Amazon Virtual Private Cloud Connectivity Options
Amazon Virtual Private Cloud Connectivity Options

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.

Amazon VPC-to-Amazon VPC Connectivity Options

Use these design patterns when you want to integrate multiple Amazon VPCs into a larger virtual network. This is useful if you require multiple VPCs due to security, billing, presence in multiple regions, or internal charge-back requirements to more easily integrate AWS resources between Amazon VPCs. You can also combine these patterns with the Network-to-Amazon VPC Connectivity Options for creating a corporate network that spans remote networks and multiple VPCs.

VPC connectivity between VPCs is best achieved when using non-overlapping IP ranges for each VPC being connected. For example, if you’d like to connect multiple VPCs, make sure each VPC is configured with unique Classless Inter-Domain Routing (CIDR) ranges. Therefore, we advise you to allocate a single, contiguous, non-overlapping CIDR block to be used by each VPC. For additional information about Amazon VPC routing and constraints, see the Amazon VPC Frequently Asked Questions.

Option Use Case Advantages Limitations
VPC Peering AWS-provided network connectivity between two VPCs.

Leverages AWS networking infrastructure

Does not rely on VPN instances or a separate piece of physical hardware

No single point of failure

No bandwidth bottleneck

VPC peering does not support transitive peering relationships.
Software VPN Software appliance-based VPN connections between VPCs

Leverages AWS networking equipment in-region and internet pipes between regions

Supports a wider array of VPN vendors, products, and protocols

Managed entirely by you

You are responsible for implementing HA solutions for all VPN endpoints (if required)

VPN instances could become a network bottleneck

Software-to-AWS Managed VPN Software appliance to VPN connection between VPCs

Leverages AWS networking equipment in-region and internet pipes between regions

AWS managed endpoint includes multi-data center redundancy and automated failover

You are responsible for implementing HA solutions for the software appliance VPN endpoints (if required)

VPN instances could become a network bottleneck

AWS Managed VPN VPC-to-VPC routing managed by you over IPsec VPN connections using your equipment and the internet

Reuse existing Amazon VPC VPN connections

AWS managed endpoint includes multi-data center redundancy and automated failover

Supports static routes and dynamic BGP peering and routing policies

Network latency, variability, and availability depend on internet conditions

The endpoint you manage is responsible for implementing redundancy and failover (if required)

AWS Direct Connect VPC-to-VPC routing managed by you using your equipment in an AWS Direct Connect location and private lines

Consistent network performance

Reduced bandwidth costs

1 or 10 Gbps provisioned connections

Supports static routes and BGP peering and routing policies

May require additional telecom and hosting provider relationships
AWS PrivateLink AWS-provided network connectivity between two VPCs using interface endpoints.

Leverages AWS networking infrastructure

No single point of failure

VPC Endpoint services only available in AWS region in which they are created.