Various topologies may be possible to establish using the AWS VPC Configuration Wizard. This section enumerates some of the configurations that were successfully tested.
Various hardware platforms.
64-bit virtual machines in VMware vSphere/ESX.
Amazon EC2 instances (Xen virtual machines) of the pfSense® Certified Router/Firewall/VPN AMI from Netgate.
Local network/routing configurations:
pfSense with a public address configured on the WAN interface.
pfSense with a private address configured on the WAN interface behind a 1:1 NAT.
pfSense with a private address configured on the WAN interface behind a PAT (1:many NAT).
pfSense connected to a single VPC.
pfSense connected to multiple VPC’s in different regions.
Amazon EC2 instance of the pfSense Certified Router/Firewall/VPN AMI connected to a VPC belonging to the same AWS account in a different region.
Amazon EC2 instance of the pfSense Certified Router/Firewall/VPN AMI connected to a VPC belonging to a different AWS account in the same region.
The configuration recommended for the greatest amount of stability is to have a public IPv4 address directly configured on the WAN interface of your pfSense firewall, but VPNs have been successfully established under all of the conditions listed above.
Whether any of these solutions is appropriate for you should be evaluated in the context of your needs and existing infrastructure. Other configurations not listed above may be possible as well.