After you configure your Google Cloud resources, configure your Amazon Web Services (AWS) resources.
Before you begin
Before starting, you must already have an AWS VPC. For more information, see Create a VPC.
Create a Direct Connect gateway
A Direct Connect gateway connects your AWS port to your AWS VPC.
AWS console
To create a Direct Connect gateway, complete the following steps:
Go to the Direct Connect gateway page.
Click Create Direct Connect gateway.
On the Create Direct Connect gateway page, enter the required information:
Enter a Name for the gateway.
Enter an Amazon-side ASN. This value must match the Peer ASN value that you used when you configured a Border Gateway Protocol (BGP) session in Google Cloud.
Click Create Direct Connect gateway.
AWS CLI
To create a Direct Connect gateway, use the
create-direct-connect-gateway
command.
For example:
aws directconnect create-direct-connect-gateway \ --direct-connect-gateway-name GATEWAY_NAME \ --amazon-side-asn AMAZON_ASN
Replace the following:
GATEWAY_NAME
: the name of the gatewayAMAZON_ASN
: the ASN that you're using to represent Amazon; this value must match thepeer-asn
value when you created the Border Gateway Protocol (BGP) session on the Cloud Router
Create a virtual private interface
Before you can begin using your Direct Connect gateway, you must create a private virtual interface for each of your LAGs. A private virtual interface lets you access an Amazon VPC by using private IP addresses.
The function of a private virtual interface is similar to the function of a Google Cloud VLAN attachment. However, one difference is that you configure a BGP peering session as part of the process of creating the interface, rather than doing it later.
AWS console
To create a private virtual interface, complete the following steps:
Go to the Virtual interfaces page.
Click Create virtual interface.
On the Create virtual interface page, enter the required information:
Leave Type set to Private.
Enter a Virtual interface name.
Select the appropriate Connection.
Set Virtual interface owner to the appropriate value.
Leave Gateway type set to Direct Connect Gateway -- Recommended.
Set Direct Connect gateway to the gateway that you just created.
In the Virtual Local Area Network (VLAN) field, enter the value that you used for VLAN ID when you created your VLAN attachments in Google Cloud.
Set BGP ASN to the value of the ASN used by your Google Cloud Router.
Expand Additional settings. In the form that is displayed, some values are labeled as optional, but they are required by Cross-Cloud Interconnect. Do the following:
Leave Address family - optional set to IPv4.
In the Your router peer ip - optional field, enter the address on your VLAN attachment that represents Google Cloud; that is, the Cloud Router BGP IP value.
In the Amazon router peer IP - optional field, enter the address on your VLAN attachment on your VLAN attachment AWS; that is, the BGP IP Peer value.
In the BGP authentication key - optional field, enter the same MD5 authentication key that you used when you configured a BGP peering session in Google Cloud.
Click Create virtual interface.
Repeat steps 1 through 4 for your second LAG.
AWS CLI
To create virtual interfaces, you use the
aws directconnect create-private-virtual-interface
command.
Complete the following steps:
Create the virtual interface for your first LAG:
aws directconnect create-private-virtual-interface \ --connection-id DXLAG_ID \ --region REGION \ --new-private-virtual-interface `echo '{ "virtualInterfaceName": "INTERFACE_NAME", "vlan": VLAN_ID, "asn": GOOGLE_SIDE_ASN, "authKey": "YOUR_KEY", "amazonAddress": "AMAZON_ADDRESS", "customerAddress": "GOOGLE_ADDRESS", "directConnectGatewayId": "GATEWAY_ID" }' | jq -r tostring`
Replace the following:
DXLAG_ID
: the ID of the LAG; if you don't have this value, retrieve it by using theaws directconnect describe-lags
commandREGION
: the region where the LAG is locatedINTERFACE_NAME
: a name for the new private virtual interfaceVLAN_ID
: the same ID that you used when creating your VLAN attachments in Google CloudGOOGLE_SIDE_ASN
: the Google Cloud Router ASNYOUR_KEY
: the same MD5 authentication key you used when you configured a BGP peering session in Google CloudAMAZON_ADDRESS
: the address that represents AWS on your VLAN attachment; that is, thecustomerRouterIpAddress
valueGOOGLE_CLOUD_ADDRESS
: the address that represents Google Cloud on your VLAN attachment; that is, thecloudRouterIpAddress
valueGATEWAY_ID
: the ID of your Direct Connect gateway
Create the virtual interface for your second LAG:
aws directconnect create-private-virtual-interface \ --connection-id DXLAG_ID_2 \ --region REGION_2 \ --new-private-virtual-interface `echo '{ "virtualInterfaceName": "INTERFACE_NAME_2", "vlan": VLAN_ID_2, "asn": GOOGLE_SIDE_ASN, "authKey": "YOUR_KEY", "amazonAddress": "AMAZON_ADDRESS_2", "customerAddress": "GOOGLE_ADDRESS_2", "directConnectGatewayId": "GATEWAY_ID" }' | jq -r tostring`
Replace the following:
DXLAG_ID_2
: the connection ID of your second LAG; if you don't have this value, retrieve it by using theaws directconnect describe-lags
commandREGION_2
: the region where the LAG is locatedINTERFACE_NAME_2
: a name for the new private virtual interfaceVLAN_ID_2
: the same ID that you used when creating your VLAN attachments in Google CloudGOOGLE_SIDE_ASN
: the Google Cloud Router ASNYOUR_KEY
: the same MD5 authentication key you used when you configured a BGP peering session in Google CloudAMAZON_ADDRESS_2
: the address that represents AWS on your VLAN attachment; that is, thecustomerRouterIpAddress
valueGOOGLE_ADDRESS_2
: the address that represents Google Cloud on your VLAN attachment; that is, thecloudRouterIpAddress
valueGATEWAY_ID
: the ID of your Direct Connect gateway
Create a virtual private gateway
A virtual private gateway provides access to an AWS VPC.
AWS console
To create a virtual private gateway, do the following:
Go to the Virtual private gateways page.
Click Create virtual private gateway.
On the Create virtual private gateway page, enter the required information:
Optional: enter a Name tag for the gateway.
For Autonomous System Number (ASN), select an ASN to represent AWS. Make sure you match the value that you entered for Peer ASN when you configured a BGP peering session in Google Cloud. Do one of the following:
- If you used
64512
, select Amazon default ASN. - If you used something else, select Custom ASN and enter the appropriate value.
- If you used
Click Create virtual private gateway.
AWS CLI
To create a virtual private gateway, use the
create-vpn-gateway
command.
For example:
aws directconnect create-vpn-gateway \ --type ipsec.1 \ --region REGION \ --amazon-side-asn ASN
Replace the following:
REGION
: the name of your regionAMAZON_ASN
: the ASN that you're using to represent Amazon; it must be the same value that you used when you created the BGP peer on the Google Cloud Cloud Router
Attach the virtual private gateway to your AWS VPC
For the virtual private gateway to work, you must attach it to your AWS VPC.
AWS console
To attach a private virtual interface to your AWS VPC, complete the following steps:
Go to the Virtual private gateways page.
Click the name of the virtual private gateway that you just created.
Click on the Actions menu, and select Attach to VPC.
On the Attach to VPC page, select the appropriate VPC.
Click Attach to VPC.
AWS CLI
To attach the gateway to your VPC, use the
aws ec2 create-private-virtual-interface
command.
For example:
aws ec2 attach-vpn-gateway \ --vpn-gateway-id VIRTUAL_PRIVATE_GATEWAY_ID \ --vpc-id VPC_ID \ --region REGION
Replace the following:
VIRTUAL_PRIVATE_GATEWAY_ID
: the ID of your virtual private gatewayVPC_ID
: the ID of your AWS VPCREGION
: the region where your virtual private gateway is located
Associate the virtual private gateway with the Direct Connect gateway
To connect your Direct Connect gateway to your AWS VPC, associate the virtual private gateway with the Direct Connect gateway.
AWS console
To attach a private virtual interface to your AWS VPC, complete the following steps:
Go to the Direct Connect gateway page.
Click the name of your gateway.
Click Gateway associations.
Click Associate gateway.
On the Associate gateway page, set Gateways to the name of your virtual private gateway.
Click Associate gateways.
AWS CLI
To associate your virtual private gateway to your Direct Connect, you use the
aws directconnect create-direct-connect-gateway-association
command. For example:
aws directconnect create-direct-connect-gateway-association \ --direct-connect-gateway-id GATEWAY_ID \ --virtual-gateway-id VIRTUAL_PRIVATE_GATEWAY_ID \ --region REGION
Replace the following:
GATEWAY_ID
: the ID of your Direct Connect gatewayVIRTUAL_PRIVATE_GATEWAY_ID
: the ID of your virtual private gatewayREGION
: the region where your Direct Connect gateway is located