Network to VPC Connectivity Options.
|AWS Managed VPN||AWS managed IPSec VPN connection over internet||Reuse existing VPN equipment, internet connection and Process.|
AWS managed endpoint includes multi-data center redundancy and failover.
Supports static routes or BGP peering and routing policies.
|Dependent on internet connections.|
Customer needs to implement redundancy and failover.
|AWS Direct Connect||Dedicated network connection over private lines.||1 or 10 Gbps provisioned connections.|
Supports BGP peering and routing policies.
More predictable network and performance Reduces bandwidth costs.
Direct Connect gateway can be used to connect one or more VPCs in account in one or more region. This also enables connection of any of the participating VPC from any other direct connect location further reducing the cost of cross region usage.
|New network circuits required by telecom and hosting provider. It’s time consuming activity.|
|AWS Direct Connect + VPN||IPSec VPN connection over private lines.||All benefits of AWS Direct Connect with secure IPSec VPN connection.||AWS Direct Connect limitations with additional VPN complexity.|
|AWS VPN CloudHub||Hub and spoke model for connection.||Reuse existing connection and AWS VPN connections.|
AWS managed virtual private gateway includes multi-data center redundancy and automatic failover.
Supports BPG for exchanging routes and routes priorities. e.g prefer MPLS connection over back up AWS VPN connection.
|User managed branch office is responsible for redundancy and failover implementation.|
Network availability and latency are dependent on internet.
|Software VPN||Software appliance based VPN connection over internet.||Fully customer-managed solution.|
Supports VPN vendors, product and protocol.
|Customer is responsible for implementing high availability solution for all VPN end points.|
|Transit VPC||Software appliance based VPN connection with hub VPC. AWS managed IPSec VPN connection for spoke VPC Connection.||Same as previous option with addition of AWS managed VPN connection between hub and spoke VPCs.||Same as previous option.|
Network to Amazon VPC Connectivity Options
|VPC Peering||AWS provided network connectivity between two VPCs.||Leverages AWS networking infrastructure. |
No single point of failure.
No bandwidth bottleneck.
|VPC peering does not support transitive peering relationships.|
|Software VPN||Software appliance based VPN connections between VPCs.||Leverages AWS networking in region and internet pipes across regions.|
Completely managed by Customer.
|Customer is responsible for implementing solution for VPN endpoints.|
VPN instance could be network bottleneck.
|Software to AWS managed VPN||Software appliance to VPN connection between VPCs.||Leverages AWS networking equipment in region and internet pipes between regions AWS managed endpoint includes multi-data center redundancy and automated failover||Customer are responsible for implementing HA solutions for the software appliance VPN endpoints (if required) VPN instances could become a network bottleneck|
|AWS managed VPN||VPC-to-VPC routing managed by you over IPsec VPN connections using your equipment and the internet.||Reuse existing Amazon VPC VPN connections AWS managed endpoint includes multi-data center redundancy and automated failover Supports static routes and dynamic BGP peering and routing policies.||Network latency, variability, and availability depend on internet conditions The endpoint customer manages is responsible for implementing redundancy and failover (if required).|
|AWS Direct Connect||VPC to VPC routing managed by customer equipment||Customer network performance.|
Reduced bandwidth costs.
1 or 10 Gbps provisioned connection.
Supports static routes and BGP peering and routing policies.
|May require additional telecom or hosting provider.|
|AWS PrivateLink||AWS provided network connectivity between two VPCs using interface endpoints||Use of AWS network infrastructure. |
No single point of failure
|VPC endpoint services are only available in region in which they are created.|