In this article I am going to walk you through setting up a site-to-site VPN between Azure and AWS. Provisionally this has always been a pain as AWS never supported IKEv2. In February of 2019 AWS changed this. Before you had to use a 3rd party network virtual appliance (NVA) either on Azure or AWS to establish the VPN.
At the time of writing this article BGP is not supported
Lets get to it
I am going to assume you already have an Azure VPN created and also an AWS VPN created.
In AWS navigate to the VPC you want to connect to Azure and create a new Customer Gateways. Enter a Name and the Public IP Address of you Azure Virtual Network Gateway. Then click Create Customer Gateway.
Now in AWS create a Virtual Private Gateway. Here enter the same Name you used when creating the Customer Gateway. Then click Create Virtual Private Gateway.
Still in AWS Create VPN Connection. Enter the Name we used above, select the Virtual Private Gateway you just created. Pick the Customer Gateway ID you just created also. For the Routing Options click Static and then enter Azure vNet range. Enter the existing PSK you have also. Then Click Create VPN Connection at the bottom of the form.
Download the configuration and select Generic.
In the downloaded file look for the following:
IPSec Tunnel # 1
Outside IP Addresses:
Virtual Private Gateway
Now go to Azure and create a Local network gateway.
Here enter a name. Under the IP address enter the Virtual Private Gateway address from the text file. In the Address Space box enter VPC IP range from AWS. Select your subscription, resource group and location as normal.
Next we need to create the connection. Find your Virtual Network Gateway, locate Connections on the left and click Add.
In here, enter a Name, Select Site-to-Site for Connection Type, The Virtual network gateway should be picked already. Select your new Local network gateway, enter your PSK. Then pick the Resource group and Location.
After a short while the VPN will be up.
Its now time to add some routes.
Back in AWS go to Route Table under your VPC. You may need to create a
Tick the box to propagate. And then click Save.
Setting up the second tunnel
Create another local network gateway and use the settings under IPSec Tunnel # 2 from the downloaded text file.
The best way to test is to create a VM on both sides, allow ping through the firewall and ping each other.
I hope you found this article helpful, I am no AWS expert and managed to do this so hopefully you are too. If you do have any questions please reach out.