eero SimpleConnect

Using SimpleConnect, eero for Business customers are now able to integrate their AWS accounts for centralized access and ease of use. SimpleConnect includes a number of features designed for additional network configuration, such as Site-to-Site VPN configuration, AWS Transit Gateway (TGW), and AWS Cloud WAN.

Advanced configuration of AWS requires the linking of an existing AWS account to proceed. Be sure to link your AWS account prior to proceeding with any additional configuration steps through Insight.

Check out the information below for more details on AWS account integration, Transit Gateway Configuration, Cloud WAN Configuration, and advanced configuration options.

Account Linking Prerequisites

Before continuing with AWS account integration or other configuration steps, be advised of the following prerequisites required for functionality. In order to proceed, your network and account must meet the following criteria:

• Your network must be an eero for Business network
• Your network must use an eero PoE Gateway
• Your network firmware version must be v7.12.4 or later
• The feature must be enabled for your organization
• You must have valid AWS account credentials
• You must have administrative access to create IAM roles
  • You may also redirect IAM requests to an authorized party within your organization

Linking your AWS account

Prior to linking your AWS account, you must first create an AWS account, following the instructions outlined in Amazon’s official AWS documentation. Once your account is created, or if you already have an account, be sure that your account has administrative privileges.

If your account is active and has the right level of privileges, follow the steps below to integrate your account and network:

Non-AWS Admins

If you attempt to link an AWS account but don’t have administrator privileges, you will need to send a request to your account administrator for approval:

For a single network account

• Log into eero Insight
• Navigate to the Settings page in Insight for your eero network
• Select Have an AWS account? Link here.

• Enter your IAM account credentials to log into AWS:

• Approve the permissions request in AWS to allow eero to automatically create the IAM role:

• Verify that the IAM role has been created by checking the AWS account status in Insight: 

Site-to-Site VPN Configuration

Once you have successfully linked your AWS account, you can proceed to Transit Gateway configuration. Before proceeding, ensure that you have an existing transit gateway in your AWS environment. Follow the steps listed below once ready to proceed:

• Ensure an active Transit Gateway exists in your linked AWS account. If needed, use the AWS console to create a new Transit Gateway
• Navigate to the Site-to-Site VPN section in Insight and click Configure:

• Select Transit Gateway from the VPN configuration dropdown menu.

• Assign a subnet to the VPN:

• Complete all required fields, then select Connect to initiate the VPN setup:

Note: Initial VPN setup requires several minutes to complete. The application will automatically update upon a successful connection.

Cloud WAN Configuration

After you have successfully linked your AWS account, you can use Insight to configure Cloud WAN. In order to do so, first ensure that your AWS environment has an existing Cloud WAN global network and core network.

• Ensure that an active global network and core network exist in your linked AWS account. If needed, you can create one or both using the AWS console
• Navigate to the Site-to-Site VPN section in Insight:

• Select Cloud WAN from the VPN configuration dropdown menu. Complete all required fields with the data from your AWS global network and core network:

• Assign a subnet to the VPN:

• Make sure your VPN tag matches your Core Network Policy tag.
• Select Connect to initiate VPN setup:

Note: Initial VPN setup requires several minutes to complete. The application will automatically update upon a successful connection.

Advanced Configuration Options

In addition to the options listed above, there are additional, advanced configuration options that do not require additional setup via AWS:

Route Management

Configure source-based routing by assigning specific SSIDs. This will send traffic to the specified subnets directly through the VPN:

Implement split tunneling by defining CIDR blocks. Configured destinations split traffic from the VPN and sends it directly to the internet:

Routing Protocol

Routing Protocol is an optional method to enable BGP routing, which provides an alternative to static routing configuration:

Important Note: All configurations should align with your organization's security policies and network architecture requirements.