# Create AWS Remote Access VPN with WireGuard - deprecated
## Intro
An AWS account typically consists of multiple VPCs and private subnets. You may wish to provide remote access to private subnets or endpoints on AWS without exposing them publicly.
AWS has their own remote access VPN solution called “AWS Client VPN”. However, this can be unnecessarily expensive. With several users and endpoints, you can easily spend hundreds of dollars per month.
You can build a solution using WireGuard® and Netmaker for free. Follow these steps, and you should be up and running in about 30 minutes.
By the end of this tutorial, you will have a gateway device running on AWS, on which you can easily attach WireGuard clients to access private AWS resources.
## Scenario
In this example, Rocket Chat runs on AWS and is only accessible over the VPC address (172.31.95.26). We want a developer to be able to log into Rocket Chat using this private address.
For your setup, this can be any private IPs or subnets on AWS, as long as the addresses are accessible from the gateway device (EC2 instance).
## Step 1: Deploy the Gateway Device
Select a device in AWS to act as your VPN gateway. This can be a container or EC2 instance, but must be Linux-based. You can use an existing instance, but if deploying a new instance, Ubuntu 22.04 is recommended. You can use t2.micro, as it is not resource intensive.
This device must have access to the target devices or subnets, so make sure it is deployed in the correct availability zone, and that the target devices’ security settings allow traffic from the gateway device.
Lastly, the device must be accessible publicly over the WireGuard port, which by default for Netmaker is 51821, so open 51821/udp to 0.0.0.0/0 in the Security settings, and make sure it has a publicly reachable IP (e.g. Elastic IP address).
Gateway Requirements:
* Device Type: EC2 Instance or Container (EC2 Instance recommended)
* OS: Linux (Ubuntu 22.04 recommended)
* Size: any (t2.micro recommended)
* Network Settings: Must have a public endpoint, and expose 51821/udp publicly
## Step 2: Add Gateway Device to Netmaker
{% content-ref url="/pages/8023dcd81897c9bc7f43477add0ae990e6caf0ac" %}
[Gateways](/features/gateways.md)
{% endcontent-ref %}
## Step 3: Configure Egress
Click on “Add route”. Set the gateway device as an egress to the target IP address in AWS. In the example this is 172.31.95.26/32; modify as appropriate and provide multiple ranges if necessary.
Configure your Egress Gateway:
The device is now prepared to serve traffic to the target destination.
## Step 4: Configure Gateway
{% content-ref url="/pages/p29XsHMCd06A3OOepszC" %}
[How to Create and Configure Gateways](/getting-started/walkthrough/how-to-create-and-configure-gateways.md)
{% endcontent-ref %}
 
If everything has gone correctly, the private address should now be accessible from the local device:
You can generate additional clients as necessary, so your gateway provides access for a whole team.
## Summary
{% stepper %}
{% step %}
### Configure AWS for a netmaker gateway.
{% endstep %}
{% step %}
### Configure an EC2 instance to act as the remote access gateway.
{% endstep %}
{% step %}
### Generate and run a WireGuard config file locally to access AWS via the gateway.
{% endstep %}
{% endstepper %}
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://learn.netmaker.io/how-to-guides/create-aws-remote-access-vpn-with-wireguard-deprecated.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.