Connect Alibaba Cloud to AWS via VPN Gateway
By Evan Wong, Solutions Architect
Multi-cloud is one of the most sought-after architecture design that bridges the benefits of having multiple technology capabilities of the providers and to avoid vendor lock-in. To be able to connect to the various cloud providers with Alibaba Cloud, there are few options. One of the method is to connect via the VPN gateway through the public internet. This lab focuses on the step by step guide on setup the VPN Gateway on both Alibaba Cloud and Amazon Web Services.

The following lab provides the steps by steps on how to setup VPN Gateway to establish the connection to AWS.
Prerequisites
Before going through the step-by-step guide, you should have:
- A decent computer or laptop
- A web browser, recommended Google Chrome
- A internet, suggested 5Mbps
- An Alibaba Cloud account
Step 1: Create VPN Gateway on Alibaba Cloud
Choose the region, VPC, peak bandwidth and billing method.

After the purchase, you should be able to see the new VPN Gateway on the console.
Give it a name:

Create Customer Gateway
Next, create a customer gateway. Click on the Create Customer Gateway, enter the name and IP address.

After it has created, it should appear on the console. Next navigate to the VPN connection page.

Create VPN Connection
Provide the VPN connection name, choose the correct VPN and Customer Gateway, the local and remote network, as well as the pre-shared key.

Check the connection status. The status should state “Phase 2 of IKE Tunnel Negotiation Succeeded”.

Add Route Entry
After the VPN Gateway has been established successfully, the next step is to add the route entry to the VPC in order for the ECS to be able to communicate with the EC2 in AWS.
Navigate to the VPC -> VRouters page. Click on the Add Route Entry.

Enter the CIDR Block from the AWS, choose VPN Gateway as the Next Hop Type and select the VPN Gateway that was created a moment ago.

Recheck again on the VRouter information page, the new route entry list should be appeared on the list

Step 2: Create VPN Gateway on Amazon Web Services
Navigate to Virtual Private Cloud, and click Create Virtual Private Gateway.

Key in a name and click Create Virtual Private Gateway.
After completed, attach a VPC.

Create Customer Gateway on Amazon Web Services
Navigate to Customer Gateway and create a new Customer Gateway.

Enter a name for the customer gateway and enter the IP address of the Alibaba Cloud VPN Gateway.

Create VPN Connection on Amazon Web Services
Choose the correct VPN Gateway and choose the existing Customer Gateway that has been created earlier. Select static routing option and enter a static IP prefixes which is the subnet of the VPC.


Add a Route Table on Amazon Web Services
Before you allow the access to the AWS EC2 instances, the route table need to be added in order for the Alibaba Cloud to connect to the AWS.

Step 3: Test Connectivity
Make sure on the AWS side, the similar route entry have to be added as well. Next create ECS and EC2 or using the existing instances to do a ping test.

Conclusion
This VPN Gateway solution allows customer who are consuming services in both Alibaba Cloud and AWS to be able have a secure connectivity between both sites over internet.
Related Products
Reference: