Stay organized with collections
Save and categorize content based on your preferences.
Set up the AWS-Google Cloud VPN and network attachment
This document provides detailed steps for setting up a VPN connection between
Amazon Web Services (AWS) and Google Cloud. The goal is to establish a reliable and
security-enhanced connection between the two cloud environments.
Before you begin
Ensure that you have the following:
Access to AWS and Google Cloud accounts with appropriate
permissions.
Create a customer gateway using the public IP address of your Google Cloud
VPN gateway. For detailed instructions, see
Create a customer gateway
in the AWS documentation.
Add routes to direct traffic to the Google Cloud IP ranges using the
VPN connection. For detailed instructions, see
Configure route tables and
Configure routing
in the AWS documentation.
Set up networking on Google Cloud
The setup on Google Cloud requires creating the VPN gateway and VPN
tunnels, configuring the routes, and creating the Google Cloud
network attachment.
Create the VPN gateway
In the Google Cloud console, go to the Cloud VPN gateways page.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-25 UTC."],[[["\u003cp\u003eThis guide provides step-by-step instructions for establishing a secure VPN connection between Amazon Web Services (AWS) and Google Cloud environments.\u003c/p\u003e\n"],["\u003cp\u003eSetting up the connection requires creating and configuring virtual private gateways, customer gateways, and VPN connections in AWS, as well as VPN gateways, tunnels, and network attachments in Google Cloud.\u003c/p\u003e\n"],["\u003cp\u003eProper routing must be configured in both AWS and Google Cloud to direct traffic through the VPN connection to the respective IP ranges.\u003c/p\u003e\n"],["\u003cp\u003eAfter setup, connectivity can be verified by pinging or connecting to instances in each environment, and security groups and firewall rules should be configured to allow traffic.\u003c/p\u003e\n"],["\u003cp\u003eTroubleshooting steps include checking VPN status, logs, routing tables, and firewall rules for potential errors or misconfigurations.\u003c/p\u003e\n"]]],[],null,["# Set up the AWS-Google Cloud VPN and network attachment\n======================================================\n\nThis document provides detailed steps for setting up a VPN connection between\nAmazon Web Services (AWS) and Google Cloud. The goal is to establish a reliable and\nsecurity-enhanced connection between the two cloud environments.\n\nBefore you begin\n----------------\n\nEnsure that you have the following:\n\n- Access to AWS and Google Cloud accounts with appropriate permissions.\n- Existing [Virtual Private Clouds](/vpc/docs/overview) in both AWS and Google Cloud.\n\nSet up networking on AWS\n------------------------\n\n1. Create a virtual private gateway that is attached to the VPC where your database is deployed. For detailed instructions, see [Create an AWS Direct Connect virtual private gateway](https://docs.aws.amazon.com/directconnect/latest/UserGuide/create-virtual-private-gateway.html) in the AWS documentation.\n2. Create a customer gateway using the public IP address of your Google Cloud VPN gateway. For detailed instructions, see [Create a customer gateway](https://docs.aws.amazon.com/vpn/latest/s2svpn/SetUpVPNConnections.html#vpn-create-cgw) in the AWS documentation.\n3. Create the VPN connection using the virtual private gateway and customer gateway that you created earlier. For detailed instructions, see [Get started with AWS Client VPN](https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/cvpn-getting-started.html) and [How do I establish an encrypted connection over an AWS Direct Connect connection?](https://repost.aws/knowledge-center/create-vpn-direct-connect) in the AWS documentation.\n4. Add routes to direct traffic to the Google Cloud IP ranges using the VPN connection. For detailed instructions, see [Configure route tables](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) and [Configure routing](https://docs.aws.amazon.com/vpn/latest/s2svpn/SetUpVPNConnections.html#vpn-configure-route-tables) in the AWS documentation.\n\nSet up networking on Google Cloud\n---------------------------------\n\nThe setup on Google Cloud requires creating the VPN gateway and VPN\ntunnels, configuring the routes, and creating the Google Cloud\nnetwork attachment.\n\n### Create the VPN gateway\n\n| **Note:** The following steps describe how to create a [Classic VPN](/network-connectivity/docs/vpn/concepts/overview#classic-vpn). You can create a high-availability (HA) VPN instead if it fits your use case. For more information, see [Create an HA VPN gateway to a peer VPN gateway](/network-connectivity/docs/vpn/how-to/creating-ha-vpn).\n\n1. In the Google Cloud console, go to the **Cloud VPN gateways** page.\n\n [Go to Cloud VPN gateways](https://console.cloud.google.com/hybrid/vpn?tab=gateways)\n2. Click **Create VPN gateway**.\n\n3. Select the **Classic VPN** option button.\n\n4. Provide a VPN gateway name.\n\n5. Select an existing VPC network in which to create the VPN gateway and tunnel.\n\n6. Select the region.\n\n7. For **IP address** , create or choose an existing regional\n [external IP address](/compute/docs/ip-addresses#reservedaddress).\n\n8. Provide a tunnel name.\n\n9. For **Remote peer IP address**, enter the AWS VPN gateway\n public IP address.\n\n10. Specify options for **IKE version** and **IKE pre-shared key**.\n\n11. Specify the routing options as required to direct traffic to the\n AWS IP ranges.\n\n12. Click **Create**.\n\nFor more information, see\n[Create a gateway and tunnel](/network-connectivity/docs/vpn/how-to/creating-static-vpns#create_a_gateway_and_tunnel).\n\n### Create the network attachment\n\n1. In the Google Cloud console, go to the **Network attachments** page.\n\n [Go to Network attachments](https://console.cloud.google.com/net-services/psc/list/networkAttachments)\n2. Click add **Create network attachment**.\n\n3. Provide a name for the network attachment.\n\n4. For **Network**, select the appropriate VPC network.\n\n5. For **Region**, choose where your VPN gateway is located.\n\n6. For **Subnetwork**, select the VPN tunnel that you created earlier.\n\n7. Click **Create network attachment**.\n\nFor more information, see\n[Create network attachments](/vpc/docs/create-manage-network-attachments#create-network-attachments).\n\nTest the VPN connection\n-----------------------\n\n1. Deploy the instances in both the AWS and Google Cloud VPC environments.\n2. To verify connectivity, attempt to ping or connect to instances across the VPN.\n3. Ensure the security groups and firewall rules allow for traffic through the VPN.\n\nTroubleshoot\n------------\n\nIf you are having issues setting up your network attachment, do the following:\n\n- Ensure the VPN connections are up and running in both the AWS and Google Cloud consoles.\n- Check the VPN logs for errors or dropped packets.\n- Verify that the routing tables in both AWS and Google Cloud are correctly configured.\n- Ensure that the necessary ports are open in both the AWS security groups and the Google Cloud firewall rules."]]
