Create a connection initiated from AWS

This page describes the steps to successfully create and provision a Partner Cross-Cloud Interconnect for Amazon Web Services (AWS) connection from AWS if you already have an activation key.

Before you start the Partner Cross-Cloud Interconnect for AWS provisioning process, ensure that the following conditions are met:

• You must already have an AWS account.
• You must also create a Virtual Private Cloud (VPC) network, if it doesn't already exist, to connect your transport resource to.

If you want to initiate a connection from the AWS Console, follow the instructions on the AWS Console for creating the required resource, and provide the project and region information where you want the connection to land in Google Cloud. After AWS has created the resource, you must create the Google Cloud resource with the provided activation key.

To achieve a successful connection, you must create the transport resource. Follow these instructions to create the transport.

Before you begin

Before you get started, review the following sections.

Create or select a project

To make it easier to configure Network Connectivity Center, start by identifying a valid project.

Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.

In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

Roles required to select or create a project

• Select a project: Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
• Create a project: To create a project, you need the Project Creator role (roles/resourcemanager.projectCreator), which contains the resourcemanager.projects.create permission. Learn how to grant roles.

Go to project selector

Verify that billing is enabled for your Google Cloud project.

Install the Google Cloud CLI.

If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.

To initialize the gcloud CLI, run the following command:

gcloud init

In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

Roles required to select or create a project

• Select a project: Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
• Create a project: To create a project, you need the Project Creator role (roles/resourcemanager.projectCreator), which contains the resourcemanager.projects.create permission. Learn how to grant roles.

Go to project selector

Verify that billing is enabled for your Google Cloud project.

Install the Google Cloud CLI.

If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.

To initialize the gcloud CLI, run the following command:

gcloud init

1. If you are using the Google Cloud CLI, set your project ID by using the gcloud config set command.

   gcloud config set project PROJECT_ID

   Replace PROJECT_ID with your unique project ID.

   The gcloud CLI instructions on this page assume that you have set your project ID.

2. To confirm that you set the project ID correctly, use the gcloud config list command.

   gcloud config list --format='text(core.project)'

Enable the Network Connectivity API

Before you can perform any tasks using Network Connectivity Center, you must enable the Network Connectivity API.

Alternatively, you can enable the API by using the Google Cloud console API Library, as described in Enabling APIs.

Create the transport resource

POST https://networkconnectivity.googleapis.com/v1beta/projects/PROJECT/locations/LOCATION/transport/TRANSPORT_ID

curl \
-H "Authorization: Bearer $(gcloud auth print-access-token)" \
-H "Content-Type: application/json" \
https://networkconnectivity.googleapis.com/v1beta/projects/PROJECT/locations/LOCATION/transports?transportId=TRANSPORT_ID \
--data '
{
"bandwidth": "BANDWIDTH",
"network": "NETWORK",
"advertisedRoutes": ["IP_RANGE"],
"providedActivationKey": "ACTIVATION_KEY",
"stackType": "STACK_TYPE
}'

Establish VPC Network Peering

You can proactively establish VPC Network Peering at the Google Cloud end. To do this, use the peeringNetwork resource and ensure that you create a peering with the same stack type. The default stack type matches the transport resource using IPV4_ONLY.

To receive the AWS routes, you must enable the Import custom routes field.

The MTU in the peering VPC network is explicitly set to the maximum in order to avoid MTU issues in the connectivity. If you're using an MTU less than 8896, you might get a warning WARNING: Some requests generated warnings: - Network MTU 1460B does not match the peer's MTU 8896B. In that case, you must ensure that you're using matching MTU configurations between your Google Cloud VPC network and the AWS VPC network. If these are mismatched, you might need to override MTU values to the lowest common denominator. For example, if you're using 8896 in Google Cloud and 8800 in AWS, everything in Google Cloud must be configured as 8800.

gcloud compute networks peerings create "TRANSPORT_NAME" \
    --network="VPC_NETWORK"
    --peer-network="PEERING_NETWORK" \
    --stack-type=STACK_TYPE \
    --import-custom-routes
    --export-custom-routes

POST https://compute.googleapis.com/compute/v1/projects/PROJECT/global/networks/NETWORK/addPeering

What's next

• To find answers to common questions about Cloud Interconnect architecture and features, see the Cloud Interconnect FAQ.
• To find out more about Cloud Interconnect, see the Cloud Interconnect overview.
• To learn about best practices when planning for and configuring Cloud Interconnect, see Best practices.
• To find Google Cloud resource names, see the Cloud Interconnect APIs.