This page describes how to successfully create and provision a Partner Cross-Cloud Interconnect for Amazon Web Services (AWS) connection using Network Connectivity Center (NCC) initiated from Google Cloud.
If you don't have an activation key from AWS, you can initiate and provision a Partner Cross-Cloud Interconnect for AWS connection from Google Cloud.
To achieve a successful connection, you must create the transport resource.
Follow the instructions on this page to create the transport.
Before you start the Partner Cross-Cloud Interconnect for AWS provisioning process, ensure that the following conditions are met:
- You have an Amazon Web Services account.
- You create an NCC hub, if it doesn't already exist, to connect your transport resource to.
Considerations
Keep in mind the following considerations when using NCC to provision your Partner Cross-Cloud Interconnect for AWS connection:
- The default connectivity topology for the configuration is mesh topology.
- If you use star topology, the hybrid spokes are added to the center group. Edge group isn't supported for Partner Cross-Cloud Interconnect for AWS hybrid spokes.
- Spokes are auto accepted into a project.
Before you begin
Before you get started, review the following sections.
Create or select a project
To make it easier to configure Partner Cross-Cloud Interconnect for AWS, start by identifying a valid project.
- Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
-
In the Google Cloud console, on the project selector page, select or create a Google Cloud project.
Roles required to select or create a project
- Select a project: Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
-
Create a project: To create a project, you need the Project Creator role
(
roles/resourcemanager.projectCreator), which contains theresourcemanager.projects.createpermission. Learn how to grant roles.
-
Verify that billing is enabled for your Google Cloud project.
-
Install the Google Cloud CLI.
-
If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.
-
To initialize the gcloud CLI, run the following command:
gcloud init -
In the Google Cloud console, on the project selector page, select or create a Google Cloud project.
Roles required to select or create a project
- Select a project: Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
-
Create a project: To create a project, you need the Project Creator role
(
roles/resourcemanager.projectCreator), which contains theresourcemanager.projects.createpermission. Learn how to grant roles.
-
Verify that billing is enabled for your Google Cloud project.
-
Install the Google Cloud CLI.
-
If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.
-
To initialize the gcloud CLI, run the following command:
gcloud init If you are using the Google Cloud CLI, set your project ID by using the
gcloud config setcommand.gcloud config set project PROJECT_ID
Replace
PROJECT_IDwith your unique project ID.The gcloud CLI instructions on this page assume that you have set your project ID.
To confirm that you set the project ID correctly, use the
gcloud config listcommand.gcloud config list --format='text(core.project)'
Enable the Network Connectivity API
Before you can perform any tasks using Cloud Interconnect, you must enable the Network Connectivity API.
Console
To enable the Network Connectivity API, do the following:
In the Google Cloud console, go to the Network Connectivity API.
Click Enable.
Alternatively, you can enable the API by using the Google Cloud console API Library, as described in Enabling APIs.
Initiate connection from Google Cloud if you don't have an activation key
List available profiles
To list the available profiles in a specific project in the region where you want to provision connectivity, follow these steps.
gcloud
Use the gcloud network-connectivity transports remote-profiles list
command.
gcloud network-connectivity transports remote-profiles list --region REGION
Replace REGION with the name of the region where you want
to provision connectivity, such as us-west1.
API
Use the networkconnectivity.remoteTransportProfiles.list
method with an empty request body.
$ curl -H "Authorization: Bearer $(gcloud auth print-access-token)" "https://networkconnectivity.googleapis.com/v1/projects/PROJECT/locations/REGION/remoteTransportProfiles"
Replace the following values:
PROJECT: the name of the projectREGION: the name of the Google Cloud region where you want to provision connectivity, such asus-west1
Create an NCC hub
If you haven't already, create an NCC hub
to connect your transport resource to.
Create the transport resource
During the transport resource creation process, you must specify the
bandwidth, remoteProfile and remoteAccountId fields.
advertisedRoutes is an optional field that advertises routes in addition to
the hub's routing table.
Running the following commands establishes connectivity. As part of the hub, several new hybrid spokes are created.
To create a transport resource, follow these steps.
