Connect your VPC to remote networks using Amazon Virtual Private Network
You can connect your VPC to remote networks and users using the following VPN connectivity options.
VPN connectivity option | Description |
---|---|
Amazon Site-to-Site VPN | You can create an IPsec VPN connection between your VPC and your remote network. On the Amazon side of the Site-to-Site VPN connection, a virtual private gateway or transit gateway provides two VPN endpoints (tunnels) for automatic failover. You configure your customer gateway device on the remote side of the Site-to-Site VPN connection. |
Amazon Client VPN | Amazon Client VPN is a managed client-based VPN service that enables you to securely access your Amazon resources or your on-premises network. With Amazon Client VPN, you configure an endpoint to which your users can connect to establish a secure TLS VPN session. This enables clients to access resources in Amazon or on-premises from any location using an OpenVPN-based VPN client. |
Amazon VPN CloudHub | If you have more than one remote network (for example, multiple branch offices), you can create multiple Amazon Site-to-Site VPN connections via your virtual private gateway to enable communication between these networks. |
Third party software VPN appliance | You can create a VPN connection to your remote network by using an Amazon EC2 instance
in your VPC that's running a third party software VPN appliance. Amazon does
not provide or maintain third party software VPN appliances; however, you
can choose from a range of products provided by partners and open source
communities. Find third party software VPN appliances on the Amazon Web Services Marketplace |
You can also use Amazon Direct Connect to create a dedicated private connection from a remote network to your VPC. You can combine this connection with an Amazon Site-to-Site VPN to create an IPsec-encrypted connection. For more information, see What is Amazon Direct Connect? in the Amazon Direct Connect User Guide.