cost effective solution - several actually, but if you want OpenVPN, you can either spin up your own small EC2 instance, install OpenVPN server, etc. Or spin up a Marketplace instance of OPNSense, and configure OpenVPN.
My org went with OPNSense because it’s easier for younger admins to manage, and based on the number of VPN users we have, the $125 per month we spend on it is vastly cheaper than the AWS managed client VPN service.
twingate has a free option. You can have the task up and running in fargate in less than 10 minutes and spin it up and down as needed.
Site to site is great if you have a static IP but that’s not the case here though.
Can you tie an OPNsense instance to a VPC? I want to be able to use my resources with private IPs.
Another option is OpenZiti (https://github.com/openziti). Similar to Twingate in that its a zero trust overlay, rather than a VPN, but its open source and thus can be self-hosted (SaaS versions exist).
Of course. Put it in the Public subnet, and create routes to and from it in the other subnets. Just make sure that the Source/Destination check is “disabled” so that it can NAT/masquerade the traffic through.
OpenVPN into it, and you can access all of the internal resources in the Private subnets. You can create additional access servers within to link LDAP to Active Directory, create MFA tokens for OTP codes, to allow you to button it down from nefarious people. Just like the AWS magaged client VPN, only cheaper.
For my org, the AWS managed client VPN service would cost us several thousand dollars a month. The OPNSense box is $125 per month.