Ensure that the state of your Amazon VPN tunnels is UP to ensure network traffic flow over your Virtual Private Network. Cloud Conformity is continuously monitoring your AWS VPN tunnels for downtime and sends alert notifications if these become unavailable (DOWN).
(Optional) you can also create CloudWatch alarms that monitor the state of your VPN tunnels and send email notifications when the tunnels state changes to DOWN. The AWS CloudWatch metric that can be used to detect a VPN tunnel status changes is:
TunnelState – the state of an AWS VPN tunnel. 0 indicates DOWN (offline) and 1 indicates UP (online). Units: Count.
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Using Cloud Conformity continuous monitoring for your VPN tunnels will help you take immediate actions in the event of a failure, in order to maximize uptime and ensure network traffic flow over your Amazon VPN connections at all times.
To determine the current state of your AWS Virtual Private Network (VPN) tunnels, perform the following:
If your AWS VPN connection tunnels are currently DOWN (offline), check your on-premise (local) firewall configuration to ensure that your firewall configuration is allowing the same services in its ACLs and/or firewall policies. If you are unable to resolve the issue, you should contact AWS Support for assistance. To open a technical support case with AWS support, perform the following actions:Note: Creating an AWS Support case using the AWS API via Command Line Interface (CLI) is not currently supported.
Cloud Conformity is continuously monitoring the state of your AWS VPN tunnels and sends alert notifications whenever a VPN tunnel goes offline (status changes to DOWN).
(Optional) You also have the option to create your custom notification system using AWS CloudWatch and AWS SNS. To create your own notification system, perform the following steps:
Step 1: Create a Simple Notification Service (SNS) topic and the necessary subscription to send email notifications whenever the appropriate AWS CloudWatch alarm is triggered:
Step 2: Create an AWS CloudWatch alarm that will fire and send email notifications whenever the specified Amazon VPN tunnel state is DOWN for 3 consecutive 5-minute periods.