---

Amazon VPC Functionality

Amazon VPC enables you to use your own isolated resources within the AWS cloud, and then connect those resources directly to your own datacenter using industry-standard encrypted IPsec VPN connections. With Amazon VPC, you can:

• Create a Virtual Private Cloud on AWS’s scalable infrastructure, and specify its private IP address range from any block you choose.
• Divide your VPC’s private IP address range into one or more subnets in a manner convenient for managing applications and services you run in your VPC.
• Bridge together your VPC and your IT infrastructure via an encrypted VPN connection.
• Add AWS resources, such as Amazon EC2 instances, to your VPC.
• Route traffic between your VPC and the Internet over the VPN connection so that it can be examined by your existing security and networking assets before heading to the public Internet.
• Extend your existing security and management policies within your IT infrastructure to your VPC as if they were running within your infrastructure.

---

Service Highlights

Isolated Network Access – Amazon VPC provides end-to-end network isolation by utilizing an IP address range that you specify, and routing all network traffic between VPC and your datacenter through an industry-standard encrypted IPsec VPN. This allows you to leverage your preexisting security infrastructure, such as firewalls and intrusion detection systems to inspect network traffic going to and from a VPC.

Flexible – You control your VPC in much the same way that you control your datacenter, using familiar network concepts such as subnets and gateways. With Amazon VPC, you can: 1) freely create subnets to organize your resources based on the criteria you define; 2) assign an IP address range for Amazon EC2 instances within subnets; and 3) configure secure connectivity to determine who can access your AWS cloud-based resources.

Best of Both Worlds – Amazon VPC enables you to build a bridge between your existing IT resources and your isolated resources within the AWS cloud, enabling you to use both worlds in concert. Now, you can build hybrid architectures that allow you to take full advantage of the benefits of the AWS cloud – true elasticity (spin capacity up or down in a matter of minutes) without owning the capital expense of the hardware or datacenter (given AWS’s pay-as-you-go pricing)—and yet still have the network isolation and secure connectivity you’d enjoy if all the resources were in your own datacenter. With Amazon VPC, you can gradually move to the AWS cloud, replicate your entire data center, or anywhere in between.

Reliable – Amazon VPC is built using Amazon’s own world-class technology infrastructure. Like other Amazon Web Services, the service runs within Amazon’s proven global network infrastructure and datacenters.

---

Pricing

Pay only for what you use; there is no minimum fee. Estimate your monthly bill using the AWS Simple Monthly Calculator.

When you create a VPN Connection, you are charged for each “VPN Connection-hour” in which the VPN Connection is available for your use, and for the data transferred via the VPN Connection; each partial VPN Connection-hour consumed is billed as a full hour. If you no longer wish to be charged for a VPN Connection, you simply terminate your VPN Connection using the DeleteVpnConnection API.  

VPN Connection

• $0.05 per VPN Connection-hour

Data Transfer

• $0.10 per GB of VPN Data Transfer (In)
• $0.17 per GB of VPN Data Transfer (Out) – First 10 TB per Month
• $0.13 per GB of VPN Data Transfer (Out) – Next 40 TB per Month
• $0.11 per GB of VPN Data Transfer (Out) – Next 100 TB per Month
• $0.10 per GB of VPN Data Transfer (Out) – Over 150 TB per Month

---

Resources

---

Detailed Description

Amazon VPC is comprised of a variety of familiar objects:

• A Virtual Private Cloud (VPC): an isolated portion of the AWS cloud. You define a VPC’s IP address space from a range you select.
• Subnet: a segment of a VPC’s IP address range where you can place groups of isolated resources.
• VPN Connection: a connection between your Amazon VPC and datacenter, home network, or co-location facility.
• VPN Gateway: the Amazon VPC side of a VPN Connection.
• Customer Gateway: Your side of a VPN Connection.
• Router: routers interconnect Subnets, and direct traffic between VPN Gateways and Subnets.

