Amazon Virtual Private Cloud
User Guide

VPN Connections

You can connect your VPC to remote networks by using a VPN connection. The following are some of the connectivity options available to you.

VPN connectivity option Description
AWS hardware VPN You can create an IPsec, hardware VPN connection between your VPC and your remote network. On the AWS side of the VPN connection, a virtual private gateway provides two VPN endpoints for automatic failover. You configure your customer gateway, which is the physical device or software application on the remote side of the VPN connection. For more information, see Adding a Hardware Virtual Private Gateway to Your VPC, and the Amazon VPC Network Administrator Guide.
AWS Direct Connect AWS Direct Connect provides a dedicated private connection from a remote network to your VPC. You can combine this connection with an AWS hardware VPN connection to create an IPsec-encrypted connection. For more information, see What is AWS Direct Connect? in the AWS Direct Connect User Guide.
AWS VPN CloudHub If you have more than one remote network (for example, multiple branch offices), you can create multiple AWS hardware VPN connections via your VPC to enable communication between these networks. For more information, see Providing Secure Communication Between Sites Using VPN CloudHub.
Software VPN You can create a VPN connection to your remote network by using an Amazon EC2 instance in your VPC that's running a software VPN appliance. AWS does not provide or maintain software VPN appliances; however, you can choose from a range of products provided by partners and open source communities. Find software VPN appliances on the AWS Marketplace.

The following topics are covered in this section:

For more information about the different VPC and VPN connectivity options, see the Amazon Virtual Private Cloud Connectivity Options whitepaper.