Building a Bridge: A Secure Azure-AWS Connection

Image created by DALL-E

In this era of cloud computing and GenAI advancements, securing communication between cloud platforms like AWS and Azure is paramount. This is especially true when dealing with one of the leading models, GPT. This article guides you through the process of creating a secure network bridge between these platforms — using a real-world scenario.

The Scenario and Goal

In our scenario, we have an OpenAI service on Azure, currently accessible to all. Our goal is to restrict access to a network we’re about to create. Let’s get started!

AWS to Azure connection

Step 1: Setting up Azure Networking

1. Starting in Azure, form a resource group.
2. Next, establish a virtual network and a subnet, setting our network addresses to 10.0.0.0/16 and the subnet to 10.0.0.0/24.
3. Secure the OpenAI service by disabling network access and adding a private endpoint to our network. This endpoint allows us to connect privately via a private link, and we enable private DNS integration for ease of access.
4. Our final task in Azure is to create a virtual network gateway, our bridge to AWS. This gateway, set up with specific settings, initiates VPN connections and manages traffic routing.

Note the private IP from our network interface for later use in AWS. Now we’ve created a Virtual Network in Azure, secured our OpenAI Service with a private endpoint, and set up a Virtual Network Gateway for secure connections. Azure is ready, and we’re set to explore AWS.

Azure networking diagram

Step 2: Setting up AWS VPC

1. In AWS, create a Virtual Private Cloud (VPC) with a subnet, using network addresses 10.10.0.0/16 and subnet 10.10.0.0/24.
2. Create a Customer Gateway to connect to Azure’s Virtual Network Gateway’s public IP.
3. Configure a Virtual Private Gateway and attach it to our VPC. This gateway connects our VPC to Azure via a VPN.
4. Establish a Site-to-Site VPN Connection, associate it with our gateways and add a static route to Azure’s subnet IP (10.0.0.0/24).
5. Finally, create a Hosted Zone in Amazon Route 53 with the domain openai.azure.com and add an A record with the OpenAI service name and its private IP.

Now we’ve created a VPC, set up gateways, established a VPN connection and added an “A” record in Route 53. AWS is ready and we have a secure connection between AWS and Azure.

AWS networking diagram

Step 3: Finalizing the AWS-Azure Connection

1. To finalize the connection, start in AWS by selecting the Amazon VPN connection and downloading the configurations.
2. Choose ‘Generic’ for both Vendor and Platform, ‘Vendor Agnostic’ for Software, and ‘ikev1’ for IKE version.
3. From the downloaded file, find the Pre-Shared Key for each tunnel and obtain the outside IP addresses from the ‘Tunnel details’ tab.
4. Return to Azure to create a local network gateway using the Tunnel 1 outside IP address and the address space 10.10.0.0/16.
5. Add a connection in the local network gateway with the following settings: Connection type as ‘Site-to-site (IPSec)’, the Virtual network gateway we created earlier, the local network gateway we just created, the Tunnel 1 key from the configuration file for the Shared key (PSK), ‘IKEv2’ for IKE Protocol and disable Azure Private IP Address and BGP.
6. Repeat this process with Tunnel 2 for better availability.
7. Finally, add a route for the Azure subnet in the route tables associated with the VPC in AWS. Use 10.0.0.0/24 for the Destination and choose the Virtual private gateway we created for the Target.

This completes the secure connection between AWS and Azure.

Step 4: Verifying the Connection

1. To verify the secure connection between AWS and Azure, check the VPN connection in AWS ‘Tunnel details’ for an ‘Up’ status.
2. In Azure, look for a ‘Connected’ status in the ‘Connections’ tab of the virtual network gateway.

A Unified Platform that Scales with Your Needs

Congratulations! You’ve successfully bridged AWS and Azure, enabling seamless communication between the two. The next step is to deploy a Lambda inside the VPC subnet to access the OpenAI model. This setup allows you to harness the power of both AWS and Azure, providing a robust and flexible cloud infrastructure with the cloud. So go ahead, start deploying and experience the benefits firsthand.