Amazon Virtual Private Cloud Connectivity Options
Amazon Virtual Private Cloud Connectivity Options

AWS Managed VPN

Amazon VPC provides the option of creating an IPsec VPN connection between remote customer networks and their Amazon VPC over the internet, as shown in the following figure. Consider taking this approach when you want to take advantage of an AWS managed VPN endpoint that includes automated multi–data center redundancy and failover built into the AWS side of the VPN connection. Although not shown, the Amazon virtual private gateway represents two distinct VPN endpoints, physically located in separate data centers to increase the availability of your VPN connection.

Figure: AWS managed VPN

The virtual private gateway also supports and encourages multiple user gateway connections so you can implement redundancy and failover on your side of the VPN connection as shown in the following figure. Both dynamic and static routing options are provided to give you flexibility in your routing configuration. Dynamic routing uses BGP peering to exchange routing information between AWS and these remote endpoints. With dynamic routing, you can also specify routing priorities, policies, and weights (metrics) in your BGP advertisements and influence the network path between your networks and AWS.

It is important to note that when you use BGP, both the IPSec and the BGP connections must be terminated on the same user gateway device, so it must be capable of terminating both IPSec and BGP connections.

Figure: Redundant AWS managed VPN connections

Additional Resources

On this page: