How can I connect to my Amazon VPC?

Short description

You can connect to your VPC through the following:

• A virtual private network (VPN)
• AWS Direct Connect (DX)
• A VPC peering connection
• A VPC endpoint
• An internet gateway
• A network address translation (NAT) gateway
• A NAT instance
• A transit gateway

The best option depends on your specific use case and preferences.

Resolution

Review the following options for connecting to your VPC and choose the best one for your use case.

VPN connection

You can establish a VPN connection to an Amazon Web Services (AWS)-managed virtual private gateway, which is the VPN device on the AWS side of the VPN connection.

You can use an AWS managed VPN connection or a third-party VPN solution. Use a third-party solution if you require full access and management of the AWS side of the VPN connection.

After creating your connection, you can download the Internet Protocol Security (IPsec) VPN configuration from the VPC console. Use the IPsec VPN configuration to configure the firewall or device in your local network that connects to the VPN.

DX connection

An AWS Direct Connect (DX connection) links your internal network to a DX location over a standard 1-Gbps or 10-Gbps Ethernet fiber-optic cable.

DX usage is charged per port-hour with additional data transfer rates that vary by AWS Region. For more information, see AWS Direct Connect pricing.

VPC peering connection

A VPC peering connection connects two VPCs and routes traffic between them through private IP addresses, which allows the VPCs to function as if they are on the same network. These connections aren't subject to common issues, such as a single point of failure or network bandwidth bottlenecks, because they don't rely on physical hardware.

VPC peering is supported for VPCs across all AWS Regions in both the same or different AWS accounts. For more information, see VPC peering limitations.

VPC endpoints

A VPC endpoint is a private connection between your VPC and another AWS service that doesn't require internet access. The two types of VPC endpoints are interface VPC endpoints (for AWS PrivateLink services) and gateway VPC endpoints. After you configure a VPC endpoint, instances in your VPC can use private IP addresses to communicate with:

• Resources in other AWS services
• VPC endpoint services hosted by other AWS accounts
• Supported AWS Marketplace partner services

Internet gateway

An internet gateway enables communication between instances in your VPC and the internet. You can scope the route to all destinations not explicitly known to the route table or to a narrower range of IP addresses.

NAT gateway

A NAT gateway is a managed service that enables instances in a private subnet of a VPC to connect to the internet or other AWS services without allowing connections to those instances from the internet.

Note: Be sure to create the NAT gateway in a public subnet. For more information, see NAT gateways.

NAT instance

A NAT instance in the public subnet of a VPC enables instances in the private subnet to initiate outbound IPv4 traffic to the internet or other AWS services while also preventing those instances from receiving inbound traffic initiated by someone on the internet.

Note: A NAT gateway is a best practice for common use cases. For more information, see Compare NAT instances and NAT gateways.

Transit gateway

A transit gateway acts as a central hub for connecting your VPCs and your on-premises networks. For more information, see AWS Transit Gateway.

Related information

What is Amazon VPC?

Amazon VPC quotas

Configure route tables