This page describes how to successfully create and provision a Partner Cross-Cloud Interconnect for Amazon Web Services (AWS) connection from AWS using Network Connectivity Center (NCC) if you already have an activation key.
Before you start the Partner Cross-Cloud Interconnect for AWS provisioning process, ensure that the following conditions are met:
- You already have an AWS account.
- You create an NCC hub, if it doesn't already exist, to connect your transport resource to.
If you want to initiate a connection from the AWS Console, see Getting started with AWS Interconnect for creating the required resource. Provide the project and region information where you want the connection to land in Google Cloud. After AWS has created the resource, you must create the Google Cloud resource with the provided activation key.
To achieve a successful connection, you must create the transport resource.
Follow the instructions on this page to create the transport.
Considerations
Keep in mind the following considerations when using NCC to provision your Partner Cross-Cloud Interconnect for AWS connection:
- The default connectivity topology for the configuration is mesh topology.
- If you use star topology, the hybrid spokes are added to the center group. Edge group isn't supported for Partner Cross-Cloud Interconnect for AWS hybrid spokes.
- Spokes are auto accepted into a project.
Before you begin
Before you get started, review the following sections.
Create or select a project
To make it easier to configure Partner Cross-Cloud Interconnect for AWS, start by identifying a valid project.
- Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
-
In the Google Cloud console, on the project selector page, select or create a Google Cloud project.
Roles required to select or create a project
- Select a project: Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
-
Create a project: To create a project, you need the Project Creator role
(
roles/resourcemanager.projectCreator), which contains theresourcemanager.projects.createpermission. Learn how to grant roles.
-
Verify that billing is enabled for your Google Cloud project.
-
Install the Google Cloud CLI.
-
If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.
-
To initialize the gcloud CLI, run the following command:
gcloud init -
In the Google Cloud console, on the project selector page, select or create a Google Cloud project.
Roles required to select or create a project
- Select a project: Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
-
Create a project: To create a project, you need the Project Creator role
(
roles/resourcemanager.projectCreator), which contains theresourcemanager.projects.createpermission. Learn how to grant roles.
-
Verify that billing is enabled for your Google Cloud project.
-
Install the Google Cloud CLI.
-
If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.
-
To initialize the gcloud CLI, run the following command:
gcloud init If you are using the Google Cloud CLI, set your project ID by using the
gcloud config setcommand.gcloud config set project PROJECT_ID
Replace
PROJECT_IDwith your unique project ID.The gcloud CLI instructions on this page assume that you have set your project ID.
To confirm that you set the project ID correctly, use the
gcloud config listcommand.gcloud config list --format='text(core.project)'
Enable the Network Connectivity API
Before you can perform any tasks using Partner Cross-Cloud Interconnect for AWS, you must enable the Network Connectivity API.
Console
To enable the Network Connectivity API, do the following:
In the Google Cloud console, go to the Network Connectivity API page.
Click Enable.
Alternatively, you can enable the API by using the Google Cloud console API Library, as described in Enabling APIs.
Initiate a connection from AWS with an AWS activation key
Create an NCC hub
If you haven't already, create an NCC hub
to connect your transport resource to.
Create the transport resource
gcloud
Run the gcloud network-connectivity transports create command
gcloud network-connectivity transports create TRANSPORT_NAME \
--region=REGION \
--activation-key=ACTIVATION_KEY \
--hub=HUB_NAME \
--advertised-routes=ADVERTISED_ROUTES \
--stack-type=STACK_TYPE \
--auto-accept
Replace the following values:
TRANSPORT_NAME: a name for the transport resource that you want to createLOCATION: the name of the region where you want to provision connectivity, such as,us-west1ACTIVATION_KEY: the activation key that you have received from AWSHUB_NAME: the name of the NCC hub to connect the transport toADVERTISED_ROUTE: Additional IP addresses advertised to AWS. All routes learned in the hub's routing table are advertised to AWSSTACK_TYPE(optional): IP address version stack type. Must beIPV4_ONLY
API
Use the networkconnectivity.transports.create method:
POST https://networkconnectivity.googleapis.com/v1/projects/PROJECT/locations/LOCATION/transport/TRANSPORT_NAME
curl \
-H "Authorization: Bearer $(gcloud auth print-access-token)" \
-H "Content-Type: application/json" \
https://networkconnectivity.googleapis.com/v1/projects/PROJECT/locations/LOCATION/transports?transportId=TRANSPORT_NAME \
--data '
{
"hub": "HUB_NAME",
"advertisedRoutes": ["ADVERTISED_ROUTE"],
"providedActivationKey": "ACTIVATION_KEY",
"stackType": "STACK_TYPE,
"autoAccept": "true"
}'
Replace the following values:
PROJECT: the name of the project in which you want to create the transportLOCATION: the name of the Google Cloud region where you want to provision connectivity, such as,us-west1TRANSPORT_NAME: a name for the transport resourceHUB_NAME: the name of the NCC hub to connect the transport toADVERTISED_ROUTE: Additional IP addresses advertised to AWS. All routes learned in the hub's routing table are advertised to AWSACTIVATION_KEY: the activation key that you have received from AWSSTACK_TYPE(optional): IP address version stack type. Must beIPV4_ONLY
Verify your connection
You can verify that connectivity has been established by listing spokes attached to the hub that you created. You can also list NCC routes for your hub.
gcloud
To list spokes associated with a hub across all projects use the
gcloud network-connectivity hubs list-spokes command.
gcloud network-connectivity hubs list-spokes HUB_NAME
Replace HUB_NAME with the name of the hub for which
you want to list spokes, such as my-hub.
To list NCC routes for a hub, run the
gcloud network-connectivity hubs route-tables routes list command.
gcloud network-connectivity hubs route-tables routes list \
--hub=HUB_NAME \
--route_table=default
Replace HUB_NAME with the name of the hub, such as my-hub.
Your output looks similar to the following:
IP_CIDR_RANGE PRIORITY LOCATION STATE TYPE SITE_TO_SITE NEXT_HOP HUB ROUTE_TABLE 10.0.0.0/9 65536 us-east1 ACTIVE DYNAMIC_ROUTE OFF transport-c24daa3d1fa6969a-7a3f13c5553ee9a0 HUB_NAME default
API
To list all spokes associated with a hub across all projects, use the
networkconnectivity.hubs.listSpokes method.
GET https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/global/hubs/HUB_NAME:listSpokes
Replace the following values:
PROJECT_ID: the project ID of the hubHUB_NAME: the name of the hub for which you want to list spokes
To list NCC routes for a hub, use the
networkconnectivity.hubs.routeTables.routes.list method with an empty request body.
GET https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/global/hubs/HUB_NAME/routeTables/NAME/routes
Replace the following values:
PROJECT_ID: the project ID of the project that contains the hubHUB_NAME: the name of the hubNAME: the name of the hub route table resource
What's next
- To find answers to common questions about Cloud Interconnect architecture and features, see the Cloud Interconnect FAQ.
- To find out more about Cloud Interconnect, see the Cloud Interconnect overview.
- To learn about best practices when planning for and configuring Cloud Interconnect, see Best practices.
- To find Google Cloud resource names, see the
Cloud Interconnect APIs.