Amazon VPC offers you the flexibility to fully manage both sides of your Amazon VPC connectivity by creating a VPN connection between your remote network and a software VPN appliance running in your Amazon VPC network.

This option is recommended if you must manage both ends of the VPN connection either for compliance purposes or for leveraging gateway devices that are not currently supported by Amazon VPC’s VPN solution.

⁠

Transit VPC

Table 2

Table 2

Column 1

Column 2

What

Common strategy for connecting geographically dispersed VPCs and locations to create a global network transit center

When

Locations and VPC-deployed assets across multiple regions that need to communicate with one another

Pros

Ultimate flexibility and manageability but also AWS-managed VPN hub-and-spoke between VPCs

Cons

You must design for any redundancy across the whole chain

How

Providers like Cisco, Juniper Networks, and Riverbed have offerings which work with their equipment and AWS VPC

There are no rows in this table

⁠

Building on the Software VPN design mentioned above, you can create a global transit network on AWS.

A transit VPC is a common strategy for connecting multiple, geographically disperse VPCs and remote networks to create a global network transit center.

A transit VPC simplifies network management and minimizes the number of connections required to connect multiple VPCs and remote networks.

⁠

Shared Services VPCs

You can allow other AWS accounts to create their application resources, such as EC2 instances, Relational Database Service (RDS) databases, Redshift clusters, and Lambda functions, into shared, centrally managed Amazon Virtual Private Clouds (VPCs).

VPC sharing enables subnets to be shared with other AWS accounts within the same AWS Organization. Benefits include:

Separation of duties: centrally controlled VPC structure, routing, IP address allocation.

Application owners continue to own resources, accounts, and security groups.

VPC sharing participants can reference security group IDs of each other.

Efficiencies: higher density in subnets, efficient use of VPNs and AWS Direct Connect.

Hard limits can be avoided, for example, 50 VIFs per AWS Direct Connect connection through simplified network architecture.

Costs can be optimized through reuse of NAT gateways, VPC interface endpoints, and intra-Availability Zone traffic.

You can create separate Amazon VPCs for each account with the account owner being responsible for connectivity and security of each Amazon VPC.

With VPC sharing, your IT team can own and manage your Amazon VPCs and your application developers no longer must manage or configure Amazon VPCs, but they can access them as needed.

Can also share Amazon VPCs to leverage the implicit routing within a VPC for applications that require a high degree of interconnectivity and are within the same trust boundaries.

This reduces the number of VPCs that need to be created and managed, while you still benefit from using separate accounts for billing and access control.

Customers can further simplify network topologies by interconnecting shared Amazon VPCs using connectivity features, such as AWS PrivateLink, AWS Transit Gateway, and Amazon VPC peering.

Can also be used with AWS PrivateLink to secure access to resources shared such as applications behind a Network Load Balancer.

Want to print your doc?
This is not the way.

Try clicking the ⋯ next to your doc name or using a keyboard shortcut (

CtrlP

) instead.