AWS Virtual Private Network Documentation


AWS Virtual Private Network (VPN) solutions help you establish secure connections between your on-premises networks, remote offices, client devices, and the AWS global network. AWS VPN is comprised of: AWS Site-to-Site VPN and AWS Client VPN. Each  provides a highly-available, managed, and elastic cloud VPN solution that enables you to protect your network traffic.

AWS Site-to-Site VPN creates encrypted tunnels between your network and your Amazon Virtual Private Clouds or AWS Transit Gateways. AWS Client VPN connects your users to AWS or on-premises resources using a VPN software client.

AWS Site-to-Site VPN

AWS Site-to-Site VPN is a managed service that helps you create a secure connection between your data center or branch office and your AWS resources using IP Security (IPSec) tunnels. When using Site-to-Site VPN, you can connect to both your Amazon Virtual Private Clouds (VPC) as well as AWS Transit Gateway, and two tunnels per connection are used for increased redundancy.
High Availability
AWS Site-to-Site VPN helps deliver high availability by using two tunnels across multiple Availability Zones within the AWS global network. You can stream primary traffic through the first tunnel and use the second tunnel for redundancy — if one tunnel goes down, traffic continues to flow.
With AWS Site-to-Site VPN, you can connect to an Amazon VPC or AWS Transit Gateway the same way you connect to your on-premises servers. AWS Site-to-Site VPN helps establish secure and private sessions using IP Security (IPSec).
Accelerate Applications
The Accelerated Site-to-Site VPN option improves the performance of your VPN connection by working with AWS Global Accelerator.
AWS Site-to-Site VPN gives you visibility into local and remote network health, and monitors the reliability and performance of your VPN connections by integrating with Amazon CloudWatch.
AWS Client VPN
AWS Client VPN is a managed remote access VPN solution that can be used by your remote workforce to access resources within both AWS and your on-premises network. Fully elastic, it scales up, or down, based on demand. When migrating applications to AWS, your users access them the same way before, during, and after the move by using AWS Client VPN. AWS Client VPN, including the software client, supports the OpenVPN protocol.

AWS Client VPN supports multi-factor authentication (MFA) and federated authentication.


AWS Client VPN is a pay-as-you-go cloud VPN service that elastically scales up or down based on user demand.

Remote access

AWS Client VPN allows users to connect to AWS and on-premises networks using a single VPN connection.

AWS Client VPN helps take care of deployment, capacity provisioning, and service updates and enables you to monitor your connections from a single console.

Additional Information

For additional information about service controls, security features and functionalities, including, as applicable, information about storing, retrieving, modifying, restricting, and deleting data, please see This additional information does not form part of the Documentation for purposes of the AWS Customer Agreement available at, or other agreement between you and AWS governing your use of AWS’s services.