AWS Direct Connect + AWS Transit Gateway + VPN - Amazon Virtual Private Cloud Connectivity Options

AWS Direct Connect + AWS Transit Gateway + VPN

With AWS Direct Connect + AWS Transit Gateway + VPN, using public VIF on AWS Direct Connect, enables end-to-end IPSec-encrypted connections between your networks and a regional centralized router for Amazon VPCs over a private dedicated connection, as shown in the following figure.

Figure 10 - AWS Direct Connect and AWS Transit Gateway and VPN

Consider taking this approach when you want to simplify management and minimize the cost of IPSec VPN connections to multiple Amazon VPCs in the same region, with the low latency and consistent network experience benefits of a private dedicated connection over an internet-based VPN. A BGP connection is established between the AWS Direct Connect and your router on the public VIF. Another BGP session or a static router will be established between the AWS Transit Gateway and your router on the IPSec VPN tunnel.

Additional resources