Secure Your AWS Resources with Twingate VPN

Wed, Mar 26, 2025

Read in 1 minutes

Original post on dev.to: https://dev.to/jjrawlins/secure-your-aws-resources-with-twingate-vpn-4em6

Twingate Architecture:

Twingate VPN Architecture in AWS

Benefits:

1.) Unlike OpenVPN, which requires exposing your VPN EC2 asset to a public subnet, Twingate connectors do not require an inbound security group.

Security Group Setup

  1. Another benefit is that the network is controlled by groups, so you don’t need separate logins for each account. Log in once, and if you have the correct resource permissions set up, you can access everything you need.

Deployment:

There are several options for deploying a connector. The documentation is really good. You can deploy via Kubernetes, CloudFormation, or Terraform.

We rolled our own CDK stack that deploys the AMI, AWS Secret, and maintenance schedule with an SSM document to perform the updates. This allowed us to deploy it once and basically forget about it as it updates itself. Since we deploy it in two AZs, it rarely ever has an outage.

For more information, I highly recommend their documentation ->

https://www.twingate.com/docs/