AWS Virtual Private Network Documentation

AWS Virtual Private Network (VPN) solutions help you establish secure connections between your on-premises networks, remote offices, client devices, and the AWS global network. AWS VPN is comprised of: AWS Site-to-Site VPN and AWS Client VPN. Each  provides a highly-available, managed, and elastic cloud VPN solution that enables you to protect your network traffic.

AWS Site-to-Site VPN creates encrypted tunnels between your network and your Amazon Virtual Private Clouds or AWS Transit Gateways. AWS Client VPN connects your users to AWS or on-premises resources using a VPN software client.

AWS Site-to-Site VPN is a managed service that helps you create a secure connection between your data center or branch office and your AWS resources using IP Security (IPSec) tunnels. When using Site-to-Site VPN, you can connect to both your Amazon Virtual Private Clouds (VPC) as well as AWS Transit Gateway, and two tunnels per connection are used for increased redundancy.

AWS Site-to-Site VPN helps deliver high availability by using two tunnels across multiple Availability Zones within the AWS global network. You can stream primary traffic through the first tunnel and use the second tunnel for redundancy — if one tunnel goes down, traffic continues to flow.

With AWS Site-to-Site VPN, you can connect to an Amazon VPC or AWS Transit Gateway the same way you connect to your on-premises servers. AWS Site-to-Site VPN helps establish secure and private sessions using IP Security (IPSec).

The Accelerated Site-to-Site VPN option improves the performance of your VPN connection by working with AWS Global Accelerator.

AWS Site-to-Site VPN gives you visibility into local and remote network health, and monitors the reliability and performance of your VPN connections by integrating with Amazon CloudWatch.

AWS Client VPN is a managed remote access VPN solution that can be used by your remote workforce to access resources within both AWS and your on-premises network. Fully elastic, it scales up, or down, based on demand. When migrating applications to AWS, your users access them the same way before, during, and after the move by using AWS Client VPN. AWS Client VPN, including the software client, supports the OpenVPN protocol.

AWS Client VPN supports multi-factor authentication (MFA) and federated authentication.

AWS Client VPN is a pay-as-you-go cloud VPN service that elastically scales up or down based on user demand.

AWS Client VPN allows users to connect to AWS and on-premises networks using a single VPN connection.

AWS Client VPN helps take care of deployment, capacity provisioning, and service updates and enables you to monitor your connections from a single console.

For additional information about service controls, security features and functionalities, including, as applicable, information about storing, retrieving, modifying, restricting, and deleting data, please see https://docs.aws.amazon.com/index.html. This additional information does not form part of the Documentation for purposes of the AWS Customer Agreement available at http://aws.amazon.com/agreement, or other agreement between you and AWS governing your use of AWS’s services.