Amazon Linux 2 doesn't have WireGuard packaged yet, nevertheless, installing it is possible: the official install page lists this resource as location for Fedora ≤ 31 packages. Among additional repository sources that page lists "Epel for CentOS 7", this is the one working for Amazon Linux 2:
curl -L -o /etc/yum.repos.d/wireguard.repo https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/repo/epel-7/jdoss-wireguard-epel-7.repo yum install wireguard-dkms wireguard-tools
Save your configuration to
/etc/wireguard/wg0.conf (quickstart guide), make sure it's readable only by root user.
Enable automatic configuration for wg0 interface upon network availability:
systemctl enable email@example.com
Either reboot, or manually configure interface with
wg-quick up wg0.
Server can also be used to access other resources. It requires ip forwarding to do this:
sysctl net.ipv4.conf.all.forwarding=1 | tee -a /etc/sysctl.d/forwarding.conf
And a firewall rule to rewrite packet addresses when they leave the box:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
And to persist firewall rules:
yum install iptables-services iptables-save | tee /etc/sysconfig/iptables systemctl enable iptables