Cloud Project: Azure and AWS connection through VPC

Project Title: Multi-Cloud Architecture for Fintech Firm

10/19/2024 - 11/3/2024

Objective: This capstone project was completed independently as part of my cloud engineering bootcamp. The objective was to design and implement a multi-cloud architecture using Azure and AWS to allow secure communication between resources without exposing data to the public internet. This project aimed to demonstrate my proficiency in cloud infrastructure, network security, and multi-cloud solutions.

Scenario: A fintech firm has a global clientele. To ensure the availability of its services, the chief solutions architect has suggested keeping the services running on a multi cloud environment. They want to deploy app resources in Azure and AWS and allow them to communicate with each other without exposing them to public access as the data on these resources will be confidential and should not be compromised. Create an architecture and the step by step guide to provide a solution for this scenario.

Technology Stack:

Azure VPN Gateway, AWS VPN Gateway, EC2, Virtual Machines, Azure Local Network Gateway, AWS Customer Gateway, Site-toSite VPN

-----------------------------------------------------------------------------------------------------------------------------------------------------

As the sole contributor to this project, I was responsible for every aspect of the design, implementation, and deployment of the multi-cloud architecture. My responsibilities included:

- Requirement Analysis: Identified the key requirements for secure, cross-cloud communication for a fintech application.

- Network Design: Developed the architecture for secure communication between Azure and AWS using site-to-site VPN.

- Configuration and Implementation: Set up Azure Virtual Machines (VMs) and AWS EC2 instances, and configured Azure VPN Gateway, AWS VPN Gateway, Customer Gateway, and Local Network Gateway for encrypted traffic.

- Network Security: Applied security rules, managed routing tables, and ensured compliance with industry standards for data protection.

- Testing and Validation: Independently tested the setup to ensure that communication between the two environments was secure and encrypted, with no exposure to the public internet.

Architecture Diagram https://drive.google.com/file/d/1a412QmA8BEcwshZJUcdXTqj_JEgPc1Wu/view?usp=drive_link

Step 1: MMulti-Cloud Environment Setup

• The project involves setting up a multi-cloud environment for a fintech firm that serves global clients. The services need to run on both Azure and AWS cloud platforms, and the two environments should be able to communicate securely without exposing any resources to the public internet due to the confidential nature of the data.

Step 2: Azure Network Setup

• Azure Virtual Machine (VM): Deploy a VM within an Azure virtual network (VNet)

• Azure VPN Gateway: Set up a VPN Gateway to handle the secure communication between the Azure VNet and the external AWS network. This gateway will handle the encrypted traffic across the site-to-site VPN.

• Create a Azure Gateway subnet

• Azure Local Network Gateway: Configure the Local Network Gateway, which holds the information about the external network (in this case, AWS). This defines the AWS VPC's public IP address and IP range, enabling Azure to understand where it is connecting.

Step 3: AWS Network Setup

• AWS EC2 Instance: Deploy an EC2 instance within a Virtual Private Cloud (VPC) in AWS.

• AWS Customer Gateway: Set up a Customer Gateway in AWS to hold the information about the external network (Azure). This is similar to the Azure Local Network Gateway and enables AWS to recognize the Azure VPN.

• AWS VPN Gateway: Configure a VPN Gateway to establish and manage the secure VPN connection between the AWS VPC and the Azure network.

Step 4: Establish Site-to-Site VPN Connection

• Establish a site-to-site VPN between the Azure VPN Gateway and the AWS VPN Gateway. This will create an encrypted connection between the two cloud environments (Azure and AWS), allowing the two networks to securely communicate.
• The site-to-site VPN connection ensures that sensitive data does not traverse the public internet and is fully encrypted while traveling between the two clouds.

Step 5: Configure Routing and Security Rules

• On both Azure and AWS, update the routing tables and network security groups (NSGs) to allow traffic over the VPN. Ensure the correct IP ranges are used for both sides to route traffic between the cloud platforms.
• On Azure: Add routes to allow traffic destined for AWS over the VPN Gateway.
• On AWS: Add routes to allow traffic to Azure using the VPN Gateway.

Step 6: Deploy Application Resources

• Deploy the necessary application resources in both Azure and AWS. The resources can communicate securely through the VPN connection, allowing the multi-cloud architecture to function as a unified system without exposing sensitive data to the internet.

Step 7: Test and Validate the Connection

• Test the setup by initiating traffic between the Azure and AWS environments. For example, ping the EC2 instance from the Azure VM to verify that the VPN connection is functioning correctly.
• Ensure that all data transfer is secure and that neither side is exposed to public internet traffic.

Step 8: Monitor and Manage the Environment

• Set up monitoring and logging in both Azure and AWS to track the performance and health of the VPN connection.
• Regularly check the VPN Gateway logs for any errors or unusual activity and monitor the performance of the deployed applications in both cloud environments.