You can create a secure VPN connection (ipsec) between Amazon Web Services (AWS) and Google Cloud Platform (GCP) with this project.
Creating a Customer Gateway on AWS. Creating a Virtual Private Gateway on AWS. Creating a Site-to-Site VPN Connection on AWS. Creating a Security Group for VPN connection access on AWS. Creating an External IP address for VPN connection on GCP. Creating a Managing the firewall rule for VPN connection on GCP. Creating a Route rule on GCP.
- Enable Compute Engine API if doesn't enable.
- Create a Service account with
Editor
role (or whatever you want) and export the key file. - Create Cloud Google Storage Bucket to keep the terraform state. If you want, you can add your service account as a member to bucket OR Create S3 Bucket for to the terraform state.
- Check your IAM Permissions on AWS side.
-
Step 1:
Clone this repository. -
Step 2:
export GOOGLE_APPLICATION_CREDENTIALS="service-account-key.json"
Authenticate to Google Platform if even google-sdk is not installed. It's really useful for CI/CD pipelines! If you already logged in to your Google Cloud Platform project likegcloud auth login
, you can skip this step. -
Step 3:
export GOOGLE_PROJECT="0123456789012"
Project ID is also declared via terraform but if you don't export the value, you will probable get an error like below.
│ Error: project: required field is not set
│
│ with google_compute_instance_group_manager.this,
│ on group_manager.tf line 1, in resource "google_compute_instance_group_manager" "this":
│ 1: resource "google_compute_instance_group_manager" "this" {
-
Step 4:
AWS_ACCESS_KEY_ID=AKIA1SFAESADASFASR5D
AWS_SECRET_ACCESS_KEY=Aasdfiajfar1O9DFASDAA3rasdas02304adsq9re
Export your AWS Access Key ID and Secret Access Key for create a resource in your AWS Region. -
Step 5:
Edit values forvariables.tf
-
Step 6:
Set your terraform state bucket viastate.tf
file. You can use AWS S3 or Google Cloud Storage. -
Step 7:
terraform init
-
Step 8:
terraform apply
orterraform apply -auto-approve
Name | Version |
---|---|
terraform | ~> 0.15 |
aws | 3.38.0 |
3.66.1 |
Name | Version |
---|---|
aws | 3.38.0 |
3.66.1 |
No modules.
Name | Type |
---|---|
aws_customer_gateway.this | resource |
aws_security_group.this | resource |
aws_vpn_connection.this | resource |
aws_vpn_connection_route.this | resource |
aws_vpn_gateway.this | resource |
aws_vpn_gateway_route_propagation.this | resource |
google_compute_address.this | resource |
google_compute_firewall.this | resource |
google_compute_forwarding_rule.esp | resource |
google_compute_forwarding_rule.udp4500 | resource |
google_compute_forwarding_rule.udp500 | resource |
google_compute_route.this | resource |
google_compute_vpn_gateway.this | resource |
google_compute_vpn_tunnel.tunnel1 | resource |
google_compute_vpn_tunnel.tunnel2 | resource |
aws_customer_gateway.this | data source |
aws_route_table.this | data source |
aws_vpc.this | data source |
google_compute_address.this | data source |
google_compute_network.network | data source |
google_compute_subnetwork.cidr | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
name | AWS to GCP Connection Name | string |
"aws-to-gcp-vpn" |
yes |
aws_region | AWS Region | string |
"eu-central-1" |
yes |
aws_vpc_id | AWS VPC ID | string |
"vpc-123a5b57" |
yes |
gcp_network | GCP Network Name | string |
"my-network" |
yes |
gcp_subnet | GCP Network Subnet Name | string |
"private-network" |
yes |
gcp_project | GCP Project ID | string |
"0123456789012" |
yes |
gcp_project_name | GCP Project Name | string |
"hello-baby" |
yes |
gcp_region | GCP Region | string |
"europe-west1" |
yes |
gcp_zone | GCP Zone | string |
"europe-west1-b" |
yes |
No outputs.