Amazon Virtual Private Cloud Connectivity Options
AWS Whitepaper

Introduction

Publication date: January 2018 (Document Details)

Abstract

Amazon Virtual Private Cloud (Amazon VPC) lets customers provision a private, isolated section of the Amazon Web Services (AWS) Cloud where they can launch AWS resources in a virtual network using customer-defined IP address ranges. Amazon VPC provides customers with several options for connecting their AWS virtual networks with other remote networks. This document describes several common network connectivity options available to our customers. These include connectivity options for integrating remote customer networks with Amazon VPC and connecting multiple Amazon VPCs into a contiguous virtual network.

This whitepaper is intended for corporate network architects and engineers or Amazon VPC administrators who would like to review the available connectivity options. It provides an overview of the various options to facilitate network connectivity discussions as well as pointers to additional documentation and resources with more detailed information or examples.

Introduction

Amazon VPC provides multiple network connectivity options for you to leverage depending on your current network designs and requirements. These connectivity options include leveraging either the internet or an AWS Direct Connect connection as the network backbone and terminating the connection into either AWS or user-managed network endpoints. Additionally, with AWS, you can choose how network routing is delivered between Amazon VPC and your networks, leveraging either AWS or user-managed network equipment and routes. This whitepaper considers the following options with an overview and a high-level comparison of each:

Network-to-Amazon VPC Connectivity Options

  • AWS Managed VPN – Describes establishing a VPN connection from your network equipment on a remote network to AWS managed network equipment attached to your Amazon VPC.

  • AWS Direct Connect – Describes establishing a private, logical connection from your remote network to Amazon VPC, leveraging AWS Direct Connect.

  • AWS Direct Connect Plus VPN – Describes establishing a private, encrypted connection from your remote network to Amazon VPC, leveraging AWS Direct Connect.

  • AWS VPN CloudHub – Describes establishing a hub-and-spoke model for connecting remote branch offices.

  • Software VPN – Describes establishing a VPN connection from your equipment on a remote network to a user-managed software VPN appliance running inside an Amazon VPC.

  • Transit VPC – Describes establishing a global transit network on AWS using Software VPN in conjunction with AWS managed VPN.

Amazon VPC-to-Amazon VPC Connectivity Options

  • VPC Peering – Describes the AWS-recommended approach for connecting multiple Amazon VPCs within and across regions using the Amazon VPC peering feature.

  • Software VPN – Describes connecting multiple Amazon VPCs using VPN connections established between user-managed software VPN appliances running inside of each Amazon VPC.

  • Software-to-AWS Managed VPN – Describes connecting multiple Amazon VPCs with a VPN connection established between a user-managed software VPN appliance in one Amazon VPC and AWS managed network equipment attached to the other Amazon VPC.

  • AWS Managed VPN – Describes connecting multiple Amazon VPCs, leveraging multiple VPN connections between your remote network and each of your Amazon VPCs.

  • AWS Direct Connect – Describes connecting multiple Amazon VPCs, leveraging logical connections on customer-managed AWS Direct Connect routers.

  • AWS PrivateLink – Describes connecting multiple Amazon VPCs, leveraging VPC interface endpoints and VPC endpoint services.

Internal User-to-Amazon VPC Connectivity Options

  • Software Remote-Access VPN – In addition to customer network–to–Amazon VPC connectivity options for connecting remote users to VPC resources, this section describes leveraging a remote-access solution for providing end-user VPN access into an Amazon VPC.

On this page: