Seamless Cloud Networking: Connecting AWS and GCP Gateways via Command Line

Introduction to Cross-Cloud Connectivity

In today’s multi-cloud environments, seamless interoperability between cloud platforms is crucial for businesses to maintain flexibility and optimize resources. Connecting AWS and Google Cloud Platform (GCP) through a site-to-site VPN enhances your infrastructure’s resilience and allows you to utilize each cloud provider’s unique strengths. This guide walks you through establishing a VPN connection between AWS and GCP using command-line tools, ensuring a secure and efficient cross-cloud network.

Setting Up AWS VPN Gateway

To establish a VPN connection, the first step is to set up a Virtual Private Gateway (VGW) in AWS. The VGW acts as the VPN termination point on the AWS side.

Create a Virtual Private Gateway (VGW):
aws ec2 create-vpn-gateway –type ipsec.1 –tag-specifications ‘ResourceType=vpn-gateway,Tags=[{Key=Name,Value=MyVGW}]’
Attach the VGW to Your VPC:
aws ec2 attach-vpn-gateway –vpn-gateway-id vgw-<id> –vpc-id vpc-<id>
Create a Customer Gateway (CGW):
aws ec2 create-customer-gateway –type ipsec.1 –public-ip <GCP-external-ip> –bgp-asn <your-asn> –tag-specifications ‘ResourceType=customer-gateway,Tags=[{Key=Name,Value=MyCGW}]’
Create the VPN Connection:
aws ec2 create-vpn-connection –vpn-gateway-id vgw-<id> –customer-gateway-id cgw-<id> –type ipsec.1

Creating GCP Routers and VPN Gateways

On the GCP side, you need to set up a Cloud Router and VPN gateway to handle the incoming connection from AWS.

Create a Cloud Router:
gcloud compute routers create my-router –network my-network –region us-central1
Create a VPN Gateway:
gcloud compute vpn-gateways create my-gcp-vpn-gateway –network my-network –region us-central1
Create a VPN Tunnel:
gcloud compute vpn-tunnels create my-tunnel –peer-address=<AWS-VPN-Gateway-IP> –region=us-central1 –ike-version=2 –shared-secret=my-shared-secret –router=my-router

Configuring AWS Side for Site-to-Site VPN

With the VPN gateways created, configure the AWS side to establish the tunnel and enable BGP (Border Gateway Protocol) for dynamic routing.

Download the Configuration File:
aws ec2 describe-vpn-connections –vpn-connection-ids vpn-<id> –query “VpnConnections[0].CustomerGatewayConfiguration” –output text > vpn-config.xml
Modify the Routing Tables: Ensure the correct routes are propagated to your subnets:
aws ec2 create-route –route-table-id rtb-<id> –destination-cidr-block 10.0.0.0/8 –gateway-id vgw-<id>

Setting Up GCP Side for VPN Connection

On GCP, finalize the configuration by establishing the BGP sessions and ensuring the routes are correctly propagated.

Create BGP Sessions:
gcloud compute routers add-bgp-peer my-router –peer-name my-bgp-peer –peer-asn <aws-asn> –peer-ip-address <AWS-VPN-Gateway-IP> –advertised-route-priority 100 –region us-central1
Ensure Routes Are Propagated:
gcloud compute routes create aws-to-gcp –destination-range 192.168.1.0/24 –next-hop-vpn-tunnel my-tunnel –network my-network –next-hop-vpn-tunnel-region us-central1

Finalizing the Connection Setup

After configuring both sides, verify the VPN connection’s status and confirm that traffic can flow between AWS and GCP without issues.

Check VPN Tunnel Status in AWS:
aws ec2 describe-vpn-connections –vpn-connection-ids vpn-<id>
Check VPN Tunnel Status in GCP:
gcloud compute vpn-tunnels describe my-tunnel –region us-central1
Test the Connection: You can now test the connection by pinging instances across the clouds or checking if resources are reachable across the VPN.

Conclusion: Bridging AWS and GCP Networks

Establishing a site-to-site VPN between AWS and GCP is a powerful way to ensure your multi-cloud infrastructure is interconnected and resilient. By following this guide, you can leverage the strengths of both AWS and GCP, creating a seamless, secure, and efficient network that meets your business needs.