Document history

To be notified about updates to this whitepaper, subscribe to the RSS feed.

Change	Description	Date
Major update	Updates throughout whitepaper for changes to CloudWAN, Amazon VPC Lattice, ENA Express, hybrid connectivity, AWS Direct Connect Sitelink, Deep Packet Inspection, and AWS Verified Access.	April 17, 2024
Minor update	Updated diagrams to be more consistent, updated DX connectivity options to include private IP VPN, and numerous minor changes throughout.	July 6, 2023
Minor update	Updated AWS Control Tower information, reflected new throughput limits for various services, updated NAT gateway diagram, updated security section for centralize egress.	April 4, 2023
Minor update	Added section: Cross Region endpoint access.	July 19, 2022
Major update	Updated Transit Gateway section with Transit Gateway Connect, updated Transit VPC section; updated AWS Direct Connect section with MACsec and resiliency recommendations; updated AWS PrivateLink section. Added VPC peering vs. Transit VPC vs. Transit Gateway comparison table; added centralized inbound inspection section; updated centralized network security for VPC-to-VPC and VPC-on-premises to VPC and centralized egress to internet with AWS Network Firewall and Gateway Load Balancer design patterns; added private NAT gateway and Amazon Route 53 DNS Firewall sections.	February 22, 2022
Minor update	Updated Transit Gateway vs VPC peering section	April 2, 2021
Whitepaper updated	Corrected text to match the options illustrated in Figure 7	June 10, 2020
Initial publication	Whitepaper published.	November 15, 2019

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Contributors

Notices