In cases where you need to quickly establish on-premises network integration with the VPCs in your emerging AWS environment, it’s recommended that you consider starting with an AWS Site-to-Site VPN connection. Later, if you have needs that will be better served through the use of AWS Direct Connect, you can transition to using AWS Direct Connect with or without a site-to-site VPN connection.
The following table provides a simplified comparison of your two primary network integration options.
| Option | Description | Advantages | Limitations |
|---|---|---|---|
| AWS Site-to-Site VPN Connection | AWS managed IPsec VPN connection over the internet to regional router for multiple VPCs | Relatively little time required to set up Reuse existing VPN equipment and processes Reuse existing internet connections AWS managed high availability VPN service Supports static routes or dynamic Border Gateway Protocol (BGP) peering and routing policies |
Network latency, variability, and availability are dependent on internet conditions Customer managed endpoint is responsible for implementing redundancy and failover (if required) Customer device must support single-hop BGP (when leveraging BGP for dynamic routing) |
| AWS Direct Connect | Dedicated network connection over private lines to regional router for multiple VPCs | More predictable network performance Reduced bandwidth costs Supports BGP peering and routing policies |
May require additional telecom and hosting provider relationships or new network circuits to be provisioned |
Learn more about AWS hybrid connectivity: To learn more about your options including more advanced configurations, see the AWS Hybrid Connectivity whitepaper.
If you intend to use either AWS Site-to-Site VPN Connection or AWS Direct Connect, you’ll typically need to work with your on-premises Network team to design, set up, test, and monitor your network integration between your on-premises and AWS environments.
See Reviewing AWS Site-to-Site VPN Architecture and Connection Options to review your options and quickly get a VPN connection established in support of your first few production workloads.
See Planning for AWS Direct Connect if you’d like to learn more about getting started with planning to use AWS Direct Connect.