Learn to Code! (Or, An Easy Way to Create AWS Site-to-Site VPNs)

For the past several months, I’ve been attending school full time to learn how to program. Specifically for C#, ASP.NET Core MVC, SQL, and using this to develop web applications for hosting on the Azure platform. To say I learned a lot would be an understatement.

My background is mostly in Network Engineering, but for the past few years, I’ve seen the writing on the wall that programming skills are becoming more and more of a requirement for “infrastructure” folks. As we leverage cloud and virtualization solutions more and more, there is more and more which can be done with code, and for good reason. I can programmatically build out my infrastructure with code, and test and deploy it in a fraction of the time it would take to build out a physical environment. Moreover, if something in this virtual infrastructure should break, I can simply redeploy the infrastructure with the existing code instead of spending hours (or maybe even days) troubleshooting why it broke and then fixing it.

So, I decided I wanted to learn how to code. I had gone through previous spurts of tinkering with programming but felt I just didn’t have the chops to leverage it and just wanted to finally immerse myself. The course I enrolled in (Microsoft Software and Systems Academy) was geared more towards the application developer, and not towards us infrastructure folks. But, this was okay: I wanted to learn the deeper concepts, beyond scripting, and use that to supplement my existing knowledge.

So as my course came to a close, I decided I wanted to revisit some infrastructure tasks I had completed previously in the AWS GUI (or the long way), and build those out using code. A test, of sorts, to see what I had really learned…It was refreshing.

A result of that revisit is a Python script which performs the following:

  1. Creates all the components required in AWS for a Site-to-Site VPN with default settings (default meaning AWS generated pre-shared keys, inside IPs, DH algorithms, AWS-side private BGP AS, etc.), in a default region (as per AWS CLI config). These components are:
    • Customer Gateway
    • Virtual Private Gateway
    • Virtual Private Network
    • Enable Route Table Propagation
  2. Generates on-prem side configuration templates for various types of equipment.

You can find this on my GitHub account: aws-s2s-vpn-config

The big takeaway I have from this, now that I’m more familiar with coding concepts, is that cloud providers are really geared towards being interacted with programmatically, and the documentation for doing so is actually really good.

So, if you are an older-school server or network guy/gal (or other infrastructure type), dive in and get some coding skills because it will keep you relevant, make your job easier, and hugely benefit your organization. If you’re looking to get started, Al Sweigart has his “Automate The Boring Stuff With Python” available for free, and the accompanying course on Udemy is usually fairly cheap.

Good luck!