Connect your AWS to GCP with Terraform via IPSec Site-to-Site VPN
Published in
2 min readMay 5, 2021
Today, I wrote another IaaC (infrastructure as a code) for my needs. You can create a secure VPN connection (IPsec) between Amazon Web Services (AWS) and Google Cloud Platform (GCP).
What can this do?
Creating a Customer Gateway on AWS. Creating a Virtual Private Gateway on AWS. Creating a Site-to-Site VPN Connection on AWS. Creating a Security Group for VPN connection access on AWS. Creating an External IP address for VPN connection on GCP. Creating a Managing the firewall rule for VPN connection on GCP. Creating a Route rule on GCP.
Requirements
- Enable Compute Engine API if doesn’t enable.
- Create a Service account with
Editorrole (or whatever you want) and export the key file. - Create Cloud Google Storage Bucket to keep the terraform state. If you want, you can add your service account as a member to bucket OR Create S3 Bucket for to the terraform state.
- Check your IAM Permissions on AWS side.
Usage
- Step 1:
Clone the repository. - Step 2:
export GOOGLE_APPLICATION_CREDENTIALS="service-account-key.json"
Authenticate to Google Platform if even google-sdk is not installed. It's really useful for CI/CD pipelines! If you already logged in to your Google Cloud Platform project likegcloud auth login, you can skip this step. - Step 3:
export GOOGLE_PROJECT="0123456789012"
Project ID is also declared via terraform but if you don't export the value, you will probable get an error like below.
│ Error: project: required field is not set
│
│ with google_compute_instance_group_manager.this,
│ on group_manager.tf line 1, in resource "google_compute_instance_group_manager" "this":
│ 1: resource "google_compute_instance_group_manager" "this" {- Step 4:
AWS_ACCESS_KEY_ID=AKIA1SFAESADASFASR5D
AWS_SECRET_ACCESS_KEY=Aasdfiajfar1O9DFASDAA3rasdas02304adsq9re
Export your AWS Access Key ID and Secret Access Key for create a resource in your AWS Region. - Step 5:
Edit values forvariables.tf - Step 6:
Set your terraform state bucket viastate.tffile. You can use AWS S3 or Google Cloud Storage. - Step 7:
terraform init - Step 8:
terraform applyorterraform apply -auto-approve
Repository Address
https://github.com/flightlesstux/aws-to-gcp-vpn-w-terraform
I hope, you enjoyed with this article…
