Search
StarWind is a hyperconverged (HCI) vendor with focus on Enterprise ROBO, SMB & Edge

Creating VPN between Azure and AWS

  • December 8, 2022
  • 7 min read
IT Production Manager. Nicolas is primarily focused on Microsoft technologies, he is a Microsoft MVP in Cloud and Datacenter Management.
IT Production Manager. Nicolas is primarily focused on Microsoft technologies, he is a Microsoft MVP in Cloud and Datacenter Management.

More and more companies deploy multicloud architectures to address their business needs which means that data are distributed across multiple cloud providers. The use of multiple clouds for businesses is growing in popularity but as a sysadmin you must be able to manage the whole perimeter. One of the first thing you should be able to do is to link cloud environments to allow resources to communicate all together.

There are many cloud providers, but Azure, AWS and GCP are the most popular. In this article, I will explain how to link Azure and AWS using a Virtual Private Network (VPN) which will create a single cloud environment. In a concern of high availability, I will create two VPN tunnels (master/backup).

Getting Started

Fist, go to the Azure Portal. Assuming I already created a resources group named “Azure-AWS” + a Virtual Network named “Azure-AWS” in the search bar, enter Virtual Network Gateway to create your VNG named “Azure-AWS” with a subnet 10.1.1.0/24.

In this wizard, I also create a public IP address, this IP address will be set in the AWS VPN configuration later.

IP address

Wait a few seconds until the VNG is created. In the mean time, I switch to the AWS portal, enter VPC in the search bar to create the Amazon Virtual Private Cloud (VPC)

VPC

Select VPC only, enter the VPC name and the IPv4 CIDR you prefer.

VPC name

Wait few seconds and the VPC is created. Click Subnets and Create subnet

Click Subnets and Create subnet

You should see your VPC in the drop down list, then enter a subnet name with the IPv4 CIDR

Subnet name with the IPv4 CIDR

Click create and then provision the Customer Gateway which corresponds to the Azure Gateway.

Customer Gateways

Enter the Customer Gateway name and the public IP address of your Azure VNG

Enter the Customer Gateway name

Validate the wizard, then go to Virtual Private Gateways

Virtual Private Gateways

Enter the name of your AWS Virtual Private Gateway

Enter the name of your AWS Virtual Private Gateway

Once the VPG is created, click Attach to VPC to attach the VPG to your VPC

Attach to VPC

You should see your VPC in the drop down list, click Attach to VPC

Click Attach to VPC

Now, go to Site-to-Site VPN Connections and click Create VPN connection

Site-to-Site VPN Connections

Enter a friendly name for this VPN Connection, select the VPG and the Customer Gateway. Don’t forget to add the IP prefix of your Azure network

Create VPN connection

Everything is OK from AWS side. You must retrieve the VPN S2S configuration, click Download configuration to download the TXT file.

Download configuration

Azure is not listed in the vendor list, so select Generic

Select Generic

At this step, you must check the connection status, it must be Available

Connection status

Switch back to Azure portal and create a Local Network Gateway (LNG). Enter the name of the LNG and the AWS public IP Address that you get in the TXT file

Create a Local Network Gateway

Add the AWS network address space and confirm the wizard to create the LNG

Add the AWS network address space

We must connect the LNG with the VNG, go to the Virtual Network Gateway section, click Connections tab and click Add

Virtual Network Gateway section

Enter a connection name, the connection type and the VNG+LNG. Select the IKE protocol you select in the AWS configuration.

Enter a connection name

Validate the wizard and wait a few seconds. You should see the connection status switching to Connected.

The connection status switching to Connected

Switch back to AWS portal in the VPN section, few seconds later you should see the status switching to Up as well.

Switch back to AWS portal in the VPN section

You can see two tunnels are created by default, we will configure the second one now. Create a new Local Network Gateway dedicated to the second tunnel. I called it AWS-Backup

Create a new Local Network Gateway dedicated to the second tunnel

You now have two Azure LNG and 2 AWS tunnels

Two Azure LNG and 2 AWS tunnels

Edit the AWS route table to add the Azure network

Edit the AWS route table to add the Azure network

Edit the AWS route table to add the Azure network

At the end, you should see both tunnels UP & Running. You can now create EC2 / Virtual Machines to test the communication using the VPN S2S.

At the end, you should see both tunnels UP & Running

Hey! Found Nicolas’s insights useful? Looking for a cost-effective, high-performance, and easy-to-use hyperconverged platform?
Taras Shved
Taras Shved StarWind HCI Appliance Product Manager
Look no further! StarWind HCI Appliance (HCA) is a plug-and-play solution that combines compute, storage, networking, and virtualization software into a single easy-to-use hyperconverged platform. It's designed to significantly trim your IT costs and save valuable time. Interested in learning more? Book your StarWind HCA demo now to see it in action!