Introduction

Amazon VPC provides multiple network connectivity options for you to use, depending on your current network designs and requirements. These connectivity options include using either the internet or an AWS Direct Connect connection as the network backbone and terminating the connection into AWS or user-managed network endpoints. Additionally, with AWS, you can choose how network routing is delivered between Amazon VPC and your networks, leveraging either AWS services or user-managed network equipment and routes. This whitepaper considers the following options with an overview and a high-level comparison of each:

• Network-to-Amazon VPC connectivity options

  • AWS Managed VPN – Describes establishing a VPN connection from your network equipment on a remote network to AWS managed service attached to your Amazon VPC.

  • AWS Transit Gateway + VPN – Describes establishing a VPN connection from your network equipment on a remote network to a regional network hub for Amazon VPCs, using AWS Transit Gateway.

  • AWS Direct Connect - Describes establishing a private, logical connection from your remote network to Amazon VPC, using AWS Direct Connect.

  • AWS Direct Connect + AWS Transit Gateway – Describes establishing a private, logical connect from your remote network to a regional network hub for Amazon VPCs, using AWS Direct Connect and AWS Transit Gateway.

  • AWS Direct Connect + VPN – Describes establishing a private, encrypted connection from your remote network to Amazon VPC, using AWS Direct Connect.

  • AWS Direct Connect + AWS Transit Gateway + VPN – Describes establishing a private, encrypted connection from your remote network to a regional network hub for Amazon VPCs, using AWS Direct Connect and AWS Transit Gateway.

  • AWS VPN CloudHub – Describes establishing a hub-and-spoke model for connecting remote branch offices.

  • Software Site-to-Site VPN – Describes establishing a VPN connection from your equipment on a remote network to a user-managed software VPN appliance running inside an Amazon VPC.

• Amazon VPC-to-Amazon VPC connectivity options

  • VPC peering – Describes connecting Amazon VPCs within and across regions using the Amazon VPC peering feature.

  • AWS Transit Gateway – Describes connecting Amazon VPCs within and across regions using AWS Transit Gateway in a hub-and-spoke model.

  • Software Site-to-Site VPN – Describes connecting Amazon VPCs using VPN connections established between user-managed software VPN appliances running inside of each Amazon VPC.

  • Software VPN-to-AWS Managed VPN – Describes connecting Amazon VPCs with a VPN connection established between a user-managed software VPN appliance in one Amazon VPC and AWS managed VPN attached to the other Amazon VPC.

  • AWS Managed VPN – Describes connecting Amazon VPCs with VPN connections between your remote network and each of your Amazon VPCs.

  • AWS PrivateLink – Describes connecting Amazon VPCs with VPC interface endpoints and VPC endpoint services.

• Software remote access-to-Amazon VPC connectivity options

  • AWS Client VPN – Describes connecting software remote access to Amazon VPC, leveraging AWS Client VPN.

  • Software client VPN – Describes connecting software remote access to Amazon VPC, leveraging user-managed software VPN appliances.

• Transit VPC option

  • Describes establishing a global transit network on AWS using a software VPN in conjunction with an AWS-managed VPN.