Today, I wrote another IaaC (infrastructure as a code) for my needs. You can create a secure VPN connection (IPsec) between Amazon Web Services (AWS) and Google Cloud Platform (GCP).
What can this do?
Creating a Customer Gateway on AWS. Creating a Virtual Private Gateway on AWS. Creating a Site-to-Site VPN Connection on AWS. Creating a Security Group for VPN connection access on AWS. Creating an External IP address for VPN connection on GCP. Creating a Managing the firewall rule for VPN connection on GCP. Creating a Route rule on GCP.
Requirements
- Enable Compute Engine API if doesn’t enable.
- Create a Service account with Editor role (or whatever you want) and export the key file.
- Create Cloud Google Storage Bucket to keep the terraform state. If you want, you can add your service account as a member to the bucket OR Create S3 Bucket to keep the terraform state.
- Check your IAM Permissions on the AWS side.
Usage
- Clone the repositry
git clone [email protected]:flightlesstux/aws-to-gcp-vpn-w-terraform.git - Authenticate to Google Platform if even google-sdk is not installed. It’s really useful for CI/CD pipelines! If you already logged in to your Google Cloud Platform project like
gcloud auth login, you can skip this step.export GOOGLE_APPLICATION_CREDENTIALS="service-account-key.json" - Project ID is also declared via terraform but if you don’t export the value, you will probable get an error like below.
export GOOGLE_PROJECT="0123456789012"│ Error: project: required field is not set
│
│ with google_compute_instance_group_manager.this,
│ on group_manager.tf line 1, in resource "google_compute_instance_group_manager" "this":
│ 1: resource "google_compute_instance_group_manager" "this" { - Export your AWS Access Key ID and Secret Access Key to create a resource in your AWS Region.
AWS_ACCESS_KEY_ID=AKIA1SFAESADASFASR5D
AWS_SECRET_ACCESS_KEY=Aasdfiajfar1O9DFASDAA3rasdas02304adsq9re - Set your variables
Edit values for
variables.tf - State bucket settings
Set your terraform state bucket via
state.tffile. You can use AWS S3 or Google Cloud Storage. - Initialize
terraform init - Deploy!
terraform applyorterraform apply -auto-approve
Repository Address
https://github.com/flightlesstux/aws-to-gcp-vpn-w-terraform
I hope, you enjoyed with this article…