You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
Most organisations do not run everything in the cloud. They have on-premises data centres, branch offices, or co-location facilities that need to communicate securely with their AWS VPCs. AWS provides two primary connectivity options: Site-to-Site VPN for encrypted tunnels over the public internet, and AWS Direct Connect for dedicated private network links. This lesson compares both and explains when to use each.
A Site-to-Site VPN creates an encrypted IPsec tunnel between your on-premises network and your AWS VPC over the public internet.
| Component | Where | Purpose |
|---|---|---|
| Virtual Private Gateway (VGW) | AWS side | VPN endpoint attached to a VPC |
| Customer Gateway (CGW) | On-premises side | Represents your on-premises router/firewall |
| VPN Connection | Between VGW and CGW | The encrypted tunnel(s) |
On-Premises Network
┌──────────────────┐
│ Customer Gateway │ (your router)
│ Public IP: x.x.x.x │
└────────┬─────────┘
│ IPsec tunnel (encrypted)
│ over the public internet
▼
┌──────────────────┐
│ Virtual Private │ (AWS-managed)
│ Gateway (VGW) │
└────────┬─────────┘
│
▼
┌──────────────────┐
│ VPC │
│ 10.0.0.0/16 │
└──────────────────┘
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.