This article for create highly available VPN connections between Amazon Web Services (AWS) and Google Cloud (GCP) for direct communication between VPC networks across the two cloud platforms.

This article assumes that you’re familiar with basic concepts of Virtual Private Cloud (VPC) networks, Border Gateway Protocol (BGP), virtual private networks (VPNs), and IPsec tunnels.

 

Architecture overview

The architecture described on this article includes the following components:

• Cloud Router: A fully distributed and managed Google Cloud service to provide dynamic routing using BGP for your VPC networks.
• HA VPN gateway: A Google-managed VPN gateway running on Google Cloud. Each HA VPN gateway is a regional resource that has two interfaces, each with its own external IP addresses: interface 0 and 1.
• VPN tunnels: Connections from the HA VPN gateway to the peer VPN gateway on AWS through which encrypted traffic passes.
• Peer VPN gateway: Two AWS site-to-site VPN endpoints, which can be from an AWS virtual private gateway or AWS transit gateway.

Routing options and combined bandwidth over the VPN tunnels vary based on the Site-to-Site VPN option used on the AWS side:

• Transit gateway: If you create the AWS transit gateway with no BGP preference, ECMP equally distributes traffic across active tunnels.
  To use the VPN connectivity across multiple Google Virtual Private Cloud networks, use a connectivity VPC network to scale a hub-and-spoke architecture with multiple VPC networks.
• Virtual private gateway: If you use an AWS virtual private gateway, only one tunnel across all connections on the gateway is selected. To use more than one tunnel, instead use an AWS transit gateway so that equal-cost multipath (ECMP) is available.
  For details about VPN route priority with AWS, see Site-to-Site VPN routing options.
  For more information about AWS virtual private gateways, see Tunnel options for your Site-to-Site VPN connection.

Architecture Diagram:

 

Objectives

• Create a VPC network on Google Cloud.
• Create an HA VPN gateway and Cloud Router on Google Cloud.
• Create customer gateways on AWS.
• Create a VPN connection with dynamic routing on AWS.
• Create an external VPN gateway and VPN tunnels on Google Cloud.
• Verify and test the VPN connection between VPC networks on Google Cloud and AWS.

Costs

This article uses billable components of Google Cloud, including the following:

• Cloud VPN
• Compute Engine

For an estimate of the costs for the Google Cloud components, use the Google Cloud pricing calculator.

This article uses billable components of Amazon Web Services, including the following:

• AWS Transit Gateway
• AWS Site-to-Site VPN

For an estimate of the costs for the AWS components, use the AWS pricing calculator.

Benefits

• Increased Resilience & Redundancy:
  If one provider experiences an outage, workloads can seamlessly failover to the other.
• Enhanced Uptime and Availability:
  Using independent infrastructures minimizes the risk of downtime, supporting strict SLAs.
• Robust Disaster Recovery:
  Multi-cloud HA provides a solid disaster recovery strategy by geographically and operationally diversifying resources.
• Avoidance of Vendor Lock-In:
  Deploying applications on both clouds offers the flexibility to optimize costs and performance without being tied to a single provider.
• Optimized Global Performance:
  Leverage the extensive global networks of both GCP and AWS to reduce latency and improve user experience.
• Regulatory Compliance & Data Sovereignty:
  - Meet industry and governmental regulations by distributing data across multiple geographic regions.
  - Ensure compliance with data residency and other regulatory requirements by utilizing compliant infrastructures in both clouds.
• Access to Best-of-Breed Cloud Services:
  - Tap into the unique, high-performance services offered by each provider — for example:
  — Serverless Computing: Use AWS Lambda alongside GCP Cloud Functions.
  — Database Services: Combine Amazon RDS or DynamoDB with GCP’s Cloud SQL or Firestore.
  — Data Analytics & Machine Learning: Leverage Google BigQuery and AWS’s suite of analytics tools to drive insights.
  - Optimize your architecture by choosing the service that best fits each workload’s specific requirements.

Use Cases

• Mission-Critical Applications:
  For sectors like finance, healthcare, and e-commerce where uptime and resilience are non-negotiable.
• Disaster Recovery Scenarios:
  Primary workloads run on one cloud with a backup on the other, ensuring business continuity during outages.
• Global Application Deployment:
  Deliver low-latency, high-performance experiences by serving a global customer base through the combined geographic reach of both providers.
• Regulation & Compliance-Driven Architectures:
  Ideal for industries with strict data residency and regulatory mandates, such as banking or government services, ensuring data is stored and processed in compliant regions.
• Load Balancing Across Clouds:
  Distribute traffic between GCP and AWS to optimize resource usage and mitigate localized issues.
• DevOps & Testing Environments:
  Experiment with failover scenarios, performance testing, and service integration in a controlled multi-cloud setup.

Technical Steps

https://medium.com/google-cloud/ha-between-aws-and-gcp-4e8125b694c7