Skip to content

sree7k7/aws-azure-bgp-vpn

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

32 Commits
.vscode
.vscode
 
 
modules
modules
 
 
pic
pic
 
 
.DS_Store
.DS_Store
 
 
.gitignore
.gitignore
 
 
.terraform.lock.hcl
.terraform.lock.hcl
 
 
README.md
README.md
 
 
dev.tf
dev.tf
 
 
providers.tf
providers.tf
 
 

Repository files navigation

AWS-Azure Active-Active BGP VPN Connection

This repository provides a streamlined guide and Infrastructure-as-Code (IaC) templates to implement a BGP-enabled Site-to-Site VPN connection between AWS and Azure.

It is based on the official Microsoft documentation, accelerated using widely adopted IaC tools:

Table of Contents

Purpose

To establish a redundant network connection between AWS and Azure using an Active-Active, BGP-enabled Azure VPN Gateway. This setup connects multiple AWS tunnels simultaneously to ensure high availability, avoiding the limitations of standard Active-Passive configurations.

AWS-Azure

Prerequisites

Deployment Steps

1. Deploy Azure Infrastructure

Execute scripts

Azure

  1. Clone this and deploy the code as it is (using terraform). Later, change the parameters (ip's).

  2. execute below cmds in terminal:

terraform init
terraform apply

Note: If initialization fails, run terraform init -upgrade before applying.

  1. Once deployed, note down the BGP ASN and public IPs of the VPN Gateway instances (Instance 0 and Instance 1).

Azure-vpn-gateway-active-active-mode

2. Deploy AWS Infrastructure

  1. Clone this repo and deploy (It will provision: two customer gateways (CGW's), VGW, two S2S connections, VPC, public/private subnets, EC2).

  2. In parameters.py file change the ip's. VPNGWinstance0_pip and VPNGWinstance1_pip. which you copied in above step 3 — (see pic).

# AWS VPC
regionName = "eu-west-1"
vpc_cidr = "10.3.0.0/16"
cidr_mask = 24
VPNconnetion1Tunnel1 = "169.254.21.0/30"
VPNconnetion1Tunnel2 = "169.254.22.0/30"

VPNconnetion2Tunnel1 = "169.254.21.4/30"
VPNconnetion2Tunnel2 = "169.254.22.4/30"      

# destination network
destinationCIDR = "10.2.0.0/16"
VPNGWinstance0_pip = "20.105.96.150"
VPNGWinstance1_pip = "20.105.96.15"
  1. Deploy the CDK stack:
python3 -m venv .venv
source .venv/bin/activate
pip install -r requirements.txt
cdk deploy

Configuration

  • In AWS Copy the both outside tunnel ip's.
    • In AWS management console. Navigate to Vpc → site-to-site connections → choose the tunnel.
  • Get the PSK for Tunnel-1 and Tunnel-2.
    • In AWS management console. Navigate to Vpc → site-to-site connections → choose the tunnel → click: Actions → Modify VPN tunnel options. ModifyVPNTunnel
  • Give/paste the AWS tunnel public-ip's and PSK secrets to Azure VPN connections. (doable manually or through code).
    • In dev.tf file modify the variables (received from aws): connection1_vpn_gateway_pip_tunnel1, connection1_vpn_gateway_pip_tunnel2, connection1_shared_key_tunnel1 and connection1_shared_key_tunnel2
  • Change the values for connection 2.
  • Execute: terraform apply

Verify the connections

  • Check the AWS tunnels are up for both connections.TunnelState
  • Check the Azure VPN gateway connections. AzureVPNGWconnections
  • Check the BGP peers status on Azure. AzureBGP-peers
  • Connect the azure VM using bastion host.
    • username: demousr
    • passowrd: Password@123
  • Reachout/ping the destination vm using private ip.

Clean up

  • In terminal execute the following command:
az group delete -g "aws-azure-bgp" --no-wait

About

aws - azure bgp enabled vpn connection

Topics

aws azure bgp

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages