Amazon Virtual Private Cloud Connectivity Options
Amazon Virtual Private Cloud Connectivity Options

AWS Managed VPN

Amazon VPC provides the option of creating an IPsec VPN to connect your remote networks with your Amazon VPCs over the internet. You can take advantage of multiple VPN connections to route traffic between your Amazon VPCs as shown in the following figure.

Figure Routing traffic between VPCs

We recommend this approach when you want to take advantage of AWS managed VPN endpoints including the automated multi-data center redundancy and failover built into the AWS side of each VPN connection. Although not shown, the Amazon virtual private gateway represents two distinct VPN endpoints, physically located in separate data centers to increase the availability of each VPN connection.

Amazon virtual private gateway also supports multiple customer gateway connections (as described in the Network-to-Amazon VPC Connectivity Options and AWS managed VPN sections and shown in the figure Redundant AWS managed VPN connections), allowing you to implement redundancy and failover on your side of the VPN connection. This solution can also leverage BGP peering to exchange routing information between AWS and these remote endpoints. You can specify routing priorities, policies, and weights (metrics) in your BGP advertisements to influence the network path traffic will take to and from your networks and AWS.

This approach is suboptimal from a routing perspective since the traffic must traverse the internet to get to and from your network, but it gives you a lot of flexibility for controlling and managing routing on your local and remote networks, and the potential ability to reuse VPN connections.

Additional Resources

On this page: