Introduction - Amazon Virtual Private Cloud Connectivity Options

Introduction

Amazon VPC provides multiple network connectivity options for you to use, depending on your current network designs and requirements. These connectivity options include using either the internet or an AWS Direct Connect connection as the network backbone and terminating the connection into AWS or user-managed network endpoints. Additionally, with AWS, you can choose how network routing is delivered between Amazon VPC and your networks, leveraging either AWS services or user-managed network equipment and routes. This whitepaper considers the following options with an overview and a high-level comparison of each:

  • Network-to-Amazon VPC connectivity options

    • AWS Site-to-Site VPN – Describes establishing a managed IPsec VPN connection from your network equipment on a remote network to Amazon VPC.

    • AWS Transit Gateway + AWS Site-to-Site VPN – Describes establishing a managed IPsec VPN connection from your network equipment on a remote network to a regional network hub for Amazon VPCs, using AWS Transit Gateway.

    • AWS Direct Connect - Describes establishing a private, logical connection from your remote network to Amazon VPC, using AWS Direct Connect.

    • AWS Direct Connect + AWS Transit Gateway – Describes establishing a private, logical connection from your remote network to a regional network hub for Amazon VPCs, using AWS Direct Connect and AWS Transit Gateway.

    • AWS Direct Connect + AWS Site-to-Site VPN – Describes establishing a private, encrypted connection from your remote network to Amazon VPC, using AWS Direct Connect and AWS Site-to-Site VPN.

    • AWS Direct Connect + AWS Transit Gateway + AWS Site-to-Site VPN – Describes establishing a private, encrypted connection from your remote network to a regional network hub for Amazon VPCs, using AWS Direct Connect and AWS Transit Gateway.

    • AWS VPN CloudHub – Describes establishing a hub-and-spoke model for connecting remote branch offices.

    • Software VPN – Describes establishing a VPN connection from your equipment on a remote network to a user-managed software VPN appliance running inside an Amazon VPC.

    • AWS Transit Gateway + SD-WAN solutions - Describes the integration of software-defined wide area network (SD-WAN) solutions to interconnect several remote locations to a regional network hub for Amazon VPCs, using the AWS backbone or the internet as a transit network.

  • Amazon VPC-to-Amazon VPC connectivity options

    • VPC peering – Describes connecting Amazon VPCs within and across regions using the Amazon VPC peering feature.

    • AWS Transit Gateway – Describes connecting Amazon VPCs within and across regions using AWS Transit Gateway in a hub-and-spoke model.

    • AWS PrivateLink – Describes connecting Amazon VPCs with VPC interface endpoints and VPC endpoint services.

    • Software VPN – Describes connecting Amazon VPCs using VPN connections established between user-managed software VPN appliances running inside of each Amazon VPC.

    • Software VPN-to-AWS Site-to-Site VPN – Describes connecting Amazon VPCs with a VPN connection established between a user-managed software VPN appliance in one Amazon VPC and AWS Site-to-Site VPN attached to the other Amazon VPC.

  • Software remote access-to-Amazon VPC connectivity options

    • AWS Client VPN – Describes connecting software remote access to Amazon VPC, leveraging AWS Client VPN.

    • Software client VPN – Describes connecting software remote access to Amazon VPC, leveraging user-managed software VPN appliances.

  • Transit VPC - Describes establishing a global transit network on AWS using a software VPN in conjunction with an AWS-managed VPN.

  • AWS Cloud WAN - Describes establishing a managed wide area network (WAN) to easily build, manage, and monitor global interconnections between resources in Amazon VPCs, datacenters, and remote branches.