# AWS transit gateway <> GCP HA VPN
###### tags: `AWS` `GCP`
### Diagram achieve at the end of the day.
*Hybird cloud architecture which allows to expand one or mutiple regions in AWS using [transit gateway](https://docs.aws.amazon.com/whitepapers/latest/aws-vpc-connectivity-options/aws-transit-gateway.html). This would also apply in GCP using [Network Connectivity Center](https://cloud.google.com/network-connectivity/docs/network-connectivity-center#docs), since my current job is more AWS oriented, so I will skip the part using Network Connectivity Center.*
*Note
For AWS I suggest using cli, which I personaly think is faster.
GCP console provide quickstart guide for HA VPN tunnel. Which cli will take more steps and complex, so simply followalone using console.
### 1. [GCP Cloud router](https://cloud.google.com/network-connectivity/docs/vpn/how-to/creating-ha-vpn#create_a)
```
gcloud compute routers create ROUTER_NAME \
--network=NETWORK \
--region=REGION \
--asn=GCP_ASN
```
ASN must be private between 64512 – 65534.
### 2. [GCP VPN gateway](https://cloud.google.com/network-connectivity/docs/vpn/how-to/creating-ha-vpn#create_an_gateway)
From step two forward, GCP will guide through using console.
### 3. [AWS Customer gateways](https://docs.aws.amazon.com/cli/latest/reference/ec2/create-customer-gateway.html)
Create two with 2 GCP_VPN_GW_IP output from previous step, with GCP_ASN.
```
aws ec2 create-customer-gateway \
--type ipsec.1 \
--public-ip GCP_VPN_GW_IP \
--bgp-asn GCP_ASN
```
Output customer gateway id.
```
{
"CustomerGateway": {
"CustomerGatewayId": **take_note**,
"IpAddress": GCP_VPN_GW_IP,
"State": "available",
"Type": "ipsec.1",
"BgpAsn": GCP_ASN
}
}
```
### 4. [AWS Transit gateway](https://docs.aws.amazon.com/cli/latest/reference/ec2/create-transit-gateway.html)
Private AWS_ASN different from GCP_ASN
```
aws ec2 create-transit-gateway \
--options AmazonSideAsn=AWS_ASN,AutoAcceptSharedAttachments=enable,DefaultRouteTableAssociation=enable,DefaultRouteTablePropagation=enable,VpnEcmpSupport=enable,DnsSupport=enable
```
Output transit gateway id.
```
{
"TransitGateway": {
"TransitGatewayId": **take_note**,
"TransitGatewayArn": "",
"State": "pending",
"OwnerId": "",
"Description": "",
"CreationTime": "",
"Options": {}
}
}
```
### 5. [AWS VPN connection](https://docs.aws.amazon.com/cli/latest/reference/ec2/create-vpn-connection.html)
Create 2 vpn connections.
Input two ids created in previous steps, TunnelInsideCidr, PreSharedKey.
```
aws ec2 create-vpn-connection \
--type ipsec.1 \
--customer-gateway-id CustomerGatewayId \
--transit-gateway-id TransitGatewayId \
--options TunnelOptions='[{TunnelInsideCidr=TunnelInsideCidr,PreSharedKey=PreSharedKey},{TunnelInsideCidr=TunnelInsideCidr,PreSharedKey=PreSharedKey}]'
```
Output outside IP addresses.
```
{
"VpnConnection": {
"CustomerGatewayConfiguration": "..configuration information...",
"CustomerGatewayId": "",
"Category": "VPN",
"State": "pending",
"VpnConnectionId": "",
"VpnGatewayId": "",
"Options": {
"EnableAcceleration": false,
"StaticRoutesOnly": false,
"LocalIpv4NetworkCidr": "0.0.0.0/0",
"RemoteIpv4NetworkCidr": "0.0.0.0/0",
"TunnelInsideIpVersion": "ipv4",
"TunnelOptions": [
{
"OutsideIpAddress": **take_note**,
"TunnelInsideCidr": "",
"PreSharedKey": ""
},
{
"OutsideIpAddress": **take_note**,
"TunnelInsideCidr": "",
"PreSharedKey": ""
}
]
},
"Routes": [],
"Tags": []
}
}
```
### 6. [GCP VPN tunnels](https://cloud.google.com/network-connectivity/docs/vpn/how-to/creating-ha-vpn#create_vpn_tunnels)
Take note of this two interfaces ips.
Create 4 tunnels with different tunnel name.
Chose cloud router created first step.
Enter keys seperate for all 4 tunnels accroding to the peer ip.
### 7. [GCP Configure BGP sessions](https://cloud.google.com/network-connectivity/docs/vpn/how-to/creating-ha-vpn#create_bgp_sessions)
Peer ip of AWS(first ip of /30 cidr).
**VPN connection between AWS & GCP were done, now you can simply attach VPC to the transit gateway using Transit gateway attachments, than add route to the VPC route table.**
Sign in with Wallet
Connect another wallet