Self hosting your own WireGuard based VPN in 5 minutes (video)

Jason G — Mon, 26 Sep 2022 16:57:55 +0000

First attempt at making a tutorial video for our open-source project. What do you think?

AWS VPN: Avoid a large surprise bill by using this cost calculator.

Jason G — Tue, 30 Aug 2022 18:18:49 +0000

Many AWS billing horror stories start with provisioned resources that were not terminated or forgotten. AWS's product offerings are vast, so how you're billed can often be complex. This is no exception for AWS VPN, which has 5+ variables that factor into your monthly bill.

The team at Firezone often helps companies through budgeting decisions regarding their remote access. We wrote this article to share the learnings. Below we break down the cost in a couple of common scenarios and provide a simple calculator to help project and visually illustrate the main contributors to your monthly bill. Hopefully, it's helpful!

What’s AWS VPN?

As security breaches become common place, properly managing remote access to your VPC is more critical than ever. AWS VPN lets you set up encrypted connections between your network or device and your AWS resources. AWS VPN consists of two products: Site-to-site VPN and Client VPN.

AWS site-to-site VPN allows you to create a secure connection between AWS and your on-prem servers, data centers, and other remote sites.

If you've looked for a point-to-site way to access your cloud resources on AWS securely, chances are you've looked at AWS Client VPN. AWS Client VPN is a managed solution that lets you securely access your resources on AWS. It uses the OpenVPN protocol and supports most features you'd find in a VPN (SSO, MFA).

A few example scenarios

Sample scenarios are the main section lacking from AWS' documentation. For those that want a rough budget of how much AWS VPN will cost each month, here are a few examples. To create your own, use our price calculator (make a copy).

Scenario 1 - Small team or personal project (1 VPC, 1 subnet, 3 users)

Cost: $96 per month ($1,152 annually)

This is likely the most simple use case for AWS VPN. It highlights the high fixed cost of target network associations, which for smaller teams will make up the majority of your cost each month.

With such a small group of users, a bastion host or self-managing something like WireGuard can be a good low-cost option. In theory, if your VPN demands are infrequent, you can remove any target-network associations when you are not using the VPN.

Scenario 2 - Medium sized team (2 VPCs, 3 subnets, 10 users, split tunnel)

Cost: $368 per month ($4,416 annually)

This is a more likely scenario for a team or small company. If you’re building software, your resources will be split across production, test, and dev environments. AWS themselves recommend splitting your environment across multiple accounts as your workloads become more complex.

Segregating your environments is great for your development processes and security, but it will increase your costs with AWS VPN. Each account requires a separate AWS Client VPN endpoint, and each subnet will require its own target network association. In this example, we’ll use 4 to represent dev, test, and prod split across 2 availability zones.

Scenario 3 - Larger company (50 users, 1 on-prem environment, 4 subnets, full-tunnel)

Cost: $850 per month ($10,200 annually)

The data egress costs will vary greatly depending on the company. In this example, we assumed 10 GB per user. That’s about 12 Zoom calls - maybe a bit conservative in today’s remote workplace.

Breaking down the cost ($USD)

Client VPN target network association - $0.10 to $0.15 per hourI asked my AWS rep if this can be disassociated when not used to save cost since it's the most significant contributor to fixed costs for smaller teams. I didn't get a straight answer, but let me know if you've tried this before.

Client VPN connection time - $0.05 per hourConnection time is the aggregate time your VPN users have connected to the VPN (rounded up to the nearest hour).

Site-to-site connection time - $0.05 per hourYou are charged for each hour that your VPN connection is provisioned and available. A common use case is creating a connection between your data center or on-prem network with the AWS VPC.

Egress traffic - $0.05 to $0.09 per GB for more North American + Europe regionsData egress is not usually a huge contributor to cost (for VPNs anyway) unless you turn on "full tunnel" traffic for clients. For the calculator, I ignored intra-region transfers. Those are priced at $0.01 per GB. Here's a useful resource from AWS on different types of data-transfer costs.

Site-to-site global accelerator premiums - $0.05 per hour + $0.015 to $0.091 per GBReleased in 2019, this feature improves VPN performance by routing VPN traffic through the AWS network instead of the public internet. This could be helpful when running latency-sensitive applications or workloads.

Tips to reduce costs

Split Tunneling

When setting up your Client VPN Endpoint, the default config option is to use a full tunnel (split tunneling disabled). This means all traffic from your end users will be routed through the endpoint - even traffic destined for the public internet. Ingress is free, but with zoom calls (up to 3.8 Mbps up) being commonplace, the costs can rack up quickly.

Terminate unused endpoints and associationsTarget network associations are the main fixed cost of AWS VPN. *If your usage is infrequent, you could disassociate the target networks until the route is needed again. Since AWS provides a CLI command and an API endpoint *for configuring target networks, you could even set up a script to “shut down” the VPN when it is not needed.

Set up a billing alarmUsing CloudWatch you can create an alert that triggers when current spending passes above a set threshold. Take a look at the AWS docs on how to set this up.

Should I use AWS VPN?

It depends. At a minimum you should probably ask yourself:

What’s my budget? Use the price calculator to figure out what your bill will likely be each month. There are plenty of other VPNs to pick from, though some may take more time to deploy and manage.
Where are my private resources? It makes more sense to use AWS VPN if most of your resources are located on AWS. For multi-cloud environments, you may want to consider a vendor agnostic solution.
What features do I need? The AWS docs do a pretty good job at answering this question.

Even with the potential costs, AWS VPN is a great product. It’s fully managed, highly available, and seamlessly ties into AWS IAM (federated to the IdP of your choice). How to pick the right remote access solution is a broad topic and deserves its own post. We'll leave that up to the reader for now.

Firezone is an open-source alternative to legacy corporate VPNs. Firezone runs on your infrastructure. It's painless to deploy, easy to manage, and built on WireGuard® to be 4x-6x faster than OpenVPN. We wrote this post because we often help our users understand the impact of different remote access products to their IT budget. AWS is always particularly tricky to forecast.

Visualization of the biggest code bases (using blender3d and data from dataisbeautiful)

Jason G — Fri, 10 Apr 2020 23:15:28 +0000

Maybe a bit too far with the zooming, will be better next time!
Youtube - https://www.youtube.com/watch?v=afEg6VuAQJQ
Data - https://docs.google.com/spreadsheets/d/1s9u0uprmuJvwR2fkRqxJ4W5Wfomimmk9pwGTK4Dn_UI/edit#gid=5

Trying to make better quality Python videos and looking for feedback! Here's one of our first videos on Web Scraping and SQLite

Jason G — Fri, 21 Feb 2020 20:14:19 +0000

There's quite a lot of content on Youtube for Python and we've all likely skipped through many videos with bad audio or really small font trying to find an answer to a problem. We want to make better quality and more entertaining content for Python, so we'd really appreciate any feedback on the videos we've made so far, suggestions on what topics you would like us to cover or just your thoughts in general about developer content on Youtube.

Here are the links to our first couple videos.
Web Scraping - https://www.youtube.com/watch?v=ogPMCpcgb-E
SQLite - https://www.youtube.com/watch?v=girsuXz0yA8

Some Feedback so far

better audio levels
more depth into a topic

DEV Community: Jason G