Connect your VPC to remote networks using Amazon Virtual Private Network - Amazon Virtual Private Cloud
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

Connect your VPC to remote networks using Amazon Virtual Private Network

You can connect your Amazon VPC to remote networks and users using the following VPN connectivity options.

VPN connectivity option Description
Amazon Site-to-Site VPN You can create an IPsec VPN connection between your VPC and your remote network. On the Amazon side of the Site-to-Site VPN connection, a virtual private gateway or transit gateway provides two VPN endpoints (tunnels) for automatic failover. You configure your customer gateway device on the remote side of the Site-to-Site VPN connection.
Amazon Client VPN Amazon Client VPN is a managed client-based VPN service that enables you to securely access your Amazon resources or your on-premises network. With Amazon Client VPN, you configure an endpoint to which your users can connect to establish a secure TLS VPN session. This enables clients to access resources in Amazon or on-premises from any location using an OpenVPN-based VPN client.
Amazon VPN CloudHub If you have more than one remote network (for example, multiple branch offices), you can create multiple Amazon Site-to-Site VPN connections via your virtual private gateway to enable communication between these networks.
Third party software VPN appliance You can create a VPN connection to your remote network by using an Amazon EC2 instance in your VPC that's running a third party software VPN appliance. Amazon does not provide or maintain third party software VPN appliances; however, you can choose from a range of products provided by partners and open source communities. Find third party software VPN appliances on the Amazon Web Services Marketplace.

You can also use Amazon Direct Connect to create a dedicated private connection from a remote network to your VPC. You can combine this connection with an Amazon Site-to-Site VPN to create an IPsec-encrypted connection. For more information, see What is Amazon Direct Connect? in the Amazon Direct Connect User Guide.