Today, I wrote another IaaC (infrastructure as a code) for my needs. You can create a secure VPN connection (IPsec) between Amazon Web Services (AWS) and Google Cloud Platform (GCP).

What can this do?

Creating a Customer Gateway on AWS. Creating a Virtual Private Gateway on AWS. Creating a Site-to-Site VPN Connection on AWS. Creating a Security Group for VPN connection access on AWS. Creating an External IP address for VPN connection on GCP. Creating a Managing the firewall rule for VPN connection on GCP. Creating a Route rule on GCP.

Requirements

Enable Compute Engine API if doesn’t enable.
Create a Service account with Editor role (or whatever you want) and export the key file.
Create Cloud Google Storage Bucket to keep the terraform state. If you want, you can add your service account as a member to the bucket OR Create S3 Bucket to keep the terraform state.
Check your IAM Permissions on the AWS side.

Usage

Clone the repositry
git clone [email protected]:flightlesstux/aws-to-gcp-vpn-w-terraform.git
Authenticate to Google Platform if even google-sdk is not installed. It’s really useful for CI/CD pipelines! If you already logged in to your Google Cloud Platform project like gcloud auth login, you can skip this step.
export GOOGLE_APPLICATION_CREDENTIALS="service-account-key.json"
Project ID is also declared via terraform but if you don’t export the value, you will probable get an error like below.
export GOOGLE_PROJECT="0123456789012"

│ Error: project: required field is not set │ │ with google_compute_instance_group_manager.this, │ on group_manager.tf line 1, in resource "google_compute_instance_group_manager" "this": │ 1: resource "google_compute_instance_group_manager" "this" {
Export your AWS Access Key ID and Secret Access Key to create a resource in your AWS Region.
AWS_ACCESS_KEY_ID=AKIA1SFAESADASFASR5D AWS_SECRET_ACCESS_KEY=Aasdfiajfar1O9DFASDAA3rasdas02304adsq9re
Set your variables
Edit values for variables.tf
State bucket settings
Set your terraform state bucket via state.tf file. You can use AWS S3 or Google Cloud Storage.
Initialize
terraform init
Deploy!
terraform apply or terraform apply -auto-approve

Repository Address

https://github.com/flightlesstux/aws-to-gcp-vpn-w-terraform

I hope, you enjoyed with this article…

Share on Social Media

AWS GCP amazon web services aws gcp google cloud platform ipsec security vpn vpn tunnel