×
Community Blog Connect Alibaba Cloud to AWS via VPN Gateway

Connect Alibaba Cloud to AWS via VPN Gateway

This article provides a step-by-step guide on setting up VPN Gateway on both Alibaba Cloud and Amazon Web Services for a multi-cloud solution.

By Evan Wong, Solutions Architect

Multi-cloud is one of the most sought-after architecture design that bridges the benefits of having multiple technology capabilities of the providers and to avoid vendor lock-in. To be able to connect to the various cloud providers with Alibaba Cloud, there are few options. One of the method is to connect via the VPN gateway through the public internet. This lab focuses on the step by step guide on setup the VPN Gateway on both Alibaba Cloud and Amazon Web Services.

1

The following lab provides the steps by steps on how to setup VPN Gateway to establish the connection to AWS.

Prerequisites

Before going through the step-by-step guide, you should have:

  1. A decent computer or laptop
  2. A web browser, recommended Google Chrome
  3. A internet, suggested 5Mbps
  4. An Alibaba Cloud account

Step 1: Create VPN Gateway on Alibaba Cloud

Choose the region, VPC, peak bandwidth and billing method.

2

After the purchase, you should be able to see the new VPN Gateway on the console.

Give it a name:

3

Create Customer Gateway

Next, create a customer gateway. Click on the Create Customer Gateway, enter the name and IP address.

4

After it has created, it should appear on the console. Next navigate to the VPN connection page.

5

Create VPN Connection

Provide the VPN connection name, choose the correct VPN and Customer Gateway, the local and remote network, as well as the pre-shared key.

6

Check the connection status. The status should state "Phase 2 of IKE Tunnel Negotiation Succeeded".

7

Add Route Entry

After the VPN Gateway has been established successfully, the next step is to add the route entry to the VPC in order for the ECS to be able to communicate with the EC2 in AWS.

Navigate to the VPC -> VRouters page. Click on the Add Route Entry.

8

Enter the CIDR Block from the AWS, choose VPN Gateway as the Next Hop Type and select the VPN Gateway that was created a moment ago.

9

Recheck again on the VRouter information page, the new route entry list should be appeared on the list

10

Step 2: Create VPN Gateway on Amazon Web Services

Navigate to Virtual Private Cloud, and click Create Virtual Private Gateway.

11

Key in a name and click Create Virtual Private Gateway.

After completed, attach a VPC.

12

Create Customer Gateway on Amazon Web Services

Navigate to Customer Gateway and create a new Customer Gateway.

13

Enter a name for the customer gateway and enter the IP address of the Alibaba Cloud VPN Gateway.

14

Create VPN Connection on Amazon Web Services

Choose the correct VPN Gateway and choose the existing Customer Gateway that has been created earlier. Select static routing option and enter a static IP prefixes which is the subnet of the VPC.

15

16

Add a Route Table on Amazon Web Services

Before you allow the access to the AWS EC2 instances, the route table need to be added in order for the Alibaba Cloud to connect to the AWS.

17

Step 3: Test Connectivity

Make sure on the AWS side, the similar route entry have to be added as well. Next create ECS and EC2 or using the existing instances to do a ping test.

18

Conclusion

This VPN Gateway solution allows customer who are consuming services in both Alibaba Cloud and AWS to be able have a secure connectivity between both sites over internet.

Related Products

  1. VPN Gateway
  2. Virtual Private Cloud
  3. Elastic Compute Service
6 1 1
Share on

Alibaba Clouder

2,599 posts | 758 followers

You may also like

Comments

222487980713563372 November 20, 2018 at 5:17 am

great thanks

5440633542044648 August 22, 2019 at 7:31 am

Can AliCloud China region create VPN connection to AWS cloud?

259967759749628869 October 21, 2019 at 7:41 am

I've created vpn on the ap regions betwen aws and ali, then connect china with ap throw cen. Works fine :D

5745204299525570 November 6, 2020 at 4:57 am

where does the AWS IP 52.74.7.208 come from? Is there a step before creating Alibaba Customer Gateway

249776207339648833 December 21, 2020 at 3:22 am

"where does the AWS IP 52.74.7.208 come from? Is there a step before creating Alibaba Customer Gateway "I want to know the answer, too.

249776207339648833 January 27, 2021 at 4:32 pm

Is there any workaround in situations where we don't have VPN customer gateway. (for example AWS China regions)

5761003334169073 February 11, 2021 at 4:23 pm

thank you but shit like tuto