Using Amazon VPC

To use Amazon VPC, you must first subscribe to Amazon EC2 and then indicate your interest in the Amazon VPC limited beta by clicking on the button on this page. After signing up, use the CreateVpc API to create your VPC, within which you define the IP address space that you wish to use. Next, create one or more subnets where your isolated resources, such as Amazon EC2 instances, will be placed. You need at least one subnet to start, but you can always add more. To establish VPN connectivity to your VPC, you will need a compatible router or VPN device. To make Amazon VPC aware of your compatible router or VPN device, use the CreateCustomerGateway API to create a Customer Gateway, providing information about your device such as its IP address and other networking-related information. Amazon VPC will then provide you with a Customer Gateway ID that you can use to represent your compatible router or VPN device when interacting with the service. Next, use the CreateVpnGateway API to create a VPN Gateway, which anchors the VPC-side of your VPN Connection and encrypts/decrypts messages to/from your Customer Gateway via the VPN connection. Last, use the CreateVpnConnection API to create a VPN Connection between the Customer and VPN Gateways.

And that’s it – you now have a Virtual Private Cloud that is connected to your datacenter. When you launch Amazon EC2 instances into your VPC, you use Amazon EC2 API calls to dictate the IP address range from which your instance will receive its IP address. You can then use your pre-existing security infrastructure, such as firewalls, intrusion detection systems, and management systems, to enforce policies based on these IP address ranges and control who and what has access to your resources running inside your VPC.

Today, you can use the following AWS infrastructure services within Amazon VPC: Amazon EC2 instances running Linux/UNIX or Windows, Amazon Elastic Block Store volumes for persistent block storage, and Amazon CloudWatch to monitor the resource utilization of your Amazon EC2 instances. Over the coming months, additional AWS infrastructure services will be supported within Amazon VPC.

How you can leverage Amazon VPC

Expand Corporate Applications into the Cloud: Move your corporate applications into the AWS cloud to reduce your total cost of ownership (TCO). Typical applications include e-mail systems, financial systems, trouble ticketing systems, CRM applications, and more. Corporate applications can be logically grouped by IP address range, according to your company IT deployment policies. Because your VPC can exist behind your corporate firewall, you can seamlessly move your corporate applications into the AWS cloud without changing how your users access your applications.

Elastically scale your website in the Cloud: You can use Amazon EC2 instances within Amazon VPC to add additional web servers to your website when the traffic load exceeds your on-premise capacity. The back-end of your website, database servers, authentication servers, etc. can remain within the walls of your datacenter. When demand subsides, terminate the Amazon EC2 instances that you no longer require. As the servers in your datacenter reach the end of their life cycle, transition the entire site to Amazon VPC if you wish. It is completely up to you.

Disaster Recovery: Periodically back-up your mission critical data from your datacenter to a small number of Amazon EC2 instances with Amazon Elastic Block Store (EBS) volumes. In the event of a disaster, you can quickly launch replacement compute capacity to ensure business continuity. When the disaster is over, send your mission critical data back to your datacenter and terminate the EC2 instances you no longer require. By using Amazon VPC for disaster recovery, you can have all the benefits of a Disaster Recovery site at a fraction of the normal cost.

Paying for What You Use

Each month, you pay for VPN Connection-hours and the amount of data transferred via the VPN connections. VPCs, subnets, VPN gateways, customer gateways, and data transferred between subnets within the same VPC are free. Charges for other AWS services, including Amazon EC2, are billed separately at published standard rates.

Your monthly AWS bill separates your usage and dollar amounts by service. Your Amazon VPC usage charges appear within the Amazon VPC portion of your bill. Your usage of other AWS services within your VPCs will continue to be listed in those services’ portion of your bill. For example, the Amazon EC2 portion of your bill includes EC2 instance hour charges for instances running within Amazon EC2 and Amazon VPC.

Limited Beta Limitations

Please note the following limitations during the Amazon VPC limited beta:

• One (1) VPC per AWS account
• Twenty (20) subnets per VPC
• One (1) VPN gateway per AWS account
• One (1) VPN connection per VPN gateway
• One (1) customer gateway per AWS account

Should you need to exceed these limits, please complete this form.

---

Intended Usage and Restrictions

Your use of this service is subject to the Amazon Web Services Customer Agreement. Please see the Amazon Web Services Licensing Agreement for more details.

To express your interest in participating in the Amazon VPC limited beta, please click on the button on this page. We will ask you a few questions about the type of IPsec-compatible router or VPN device you plan to use for your Customer Gateway, as well as some other information about your specific use case. We will let you know via the e-mail address associated with your AWS account when you can begin using the service.