gcloud
Use the gcloud network-connectivity transports create
command
gcloud network-connectivity transports create TRANSPORT_NAME \
--region=REGION \
--remote-account-id=REMOTE_ACCOUNT_ID \
--remote-profile=REMOTE_PROFILE_NAME \
--bandwidth=BANDWIDTH \
--hub=HUB_NAME \
--advertised-routes=ADVERTISED_ROUTES \
--stack-type=STACK_TYPE \
--auto-accept
Replace the following values:
TRANSPORT_NAME: a name for the transport resource that you want to createREGION: the name of the region where you want to provision connectivity, such asus-west1REMOTE_ACCOUNT_ID: the ID of your AWS accountREMOTE_PROFILE_NAME: the AWS remote profile name associated with the Google Cloud region returned by thegcloud network-connectivity transports remote-profiles listcommand in the previous stepBANDWIDTH: the chosen bandwidth for your connection, such as1G, must be a supported bandwidth on the chosenremoteProfileHUB_NAME: the name of the NCC hub to connect the transport toADVERTISED_ROUTE: Additional IP addresses advertised to AWS. All routes learned in the hub's routing table are advertised to AWSSTACK_TYPE(optional): IP address version stack type. Must beIPV4_ONLY
API
Use the networkconnectivity.transports.create
method
specifying the TRANSPORT_ID, similar to the following example:
curl -X POST -H "Authorization: Bearer $(gcloud auth print-access-token)" -H "Content-Type: application/json" "https://networkconnectivity.googleapis.com/v1/projects/PROJECT/locations/REGION/transports?transportId="TRANSPORT_NAME" --data '{
"hub": "HUB_NAME",
"remoteProfile": "REMOTE_PROFILE_NAME",
"bandwidth": "BANDWIDTH",
"remoteAccountId": "REMOTE_ACCOUNT_ID",
"advertisedRoutes": ["ADVERTISED_ROUTE"],
"stackType": "STACK_TYPE",
"autoAccept": "true"
}'
Replace the following values:
PROJECT: the name of the project in which you want to create the transportREGION: the name of the Google Cloud region where you want to provision connectivity, such asus-west1TRANSPORT_NAME: a name for the transport resourceREMOTE_ACCOUNT_ID: the ID of your AWS accountREMOTE_PROFILE_NAME: the AWS remote profile name associated with the Google Cloud region returned by thegcloud network-connectivity transports remote-profiles listcommand in the previous stepBANDWIDTH: the chosen bandwidth for your connection, such as1G, must be a supported bandwidth on the chosenremoteProfileHUB_NAME: the name of the NCC hub to connect the transport toADVERTISED_ROUTE: Additional IP addresses advertised to AWS. All routes learned in the hub's routing table are advertised to AWSSTACK_TYPE(optional): IP address version stack type. Must beIPV4_ONLY
In the output, find the value of the name field. It has the format
projects/PROJECT/locations/REGION/operations/OPERATION_ID,
where OPERATION_ID is the ID of your operation.
To check the status of the operation, use the networkconnectivity.operations.get method.
GET https://networkconnectivity.googleapis.com/v1/locations/REGION/operations/OPERATION_ID
Replace the following:
REGION: the name of the Google Cloud region where you want to provision connectivity, such asus-west1OPERATION_ID: the ID of the operation
If the transport resource has finished creation, the output has the line
"done": true. Copy the value of the generatedActivationKey field from
the output to use in later steps.
Complete the steps on the AWS API
Follow the instructions in the AWS API reference document, using the activation key that you generated in the previous step.
Verify your connection
You can verify that connectivity has been established by listing spokes attached to the hub that you created. You can also list NCC routes for your hub.
gcloud
To list spokes associated with a hub across all projects use the
gcloud network-connectivity hubs list-spokes command.
gcloud network-connectivity hubs list-spokes HUB_NAME
Replace HUB_NAME with the name of the hub for which
you want to list spokes, such as my-hub.
To list NCC routes for a hub, run the
gcloud network-connectivity hubs route-tables routes list command.
gcloud network-connectivity hubs route-tables routes list \
--hub=HUB_NAME \
--route_table=default
Replace HUB_NAME with the name of the hub, such as my-hub.
Your output looks similar to the following:
IP_CIDR_RANGE PRIORITY LOCATION STATE TYPE SITE_TO_SITE NEXT_HOP HUB ROUTE_TABLE 10.0.0.0/9 65536 us-east1 ACTIVE DYNAMIC_ROUTE OFF transport-c24daa3d1fa6969a-7a3f13c5553ee9a0 HUB_NAME default
API
To list all spokes associated with a hub across all projects, use the
networkconnectivity.hubs.listSpokes method.
GET https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/global/hubs/HUB_NAME:listSpokes
Replace the following values:
PROJECT_ID: the project ID of the hubHUB_NAME: the name of the hub for which you want to list spokes
To list NCC routes for a hub, use the
networkconnectivity.hubs.routeTables.routes.list method with an empty request body.
GET https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/global/hubs/HUB_NAME/routeTables/NAME/routes
Replace the following values:
PROJECT_ID: the project ID of the project that contains the hubHUB_NAME: the name of the hubNAME: the name of the hub route table resource
What's next
- To find answers to common questions about Cloud Interconnect architecture and features, see the Cloud Interconnect FAQ.
- To find out more about Cloud Interconnect, see the Cloud Interconnect overview.
- To learn about best practices when planning for and configuring Cloud Interconnect, see Best practices.
- To find Google Cloud resource names, see the Cloud Interconnect APIs.