This section addresses options and resources to enable network connectivity between your on-premises networks and AWS environment.
Review Note: For now add ideas and references to existing publicly available resources: Let’s build up ideas and refine as we go.
In many cases, organizations require that applications and workloads hosted in AWS can connect to workloads and shared services hosted on-premises and vice versa.
Cloud client access to defined non-prod application and data services.
On-premises access to newly deployed cloud hosted development, pre-production test, prod workloads and services.
Cloud client access to on-premises source code management access.
Hybrid DNS resolution:
Security
Non-overlapping allocation of IP address ranges for use by cloud environments.
Typically, as an initial means to quickly establish this connectivity, one pr more VPN connections are established using existing on-premises network appliances and the AWS Site-to-Site VPN capability in conjunction with AWS Transit Gateway. AWS Transit Gateway centralizes and simplifies sharing on-premises to AWS network integration across multiple VPCs.
Introduction of a new Network AWS account is a common approach in which shared network resources such as the AWS Transit Gateway configuration can be isolated and managed separately from team oriented AWS accounts and the other shared accounts.
Longer term, as your on-premises to AWS network connectivity needs expand, you will typically transition from using site-to-site VPN connections to AWS Direct Connect. When using AWS Transit Gateway as the termination point for VPN and AWS Direct Connect connections, a migration from using VPN to AWS Direct Connect has no impact on the VPCs behind the Transit Gateway.