VPC Virtual Private Networks (VPNs) provide a software-based secure connection between a VPC and on-premises networks.
Scenario:
- Your organization requires secure communications
- Lesser need for dedicated throughput (e.g. AWS Direct Connect) VPN transits public Internet
Components:
- A customer gateway (CGW) — initiates the VPN connection. Configuration for on-premises router VPN connection (using one or two IPsec tunnels)
- Virtual private gateway (VGW) – One per VPC – used with IPsec and AWS Direct Connect
- VPN connection (two IPsec tunnels)
Best Practice and HA
- Deploy VPN using standard AWS VPN components (VPN gateway, customer gateway, VPN connection)
- Can also use custom VPN solutions if required (software VPN on AWS Marketplace)
- Ensure VPC networking (subnets, security groups, NACLs) is secure
- Use dynamic VPNs (uses BGP) where possible
- Connect both tunnels to your CGW — VPC VPN is HA by design
- Where possible, use two VPN connections and two CGWs
