Extend your on-premises networks to the cloud and securely access them from anywhere

Better Security & Performance with AWS VPN Innovations (14:44)

AWS Virtual Private Network solutions establish secure connections between your on-premises networks, remote offices, client devices, and the AWS global network. AWS VPN is comprised of two services: AWS Site-to-Site VPN and AWS Client VPN. Together, they deliver a highly-available, managed, and elastic cloud VPN solution to protect your network traffic.

AWS Site-to-Site VPN creates encrypted tunnels between your network and your Amazon Virtual Private Clouds or AWS Transit Gateways. For managing remote access, AWS Client VPN connects your users to AWS or on-premises resources using a VPN software client.

  • AWS Client VPN
  • AWS Site-to-Site VPN
  • AWS Client VPN
  • AWS Client VPN is a fully-managed, elastic VPN service that automatically scales up or down based on user demand. Because it is a cloud VPN solution, you don’t need to install and manage hardware or software-based solutions, or try to estimate how many remote users to support at one time.


    Fully managed

    AWS Client VPN automatically takes care of deployment, capacity provisioning, and service updates — while you monitor all connections from a single console.

    Advanced authentication

    Many organizations require multi-factor authentication (MFA) and federated authentication from their VPN solution. AWS Client VPN supports these and other authentication methods.


    Traditional on-premises VPN services are limited by the capacity of the hardware that runs them. AWS Client VPN is a pay-as-you-go cloud VPN service that elastically scales up or down based on user demand.

    Remote access

    Unlike on-premises VPN services, AWS Client VPN allows users to connect to AWS and on-premises networks using a single VPN connection.

    How it works

    How it works

    Use cases

    Quickly scale remote access

    Unexpected events can require many of your employees to work remotely. This creates a spike in VPN connections and traffic that can reduce performance or availability for your users. AWS Client VPN is elastic, and automatically scales up to handle peak demand. When the spike has passed, it scales down so you are not paying for unused capacity.

    Easily deploy and remove VPN access for temporary workers

    With AWS Client VPN, you can easily grant new users access to specific AWS and on-premises networks. To grant access, add them to an Active Directory group and set up access rules for that group. Removing access when their contract is up is just as easy.

    Easily access applications in the cloud or on premises

    AWS Client VPN provides users with secure access to applications both on premises and in AWS. This is particularly helpful during a cloud migration when applications move from on-premises locations to the cloud. With AWS Client VPN, users don’t have to change the way they access their applications during or after migration.

    Customer stories

    "Columbia University Medical Center is a clinical, research, and educational enterprise located on a campus in northern Manhattan. We have an emergency situation where due to the COVID 19 our hospital is limiting access to the campus. We needed to supplement our current physical VPN solution in order to support up to an additional 150 concurrent users with access to our datacenter and campus, so we have set up a Client VPN endpoint. With AWS Client VPN, our staff and researchers are quickly able to access the campus and continue to do research on the virus." 

    - Robert De Boer, Deputy CIO, Columbia University Medical Center

    “Shionogi is a pharmaceutical company headquartered in Osaka, Japan, with research and distribution extended worldwide. We needed to dramatically and quickly change our VPN environment to support mandated Work From Home (WFH). This applied to all employees which was practically impossible with our current system. With AWS Client VPN, we were able to turn up the VPN environment for approximately 3,000 employees in just 3 days. As a result, end-users thanked us saying that the User Experience for the remote work has been greatly improved, which proved that our IT department can make a difference to the organization. The whole experience reminded us the power of the Cloud – for its speed, flexibility, and scalability.”

    – Kazuhiro Shirahase, Director of IT Promotion Division I, Shionogi Digital Science Co., Ltd.

    Blog posts and articles

    Using Microsoft Active Directory multi-factor authentication (MFA) with AWS Client VPN
    Blog by by Avanish Yadav
    April 9, 2020
    Learn more »
    Introducing AWS Client VPN to securely access AWS and on-premises resources
    Blog by James Devine
    December 19, 2018
    Learn more »

    Using AWS Client VPN to scale your work from home capacity
    Blog by James Devine
    April 15, 2020
    Learn more »
    Scaling VPN throughput using AWS Transit Gateway
    Blog by by Vinod Kataria and Sreekanth Krishnavajjala
    February 3, 2020
    Learn more »

  • AWS Site-to-Site VPN
  • AWS Site-to-Site VPN creates a secure connection between your data center or branch office and your AWS cloud resources. For globally distributed applications, the Accelerated Site-to-Site VPN option provides even greater performance by working with AWS Global Accelerator.


    Highly available

    AWS Site-to-Site VPN delivers high availability by using two tunnels across multiple Availability Zones within the AWS global network. You can stream primary traffic through the first tunnel and use the second tunnel for redundancy — if one tunnel goes down, traffic continues to flow.


    With AWS Site-to-Site VPN, you can connect to an Amazon VPC or AWS Transit Gateway the same way you connect to your on-premises servers. AWS Site-to-Site VPN establishes secure and private sessions with IP Security (IPSec) and Transport Layer Security (TLS) tunnels.

    Robust monitoring

    AWS Site-to-Site VPN gives you visibility into local and remote network health, and monitors the reliability and performance of your VPN connections by integrating with Amazon CloudWatch. Site-to-Site VPN also integrates with AWS Transit Gateway network manager to provide a global view of your on-premises and AWS networks, including your SD-WAN, AWS Transit Gateway, and AWS Direct Connect services.

    Accelerate Applications

    The Accelerated Site-to-Site VPN option improves the performance of your VPN connection by working with AWS Global Accelerator. AWS Global Accelerator is used to intelligently route traffic to the nearest AWS network endpoint with the best performance.

    How it works


    Use cases

    Extend your corporate network into the cloud

    Moving applications to the cloud is easier with a Site-to-site VPN connection between your network and the AWS cloud. You can host Amazon VPCs behind your corporate firewall and seamlessly move your IT resources, without changing the way your users access these applications.

    Secure communication between remote locations

    You can use AWS Site-to-Site VPN connections to securely communicate between remote sites.

Check out the product features

Discover what AWS VPN can do.

Learn more 
Sign up for a free account

Instantly get access to the AWS Free Tier. 

Sign up 
Start building in the console

Get started building with AWS VPN in the AWS Console.

Get started