As we all know AWS and Azure are the two Cloud providers and there can be possibilities that one of our services is running on one cloud provider and the other is running on another cloud provider and, both are dependent on each other.
Through this blog, I will guide you on the steps which will be needed for connecting AWS with Azure and also will be explaining all the components of both the cloud provider that will be required for creating the site-to-site VPN Connectivity.
Why are we trying to connect both?
In one of my projects, I met with a requirement where I was working on an application that follows a client-server architecture. There were servers connected to multiple clients. Initially, the Server was placed into AWS and the connected clients were also there, but after a couple of years our requirements got changed and a new business unit came into the picture with its own clients that were needed to be connected with the server present in the AWS cloud.
Now, these new clients were present on Azure but the server was on AWS. Migration of server was not an option for us because our customer was not ready to migrate those clients from Azure to AWS, so this was a completely new use case, to which we decided to connect both the cloud providers with each other by setting up IPSec VPN tunnel.
Prerequisites for Implementing the Use Case
- On AWS Side
- One VPC with one Private and Public Subnet.
- One Internet Gateway
- One Public and Private Route Table
- One Public and Private Security Group
- One Public and Private EC2 Instance
- On Azure Side
- One Resource Group
- One Vnet With One Private Subnet
- Gateway Subnet
- Public IP
- Virtual Network Gateway
- Local Network Gateway
- One VM
Our typical architecture for this use case looks as below:
Generally, we create a site-to-site VPN for connecting the cloud network with the on-premise network. But for this kind of use case, we need to create a site-to-site VPN between two cloud providers.
Let me explain what we are going to do, and how we are going to implement a site-to-site VPN.
You need to follow the below steps to create a site-to-site VPN.
Step1: We will firstly start with creating a VPC at the AWS side in which we will create two subnets a public subnet and a private subnet.
In the process of filtering the traffic at the subnet level, you will need to create two NACL(Network Access Control List) and associate one with the private subnet, and another with the public subnet. Also do not forget to create two EC2, one private and one public instance. We will use the public EC2 as a bastion server to access the private EC2 instance.
Step 2: After creating the above component, please do not forget to create the routing rules since you also need to access your public EC2 instance from your local system, so for that, we will use the internet gateway which will help us to communicate with the public EC2 from our local computer.
Step3: Let’s move further and create a customer gateway, but it will be asking for an IP, and getting the Public IP of Virtual Network Gateway of Azure we need to jump into the azure and set up a Virtual Network Gateway from where we will be getting an option to generate a public IP.
Step4: Now we have the Public IP of Azure Virtual Network Gateway, let’s create the Customer Gateway at the AWS Side.
Step5: After creating the customer gateway you need to also create the Virtual Network Gateway at the AWS side and attach the same with the VPC.
Step6: After Creating the Virtual Network Gateway at the AWS end, let’s create a site-to-site connection and download the generic configuration, the values of this configuration file will be needed to configure the Local Network Gateway and connection at the Azure end.
Step7: Now let’s jump into the azure end create a Private VM in the same Virtual network in which the Virtual network gateway is configured.
Finally, we have configured everything that is needed to set up a site-to-site VPN between AWS and Azure so let’s jump into the private EC2 instance and ping the Private VM of Azure or you can also ping the private EC2 from the Azure VM.
In this blog, we have learned about the prerequisites for creating the Site to Site VPN between AWS and Azure. Also, we have discussed the overview of connecting both Azure and AWS.
In the next blog, we will discuss the detailed steps required for creating the IPSec VPN tunnel between AWS and Azure till then please stay tuned and take care…Cheers!!!!!
Opstree is an End to End DevOps solution provider