Category: AWS Site-to-Site VPN

Many AWS customers use consolidated billing, and often need to allocate costs across their internal business units or accounts. This can be challenging when dealing with services that are shared by all accounts. For general chargebacks, some customers use cost allocation tags for this purpose. However, at the time of writing this post, there is […]

In this post, we provide recommendations to improve network performance on AWS and hybrid networks. In today’s enterprise networking environment, it is becoming common for customers to have multi-gigabit connectivity to AWS either through AWS Direct Connect or over the Internet. Although network bandwidth is fundamental, several other factors come into play for network performance, […]

Introduction AWS Verified Access enables customers to provide VPN-less, secure access to their corporate applications. We released it as a preview during AWS re:Invent 2022. Today, we are happy to announce that this service is now generally available (GA). Built using AWS Zero Trust principles, customers can use Verified Access to reduce the risks associated […]

AWS Site-to-Site VPN is a fully-managed performant, scalable, secure, and highly-available way to connect your on-premises users and workloads to AWS. When using Site-to-Site VPN you can connect to both Amazon Virtual Private Clouds (Amazon VPCs) with two tunnels per connection for increased redundancy. For even greater performance with sites further from your AWS Region(s), […]

Traditionally, communication service providers (CSPs) in the telecom industry have used a Virtual Routing and Forwarding (VRF) technique to segregate their data center (DC) networks per each network domains; for examples of domain such as Operation, Administration & Management (OAM), signaling, roaming, and user traffic networks. Each VRF domain in the data center must also […]

In this post, we’ll discuss the considerations, recommendations, and approach for migrating AWS accounts between AWS Organizations from a networking perspective. We’ll explain the behavior of AWS networking resources when AWS accounts are moved between Organizations. We’ll also analyze the behavior from different viewpoints including service availability, management and governance, as well as commercial and operations. […]

Update 10/13/22: Added walkthrough with the AWS Management console and link to code in CDK and Terraform. One of the most common ways that customers connect securely to AWS from on premises is by using the AWS Site-to-Site VPN managed IPSec VPN solution. One key benefit our customers look for when using the service is […]

AWS PrivateLink for Amazon S3 enables on-premises applications to privately and securely access Amazon S3 over AWS Direct Connect private virtual interface or AWS Site to Site VPN. The Interface VPC Endpoints for Amazon S3 allow security administrators to control which users can access which data in S3 from on premises and cross-Region using their […]

Do you need to either demonstrate or learn more about using certificate-based authentication with AWS Site-to-Site VPN capabilities? In part 1 of this series, we showed how to use an AWS CloudFormation template to deploy the open source strongSwan VPN solution to implement the on-premises side of an AWS Site-to-Site VPN connection. The open source […]

Have you ever needed to demonstrate or gain hands-on experience with AWS site-to-site VPN capabilities, but didn’t know how to easily implement the on-premises side of a VPN connection? This post shows how to use an AWS CloudFormation template to easily deploy the open source strongSwan VPN solution to simulate an on-premises customer gateway in […]