How to install WireGuard on Amazon Linux 2

Amazon Linux 2 doesn't have WireGuard packaged yet, nevertheless, installing it is possible: the official install page lists this resource as location for Fedora ≤ 31 packages. Among additional repository sources that page lists "Epel for CentOS 7", this is the one working for Amazon Linux 2:

curl -L -o /etc/yum.repos.d/wireguard.repo https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/repo/epel-7/jdoss-wireguard-epel-7.repo

yum install wireguard-dkms wireguard-tools

Save your configuration to /etc/wireguard/wg0.conf (quickstart guide), make sure it's readable only by root user.

Enable automatic configuration for wg0 interface upon network availability:

systemctl enable wg-quick@wg0.service

Either reboot, or manually configure interface with wg-quick up wg0.

Configuring forwarding

Server can also be used to access other resources. It requires ip forwarding to do this:

sysctl net.ipv4.conf.all.forwarding=1 | tee -a /etc/sysctl.d/forwarding.conf

And a firewall rule to rewrite packet addresses when they leave the box:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

And to persist firewall rules:

yum install iptables-services
iptables-save | tee /etc/sysconfig/iptables
systemctl enable iptables