Tuesday, January 2, 2024

Find all the resources in an AWS account

Being someone working with Microsoft services, my natural choice of cloud provider was the Azure platform. Then after spending some time exploring AWS, it is differently arranged and more enriched with services. Microsoft is always known for user intuitiveness, and here I don't find AWS lacks this. However, people starting their career in AWS may find it differently. 

Regarding resource listing there are different native tools and ways to know the resources get created along with the deployment. Among them, the below 2 are available at no cost.

1. AWS Resource Groups & Tag Editor

AWS resource groups allow to create custom groups of resources based on specific criteria, e.g. tags, CloudFormation stack.










On the other hand, using "tag editor" we can list all resources. We can export the list.














2. AWS Resource Explorer

AWS Resource Explorer tool can be used to view, search resources across all regions and services in AWS account. 

Search for "aws resource explorer" from the earch bar





Go to Resource Explorer

Turn on Resource Explorer


Proceed to resource search
All the resources are listed














Also, click on view on the left pane to create customized different views.













\\





Also, write on the query search section to search specific resource type say EC2











Saturday, December 30, 2023

Link your AWS Certifications with your Corporate account

Sign up in Partner Central


1. Open this in your browser. Self Registration (awspartner.com)
2. Click on let’s get started 












3. Provide your firstname, lastname and corporate email address. 
















4. Check your email for verification code and set your password.
















Note: If you have already registered and forget the credentials, click on forget your password in the sign-in page.


Link the AWS certificate

1. Login to Partner Central using your corporate account (e.g. firstname.lastname@company.com)

Partner Central (awspartner.com)

2. Click on View My Profile.







3. Click on Edit
4. Set your certification email id into AWS T&C Account Email and select Yes in the I consent to share my AWS Certifications with “Company”. Click on Submit.





Friday, December 29, 2023

Site-to-site VPN connection between Azure and AWS infrastructure (BGP-disabled)

Introduction

In the blog below, I've explained how one can establish site-to-site connectivity between two popular cloud providers AWS and Azure.

Expectation

You are asked to set up a VPN connectivity between AWS and Azure environment as transferring data over the internet has concerns related to security and compliance requirements.

The goal is to test the connectivity using RDP/PING protocol from a VM in Azure to an EC2 instance in AWS over the private network and vice versa.

Architecture Diagram

The below architecture diagram will help you understand the different components and the connectivity between them.






















Here are the connectivity service components mapping between AWS and Azure.

AWS VPC                            --> Azure Virtual Network
AWS Route Table                   --> Azure Route Table
AWS  Customer Gateways        --> Azure Local Network Gateways
AWS Virtual Private Gateways     --> Azure Virtual Network Gateways
AWS Site-to-Site VPN Connections --> Azure Connections

Steps

The below 14 steps will help you achieve the above architecture. You can skip if some of the components are already deployed. But remember the network address spaces should not overlap with each other.

1. Create a Virtual Network in Azure

Create the Virtual Network with address space 10.10.0.0/16
Add a Subnet with CIDR 10.10.1.0/24















2. Create a Gateway Subnet

While creating the gateway subnet use the subnet 10.10.2.0/24

















3. Create an Azure Virtual Network Gateway

While creating the Virtual Network Gateway, choose the settings below.




























Take note of the public IP, it is needed while creating the customer gateway in AWS.
















Note: This will take 15-30 minutes to deploy. Let's create some of the AWS components in between.

4. Create a VPC in AWS

Create a VPC using address space 172.17.0.0/16
Use the Subnet CIDR as 172.17.1.0/24















5. Create the Customer Gateway

Use the Azure VPN Gateway public IP address while creating the customer gateway.
























6. Create the Virtual Private Gateway

Create the virtual private gateway using amazon default ASN.















Once created, attach it with the VPC created earlier.















7. Create a Site-to-site VPN

While creating the VPN, choose the already-created virtual private gateway and customer gateway.






































Note: This will take 5-10 minutes to provision.

once provisioned the tunnel status would be Down.







Make sure the static route to Azure is there in the VPN connection.


8. Download the VPN configuration































This will download a text file having VPN connection configuration details for establishing the IPsec tunnel like a pre-shared key, VPN Gateway public IP address, etc.

9. Create Azure Local Network Gateway


Use the VPN Gateway Public IP address received in the VPN configuration file earlier to create the local network gateway.













































10. Create a connection

Use the pre-shared key, virtual network gateway, and the local network gateway to create the connection.



















































11. Create Route Table 

Create a route table in Azure and associate it with the Default subnet.































Add a static route to the AWS subnet by the add route option.





















12. Associate subnet, add Route at AWS route table

Associate the subnet with the route table available for the VPC






























Add the route to Azure local CIDR.



































Enable the route propagation to the virtual private gateway.
















13. Check the connection and tunnel status

Check the Connection state. It should be successful and stay in a connected state.


The tunnel status in AWS will be up too. Time to test the connectivity. 


14. Test the connectivity

The VM's network interface shows the effective routes to the AWS environment.





Create a Windows Server virtual machine in the Azure virtual network for testing.
Connect to the Azure VM, open the PowerShell window, and test the connection by executing Test-NetConnection -ComputerName 172.17.1.101 -Port 3389









Launch a Windows Server EC2 instance in the VPC. 
Connect to the AWS VM, open the PowerShell window, and test the connection by executing Test-NetConnection -ComputerName 10.10.1.4 -Port 3389


For those comfortable with Linux, deploy an Ubuntu virtual machine in both environments. Test the connectivity using ping 171.17.1.104 and ping 10.10.1.4 respectively.