This article provides step-by-step instructions on how to configure VPN Gateway on both ** Alibaba Cloud ** and Amazon Web Services for multi-cloud solutions.

This blog is a translation from the English version. You can check the original from here. We use some machine translation. We would appreciate it if you could point out any translation errors. *

Solutions Architect Evan Wong

Multi-cloud is one of the most sought after architectural designs to bridge the benefits of having multiple technologies and avoid vendor lock-in. There are several options for allowing Alibaba Cloud to connect to various cloud providers. One is to connect via the public internet via a VPN gateway. This article focuses on a step-by-step guide to setting up a VPN Gateway (https://www.alibabacloud.com/en/product/vpn-gateway) on both Alibaba Cloud and Amazon Web Services.

The following articles provide step-by-step instructions on how to set up a VPN Gateway to establish a connection to AWS.

Prerequisites

Before proceeding to the guide, you need the following elements:

1, computer or laptop 2, web browser, Google Chrome recommended 3, internet, 5Mbps recommended 4, Alibaba Cloud Account

Step 1: Create VPN Gateway on Alibaba Cloud

Select your region, VPC, peak bandwidth, and billing method.

After purchase, you should see the new VPN Gateway in the console.

Please name it:

Creating a customer gateway

Next, create a customer gateway. Click Create Customer Gateway and enter your name and IP address.

Once created, it should appear on the console. Then go to the VPN connection page.

Creating a VPN connection

Provide the VPN connection name and select the correct VPN and customer gateway, local and remote networks, and pre-shared keys.

Check the connection status. The status should be "Phase 2 of IKE Tunnel Negotiation Succeeded".

Add route entry

After successfully establishing the VPN Gateway, the next step is to add a route entry to your VPC to allow ECS to communicate with EC2 on AWS.

Go to the VPC-> VRouters page. Click Add Route Entry.

Enter the CIDR Block from AWS, select VPN Gateway as the Next Hop Type, and select the VPN Gateway you just created.

If you check again on the VRouter info page, you should see a list of new route entries.

Step 2: Create a VPN Gateway with Amazon Web Services

Go to your virtual private cloud and click Create Virtual Private Gateway.

Key in the name and click Create Virtual Private Gateway.

When you're done, attach your VPC.

Create a customer gateway on Amazon Web Services

Go to Customer Gateway and create a new Customer Gateway.

Enter the name of the customer gateway and the IP address of the Alibaba Cloud VPN gateway.

Create a VPN connection with Amazon Web Services

Select the correct VPN gateway and select the existing customer gateway you created earlier. Select the static routing option and enter the static IP prefix that is the subnet of your VPC.

Add route table in Amazon Web Services

Before you can grant access to your AWS EC2 instance, you need to add a route table for Alibaba Cloud to connect to AWS.

Step 3: Test connectivity

Make sure you need to add a similar route entry on the AWS side as well. Then create ECS and EC2 or ping test using an existing instance.

Conclusion

This VPN gateway solution allows customers using services on both Alibaba Cloud and AWS to securely connect between the two sites over the Internet.

[PYTHON] How to set up a VPN gateway to establish a connection between Alibaba Cloud and AWS