Setup Secure Cloud VPN between AWS and GCP Cloud
We are living in the world where many times our infrastructure requirements can not be fulfilled by single cloud or Sometime we have to work for the migration in between these cloud platform or Sometime just for connecting these cloud for accessing some resources of third party vendors. To make secure communication between them is to connect with VPN (Virtual Private Network)
In this article we will setup VPN connection with 2 tunnels between GCP and AWS step by step.
Assumptions: I am assuming that you understand the terms in google cloud platform and amazon web services. I have used those terms to describe things. If you want me to explain them as well please let me know in the comment section.
Step 1[GCP]: Reserve a static IP in GCP
Step 2[AWS]: Create a Virtual Private Gateway in your AWS Account.
Step 3[AWS]: Attach the VPN Gateway to the the VPC you want to create vpn connection with in AWS.
Step 4[AWS]: Create a customer gateway in AWS Account
Step 5[AWS]: Create a site to site VPN Connection in AWS. Select the Virtual Private Gateway which was created earlier. Keep Pre Shared key for Tunnel-1 and Tunnel-2 a bit strong, I kept it easy so that it is easy to remember. These Pre shared key will be used while authorising the VPN connection from GCP.
Step 6[GCP]: Create a Cloud Router in GCP account with the vpc with which you want to create vpn connection with.
Step 7[GCP]: Create a classic VPN. Since we will use our static IP and will create 2 tunnels in this for high availability.
Step 8[GCP]: Create Peer VPN Gateway in GCP. Choose the 2 interface as shown and the Interface 0 and 1 IP address will be the outside IP Address of VPN tunnels — tunnel 1 and tunnel 2 respectively of AWS.
Step 9[GCP]: Now it’s finally the time for creating the VPN tunnels in GCP.
Click on pencil icon of BGP session.
Peer ASN will be the ASN from virtual private gateway’s from AWS account.
Tunnel-1 IPv4 169.254.176.64 then BGP peer IP will be 169.254.176.65(last block plus +1 ) and Cloud Router BGP IP will be 169.254.176.66 (last block plus + 2)
Then finally we are good to click on create the VPN tunnel.
Click on create and then VPN will be created.
Step 10[GCP]: It is time for tunnel 2, which will be almost same like the tunnel 1 only except it will use the tunnel-2’s Inside IPv4 CIDR address range for setting up BGP session.
Click on pencil icon of BGP session.
Peer ASN will be the ASN from virtual private gateway’s from AWS account.
Tunnel-1 IPv4 169.254.13.104 then BGP peer IP will be 169.254.13.105(last block plus +1 ) and Cloud Router BGP IP will be 169.254.13.106 (last block plus + 2)
Click on create for tunnel 2.
Step 11[GCP]: Check if both the tunnels’ connections are being established.
Step 12[AWS]: Both the Tunnels in AWS should be up as well.
Step 13[AWS & GCP]: Last but not the least, adding the entry for the IP address range of GCP subnets in AWS’ Route table of the subnets with which you want to make the VPN connection.
Set CIDR as Destination and virtual gateway of your AWS account which we created for this VPN connection as Target. 🎉 🌋 💛
Step 14: Now the only thing which is remaining is to test this. It can be done by creating 2 private instances and try to ping or telnet on port which is allowed in the security group for the CIDR range of private IP of GCP account.
I have tried my best to keep the steps simple and understandable. Still if there is something which is difficult to understand then please let me know, I will try to simplify.
If you like this, please give clap/s for me, it really motivates me to write more useful things.
If you have anything in your mind and want me to write about that then also you can suggest me. My LinkedIn profile in the bio, you can connect with me from there.
Thank you very much for reading this.
Happy Learning !!! 🙂 📚
#gcp #aws #vpn site to site vpn customer gateway secure connection
