Extend your on-premises networks to the cloud and securely access them from anywhere

Better Security & Performance with AWS VPN Innovations (14:44)

AWS Virtual Private Network (AWS VPN) lets you establish a secure and private encrypted tunnel from your network or device to the AWS global network. AWS VPN is comprised of two services: AWS Site-to-Site VPN and AWS Client VPN.

AWS Site-to-Site VPN enables you to securely connect your on-premises network or branch office site to your Amazon Virtual Private Cloud (Amazon VPC). AWS Client VPN enables you to securely connect users to AWS or on-premises networks. AWS Client VPN includes a free client-side application, which provides access to AWS services from remote networks.

  • AWS Client VPN
  • AWS Site-to-Site VPN
  • AWS Client VPN
  • AWS Client VPN is a fully-managed, elastic VPN service that automatically scales up or down the number of available Client VPN connections based on user demand. Because it runs in the cloud, you don’t need to install and manage either a hardware or software VPN solution and you don’t need to over-provision for peak demand. AWS Client VPN is designed so your employees can access any company resource, both in AWS and on premises, from any location. Client VPN also provides quick and easy connectivity to your workforce and business partners using OpenVPN-enabled devices such as Mac, Windows, iOS, Android, and Linux.

    A free AWS VPN client is available for AWS Client VPN. It provides an end-to-end VPN encryption experience that goes from user devices to AWS and on-premises networks.


    Fully managed

    AWS Client VPN is a fully-managed client-based VPN service which automatically handles the deployment, capacity provisioning, and service updates. With AWS Client VPN you can monitor and manage all your connections from a single console.


    On-premises VPN services are limited by the scale of the hardware that supports them. AWS Client VPN is an elastic solution that leverages the cloud to automatically scale based on user demand, without the limitations of a hardware appliance.

    Access any resource from any location

    Unlike on-premises VPN services, with AWS Client VPN, users can connect from anywhere to your AWS and on-premises networks. Using a single VPN connection, users can access different resources across various locations on your network.

    Tight security controls

    You define the access rules so you can be sure resources are only available to authorized users.

    How it works

    How it works

    Use cases

    Keep your employees connected

    Unexpected events can require many of your employees to work remotely. This creates a spike in VPN connections or traffic and can reduce performance or availability for your users.

    AWS Client VPN is elastic, and automatically scales to handle peak demand while providing a high-quality user experience.

    Easily deploy and remove VPN access for temporary workers

    With AWS Client VPN, you can easily grant new users access to specific AWS and on-premises networks. To grant access, add them to an Active Directory group and then set up the access rules for that group. Removing access when their contract is up is just as easy.

    Easily access applications in the cloud or on premises

    AWS Client VPN provides users with secure access to applications both on premises and in AWS. This is particularly helpful during a cloud migration when applications move from on premises to the cloud. With AWS Client VPN users don’t have to change the way they access their applications during or after the migration.

    Blog posts and articles

    Introducing AWS Client VPN to Securely Access AWS and On-Premises Resources
    Blog by James Devine
    December 19, 2018
  • AWS Site-to-Site VPN
  • By default, instances that you launch into an Amazon VPC cannot communicate with your on-premises network. You can securely extend your data center or branch office network to the cloud with an AWS Site-to-Site VPN (Site-to-Site VPN) connection. It uses internet protocol security (IPSec) communications to create encrypted VPN tunnels between two locations.

    You also have the option to use Accelerated Site-to-Site VPN, which is built for cross-continent applications using AWS Global Accelerator. It provides higher performance and consistency, particularly for your business-critical applications that span continents.


    Highly available

    AWS Site-to-Site VPN provides two tunnels across multiple Availability Zones to deliver uninterrupted access to cloud resources. You can stream primary traffic through the first tunnel and use the second tunnel for redundancy. So even if one tunnel goes down, traffic still gets delivered to your Amazon VPC.


    With AWS Site-to-Site VPN, you can connect to an Amazon VPC in the cloud the same way you connect to your on-premises locations. AWS Site-to-Site VPN establishes secure and private sessions with IP Security (IPSec) and Transport Layer Security (TLS) tunnels.

    Robust monitoring

    AWS Site-to-Site VPN gives you visibility into local and remote network health, and monitors the reliability and performance of your VPN connections by integrating with Amazon CloudWatch metrics. Site-to-Site VPN also integrates with AWS Transit Gateway network manager to provide you with a global view of your on-premises and AWS networks, which includes your SD-WAN, AWS Transit Gateway, and AWS Direct Connect services.

    Accelerate Applications

    Accelerated Site-to-Site VPN improves the performance of your VPN connection by combining with AWS Global Accelerator. Accelerated Site-to-Site VPN, an option of Site-to-Site VPN, takes advantage of the vast, congestion-free AWS global network and routes the encrypted traffic through the closest AWS edge location.

    How it works


    Use cases

    Extend your corporate network into the cloud

    You can move corporate applications to the cloud, launch additional web servers, and add more compute capacity to your network by connecting your VPC to your corporate network. You can host your VPC behind your corporate firewall and seamlessly move your IT resources into the cloud, without changing the way your users access these applications.

    Secure your communication between corporate sites

    You can use AWS Site-to-Site VPN connections to securely communicate between different remote sites.

Check out the product features

Discover what AWS VPN can do.

Learn more 
Sign up for a free account

Instantly get access to the AWS Free Tier. 

Sign up 
Start building in the console

Get started building with AWS VPN in the AWS Console.

Get started