reference deployment

Aviatrix Site to Cloud VPN on AWS

Centralized controller and wizard for building site to cloud VPN connections

This Quick Start sets up a highly available, Aviatrix Site to Cloud VPN service that includes an AVX Controller and AVX Gateways on the Amazon Web Services (AWS) Cloud in about 10 minutes. You can deploy the controller in a new or existing virtual private cloud (VPC).

Aviatrix Site to Cloud VPN makes it easy to connect on-premises data centers, sites, and branch locations to to the cloud. By deploying this Quick Start, you can readily connect to VPCs on the AWS Cloud with enhanced security, and access your Amazon Elastic Compute Cloud (Amazon EC2) instances, applications, and services.

The AVX Controller automatically programs AWS route table entries to direct traffic to the AVX Gateways.

Once you’ve used this Quick Start to deploy the AVX Controller in one of your VPCs, the Site to Cloud VPN wizard in the controller provides a step-by-step workflow to deploy and configure AVX Gateways for building site to cloud connections.


This Quick Start was developed by Aviatrix Systems, Inc., in collaboration with AWS. Aviatrix Systems, Inc., is an
APN Partner.

AWS Service Catalog administrators can add this architecture to their own catalog.

  •  What you'll build
  •  How to deploy
  •  Cost and licenses
  •  What you'll build
  • This Quick Start sets up the following environment:

    • An AVX Controller and AVX Gateways (sometimes referred to as an Aviatrix Controller and Aviatrix Gateways)
    • An Amazon Elastic Compute Cloud (Amazon EC2) instance for the AVX Controller
    • An Aviatrix security group (named AviatrixSecurityGroup)
    • An Elastic IP address assigned to the AVX Controller
    • An AWS Identity and Access Management (IAM) role for Amazon EC2 with a corresponding role policy
    • An IAM role for apps with a corresponding role policy
    • AWS Key Management Service (AWS KMS)
  •  How to deploy
  • To build an Aviatrix Site to Cloud VPN service on AWS in about 10 minutes, follow the instructions in the deployment guide. The deployment process includes these steps:

    1. If you don't already have an AWS account, sign up at
    2. Subscribe to the Amazon Machine Image (AMI) for Aviatrix in AWS Marketplace. Choose the Aviatrix Secure Networking Platform PAYG - Metered license.
    3. Launch the Quick Start. You can choose from two options:
    4. Set up the AVX Controller.
    5. Create a primary access account.
    6. Use the wizard in the controller to set up the gateway.

    Amazon may share user-deployment information with the AWS Partner that collaborated with AWS on the Quick Start.  

  •  Cost and licenses
  • You are responsible for the cost of the AWS services used while running this Quick Start reference deployment. There is no additional cost for using this Quick Start.

    The AWS CloudFormation template for this Quick Start includes configuration parameters that you can customize. Some of these settings, such as instance type, will affect the cost of deployment. For cost estimates, see the pricing pages for each AWS service you will be using. Prices are subject to change.

    Additionally, to help protect network configuration information, this Quick Starts creates a unique AWS Key Management Service (AWS KMS) customer master key (CMK), which has a low monthly cost. For details, see AWS KMS pricing.

    You are also responsible for the Aviatrix license that is required to deploy Aviatrix Site to Cloud VPN. Subscribe to an Amazon Machine Image (AMI) for Aviatrix software in AWS Marketplace, choosing the following licensing option:

    Tip   After you deploy the Quick Start, we recommend that you enable the AWS Cost and Usage Report to track costs associated with the Quick Start. This report delivers billing metrics to an S3 bucket in your account. It provides cost estimates based on usage throughout each month, and finalizes the data at the end of the month. For more information about the report, see the AWS documentation.