Connecting Azure Virtual Network and AWS VPC is now possible, with the announcement of the support of IKEv2 for AWS VPN connection. Previously if we want to connect to AWS we can’t do it natively using Azure or AWS services (S2S VPN). We need to use 3rd party router inside the AWS VPC to configure the S2S connection.
Azure Virtual Network
Azure Virtual Network is a service that available for customers to use for creating network infrastructure inside the Azure. Customers can use Azure Virtual Network to mimic the same on-premises network environment needed for the application. Its private network that are isolated form other resources.
Azure Virtual Network (VNet) is the fundamental building block for your private network in Azure. VNet enables many types of Azure resources, such as Azure Virtual Machines (VM), to securely communicate with each other, the internet, and on-premises networks. VNet is similar to a traditional network that you’d operate in your own data center, but brings with it additional benefits of Azure’s infrastructure such as scale, availability, and isolation.
Azure Virtual Network Documentation
AWS Virtual Private Cloud
Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. You can use both IPv4 and IPv6 in your VPC for secure and easy access to resources and applications.
AWS Virtual Private Cloud Documentation
Site to Site Connection
Site-to-site VPN allows to connect multiple fixed locations to establish secure connections with each other over a public network such as the internet. Site-to-site VPN extends the company’s network, making computer resources from one location available to employees at other locations.
Configuring S2S Connectivity between Azure Virtual Network & AWS VPC
Prerequisites
Create Azure Virtual Network
First we need to create an Azure virtual Network to connect with AWS. We can create virtual network from Azure portal, PowerShell, Azure CLI or ARM Template. In this demo I’ll walkthrough creating from portal
After virtual network is provisioned we need to create a GatewaySubnet inside the virtual network.
Create Azure Virtual Network Gateway
A virtual network gateway is composed of two or more virtual machines that are deployed to a specific subnet you create, which is called the gateway subnet. The VMs that are located in the gateway subnet are created when you create the virtual network gateway. Virtual network gateway VMs are configured to contain routing tables and gateway services specific to the gateway. You can’t directly configure the VMs that are part of the virtual network gateway and you should never deploy additional resources to the gateway subnet.
What is a virtual network gateway
Create AWS VPC
Until the Azure Virtual Network Gateway is provisioning we can create the resources in AWS. To create a gateway in Azure it will take more than 20 min. As the first stem on AWS, we need to create AWS VPC as below
Create Internet Gateway
Attached the Internet Gateway to VPC
Create Subnet
Add the Route Table to give public access to subnet
Create the Customer Gateway
Customer Gateway in AWS is equal to the on-prem edge router. We need to get the public IP of the Azure Virtual Network Gateway and create a customer gateway as below
Create Virtual Private Gateway
After we create the customer gateway we can create the virtual private gateway its the AWS VPN endpoint created for communicate with Azure.
Next we need to attach the GW to the VPC
Setup VPN Connection
After we configure the Customer Gateway and Virtual Private Gateway we can initiate the connection to Azure.
In above we need to give below parameters
- Virtual Private Gateway
- Customer Gateway
- Routing Option
In the Routing policy select static and provide the IP address space of the Azure virtual network, you wish to allow from AWS VPC. In this option you can provide the full address space or address space of a specific subnet.
After the connection is created select the connection and download the connection configurations. When you download the configuration it will prompt you to select the vendors, select generic and download the config file.
You may notice that in the config file we have configurations for two VPN tunnels. Make note of the Pre Shared Key and the public IP of the tunnel (In this demo I was select only one but for production configure both)
Configure the Local Network Gateway
Next we need to configure the Local Network Gateway of the Azure. In their we should provide the public IP of the tunnel (in this demo tunnel 1). Apart from it we need to provide the IP address space we allowing Azure to access from AWS VPC.
Next we have to initiate the Connection to AWS from Azure virtual Network as bellow
Under the configuration of the connection we need to provide the Azure Virtual Network Gateway, Azure Local Network Gateway & Pre Shared Key we noted from AWS config file.
To work the communication we need to add a route to the AWS route table to point it to Virtual Private Gateway.
We can deploy one VM from Azure and EC2 from AWS to the relevant network and ping each other as below
