Amazon VPC-to-Amazon VPC connectivity options - Amazon Virtual Private Cloud Connectivity Options

Amazon VPC-to-Amazon VPC connectivity options

Use these design patterns when you want to integrate multiple Amazon VPCs into a larger virtual network. This is useful if you require multiple VPCs due to security, billing, presence in multiple regions, or internal charge-back requirements, to more easily integrate AWS resources between Amazon VPCs. You can also combine these patterns with the Network–to–Amazon VPC connectivity options for creating a corporate network that spans remote networks and multiple VPCs.

VPC connectivity between VPCs is best achieved when using non-overlapping IP ranges for each VPC being connected. For example, if you’d like to connect multiple VPCs, make sure each VPC is configured with unique Classless Inter-Domain Routing (CIDR) ranges. Therefore, we advise you to allocate a single, contiguous, non-overlapping CIDR block to be used by each VPC. For additional information about Amazon VPC routing and constraints, see the Amazon VPC Frequently Asked Questions.

Option Use Case Advantages Limitations
VPC peering

AWS-provided network connectivity between two VPCs.

Leverages AWS managed scalable networking infrastructure

VPC peering does not support transitive peering relationships

Difficult to manage at scale

AWS Transit Gateway

AWS-provided regional router connectivity for VPCs

AWS managed high availability and scalability service

Regional network hub for up to 5,000 attachments

Transit Gateway peering only across regions, not within region

Software Site-to-Site VPN

Software appliance- based VPN connections between VPCs

Supports a wide array of VPN vendors, products, and protocols

Managed entirely by you

You are responsible for implementing HA solutions for all VPN endpoints (if required)

VPN instances could become a network bottleneck

Software VPN-to-AWS Managed VPN

Software appliance to VPN connection between VPCs

AWS managed high availability VPC VPN connection

Supports a wide array of VPN vendors and products managed by you

Supports static routes and dynamic BGP peering and routing policies

You are responsible for implementing HA solutions for the software appliance VPN endpoints (if required)

VPN instances could become a network bottleneck

IPSec VPN protocol only to AWS Managed VPN

AWS Managed VPN

VPC-to-VPC routing managed by you over IPsec VPN connections using your equipment

Amazon managed high availability VPC VPN connections

Supports static routes and dynamic BGP peering and routing policies

The endpoint you manage is responsible for implementing redundancy and failover (if required)

AWS PrivateLink

AWS-provided network connectivity between two VPCs using interface endpoints.

Leverages AWS managed scalable networking infrastructure

VPC Endpoint services only available in AWS region in which they are created.