How do I download AWS Site-to-Site VPN example configuration files?

3 minute read

I want to access AWS Site-to-Site VPN example configuration files. How can I do this?

Short description

To download Site-to-Site VPN example configuration files, use the Download Configuration utility.

There are two ways to access the Download Configuration utility:

For a list of available example configuration files, see Example configuration files

Important: To use the Download Configuration utility, the following AWS Identity and Access Management (IAM) permissions are required:

  • ec2:GetVpnConnectionDeviceTypes
  • ec2:GetVpnConnectionDeviceSampleConfiguration

If your IAM policy has an EC2 wildcard (*), you don't need to manually add these permissions. 


To access the Download Configuration utility from the Amazon VPC console

1.    Open the Amazon VPC console.

2.    In the left navigation pane, under VIRTUAL PRIVATE NETWORK (VPN), choose Site-to-Site VPN Connections.

3.    Choose the name of your VPN connection.

4.    Choose Download Configuration.

5.    For Vendor, select your Customer Gateway device vendor.   
If your vendor isn't listed, select Generic

6.    For Platform and Software, select the values that apply to your use case. 

7.    For IKE Version, select the protocol version that applies to your use case.

8.    Choose Download.The example configuration file downloads to your computer.

To access the Download Configuration utility from the AWS CLI

Note: If you receive errors when running AWS CLI commands, make sure that you're using the most recent version of the AWS CLI.

1.    List all available device configuration example files and get the VpnConnectionDeviceTypeId for your device by running the following get-vpn-connection-device-types command: 

Important: Replace <aws-region> with your AWS Region. 

aws ec2 get-vpn-connection-device-types --region <aws-region>

Example command output:

            "VpnConnectionDeviceTypeId": "7125681a",
            "Vendor": "Fortinet",
        "Platform": "Fortigate 40+ Series",
            "Software": "FortiOS 6.4.4+ (GUI)"
        "VpnConnectionDeviceTypeId": "9005b6c1",
            "Vendor": "Generic",
            "Platform": "Generic",
        "Software": "Vendor Agnostic"
            "VpnConnectionDeviceTypeId": "670add1b",
        "Vendor": "H3C",
            "Platform": "MSR800",
            "Software": "Version 5.20"

2.    Return the example configuration files you want by running the following get-vpn-connection-device-sample-configuration command:

aws ec2 get-vpn-connection-device-sample-configuration --vpn-connection-id <vpn-id> --vpn-connection-device-type-id <device-type-id> --internet-key-exchange-version <ike-version> --region <aws-region> --output text

Important: Replace --vpn-connection-id with your VPN connection ID.
Replace --internet-key-exchange-version with your internet key exchange version.
Replace --vpn-connection-device-type-idwith the the Vendor:Platform:Software version from the previous command output.

Related information

What do I do if I can't find the device specific VPN configuration file for my vendor?

AWS OFFICIALUpdated 2 years ago