AWS Virtual Private Network solutions establish secure connections between your on-premises networks, remote offices, client devices, and the AWS global network. AWS VPN is comprised of two services: AWS Site-to-Site VPN and AWS Client VPN. Together, they deliver a highly-available, managed, and elastic cloud VPN solution to protect your network traffic.
AWS Site-to-Site VPN creates encrypted tunnels between your network and your Amazon Virtual Private Clouds or AWS Transit Gateways. For managing remote access, AWS Client VPN connects your users to AWS or on-premises resources using a free VPN software client.
AWS Client VPN
AWS Site-to-Site VPN
AWS Client VPN
AWS Client VPN is a fully-managed, elastic VPN service that automatically scales up or down based on user demand. Because it is a cloud VPN solution, you don’t need to install and manage hardware or software-based solutions, or try to estimate how many remote users to support at one time.
AWS Client VPN automatically takes care of deployment, capacity provisioning, and service updates — while you monitor all connections from a single console.
Many organizations require multi-factor authentication (MFA) and federated authentication from their VPN solution. AWS Client VPN supports these and other authentication methods.
Traditional on-premises VPN services are limited by the capacity of the hardware that runs them. AWS Client VPN is a pay-as-you-go cloud VPN service that elastically scales up or down based on user demand.
Unlike on-premises VPN services, AWS Client VPN allows users to connect to AWS and on-premises networks using a single VPN connection.
How it works
Quickly scale remote access
Unexpected events can require many of your employees to work remotely. This creates a spike in VPN connections and traffic that can reduce performance or availability for your users. AWS Client VPN is elastic, and automatically scales up to handle peak demand. When the spike has passed, it scales down so you are not paying for unused capacity.
Easily deploy and remove VPN access for temporary workers
With AWS Client VPN, you can easily grant new users access to specific AWS and on-premises networks. To grant access, add them to an Active Directory group and set up access rules for that group. Removing access when their contract is up is just as easy.
Easily access applications in the cloud or on premises
AWS Client VPN provides users with secure access to applications both on premises and in AWS. This is particularly helpful during a cloud migration when applications move from on-premises locations to the cloud. With AWS Client VPN, users don’t have to change the way they access their applications during or after migration.
"Columbia University Medical Center is a clinical, research, and educational enterprise located on a campus in northern Manhattan. We have an emergency situation where due to the COVID 19 our hospital is limiting access to the campus. We needed to supplement our current physical VPN solution in order to support up to an additional 150 concurrent users with access to our datacenter and campus, so we have set up a Client VPN endpoint. With AWS Client VPN, our staff and researchers are quickly able to access the campus and continue to do research on the virus."
- Robert De Boer, Deputy CIO, Columbia University Medical Center
Blog posts and articlesUsing Microsoft Active Directory multi-factor authentication (MFA) with AWS Client VPNBlog by by Avanish Yadav
April 9, 2020
Learn more »
AWS Site-to-Site VPN
AWS Site-to-Site VPN creates a secure connection between your data center or branch office and your AWS cloud resources. For globally distributed applications, the Accelerated Site-to-Site VPN option provides even greater performance by working with AWS Global Accelerator.
AWS Site-to-Site VPN delivers high availability by using two tunnels across multiple Availability Zones within the AWS global network. You can stream primary traffic through the first tunnel and use the second tunnel for redundancy — if one tunnel goes down, traffic continues to flow.
With AWS Site-to-Site VPN, you can connect to an Amazon VPC or AWS Transit Gateway the same way you connect to your on-premises servers. AWS Site-to-Site VPN establishes secure and private sessions with IP Security (IPSec) and Transport Layer Security (TLS) tunnels.
AWS Site-to-Site VPN gives you visibility into local and remote network health, and monitors the reliability and performance of your VPN connections by integrating with Amazon CloudWatch. Site-to-Site VPN also integrates with AWS Transit Gateway network manager to provide a global view of your on-premises and AWS networks, including your SD-WAN, AWS Transit Gateway, and AWS Direct Connect services.
The Accelerated Site-to-Site VPN option improves the performance of your VPN connection by working with AWS Global Accelerator. AWS Global Accelerator is used to intelligently route traffic to the nearest AWS network endpoint with the best performance.
How it works
Extend your corporate network into the cloud
Moving applications to the cloud is easier with a Site-to-site VPN connection between your network and the AWS cloud. You can host Amazon VPCs behind your corporate firewall and seamlessly move your IT resources, without changing the way your users access these applications.
Secure communication between remote locations
You can use AWS Site-to-Site VPN connections to securely communicate between remote sites.
Discover what AWS VPN can do.
Instantly get access to the AWS Free Tier.
Get started building with AWS VPN in the AWS Console.