Extend your on-premises networks to the cloud and securely access them from anywhere

Introducing AWS VPN solutions

AWS Virtual Private Network (AWS VPN) lets you establish a secure and private tunnel from your network or device to the AWS global network. AWS VPN is comprised of two services: AWS Site-to-Site VPN and AWS Client VPN. AWS Site-to-Site VPN enables you to securely connect your on-premises network or branch office site to your Amazon Virtual Private Cloud (Amazon VPC). AWS Client VPN enables you to securely connect users to AWS or on-premises networks.

  • AWS Site-to-Site VPN
  • AWS Client VPN
  • AWS Site-to-Site VPN
  • AWS Site-to-Site VPN extends your data center or branch office to the cloud. It uses cryptography to protect communications over Internet Protocol (IP) networks and supports connecting to both a virtual private gateway and an AWS Transit Gateway.


    Highly available

    AWS Site-to-Site VPN provides two tunnels across multiple Availability Zones to deliver uninterrupted access to cloud resources. You can stream your primary traffic in the first tunnel and use the second tunnel for redundancy to help make sure that traffic is delivered to your Amazon VPC. 


    With AWS Site-to-Site VPN, you can connect to an Amazon VPC in the cloud the same way you connect to your branches. AWS Site-to-Site VPN establish secure and private sessions with IP Security (IPSec) and Transport Layer Security (TLS) tunnels. 

    Robust monitoring

    AWS Site-to-Site VPN gives you visibility into local and remote network health. It integrates with Amazon CloudWatch metrics to monitor your VPN connections and their performance. 

    Use cases

    Extend your corporate network into the cloud

    You can move corporate applications to the cloud, launch additional web servers, and add more compute capacity to your network by connecting your VPC to your corporate network with AWS Site-to-Site VPN. Because your VPC can be hosted behind your corporate firewall, you can seamlessly move your IT resources into the cloud without changing how your users access these resources. 

    Secure your communication between corporate sites

    You can use AWS Site-to-Site VPN connections to securely communicate between different remote sites. AWS Site-to-Site VPN sets up connections between sites that use encryption to isolate and secure the data from the internet. 

  • AWS Client VPN
  • AWS Client VPN is a fully-managed, elastic VPN service that automatically scales up or down the number of available Client VPN connections based on user demand. Because it runs in the cloud, you don’t need to install and manage either a hardware or software VPN solution and you don’t need to over-provision for peak demand. AWS Client VPN is a designed so your employees can access any company resource, both in AWS and on-premises, from any location. Client VPN also provides quick and easy connectivity to your workforce and business partners using OpenVPN-enabled devices such as Mac, Windows, iOS, Android, and Linux.


    Fully managed

    AWS Client VPN is a fully-managed client-based VPN service which automatically handles the deployment, capacity provisioning, and service updates. With AWS Client VPN you can monitor and manage all your connections from a single console. 


    AWS Client VPN is an elastic solution. It leverages the cloud to automatically scale based on user demand, without the limitations of a hardware appliance. 

    Access any resource from any location

    With AWS Client VPN, users can connect from anywhere to your AWS and on-premises networks. Using a single VPN connection, users can access different resources across various locations on your network. 

    Tight security controls

    You define the access rules so you can be sure resources are only available to authorized users. 

    How it works


    Use cases

    Keep your employees connected

    Unexpected events can require many of your employees to work remotely. This creates a spike in VPN connections or traffic and can reduce performance or availability for your users.

    AWS Client VPN is elastic, and automatically scales to handle peak demand while providing a high-quality user experience. 

    Quickly and easily connect your contractors

    With AWS Client VPN, you can easily grant new users access to specific AWS and on-premises networks. To grant access, add them to an Active Directory group and then set up the access rules for that group. Removing access when their contract is up is just as easy. 

    Easily access applications in the cloud or on premises

    AWS Client VPN provides users with secure access to applications both on premises and in AWS. This is particularly helpful during a cloud migration when applications move from on premises to the cloud. With AWS Client VPN users don’t have to change the way they access their applications during or after the migration. 

    Blog posts and articles

    Introducing AWS Client VPN to Securely Access AWS and On-Premises Resources
    Blog by James Devine
    December 19, 2018
Check out the product features

Discover what AWS VPN can do.

Learn more 
Sign up for a free account

Instantly get access to the AWS Free Tier. 

Sign up 
Start building in the console

Get started building with AWS VPN in the AWS Console.

Get started