VPN or Direct Connect? AWS Network Services Compared

Jan 8, 2019

Go back

Amazon provides multiple options for you to connect your dedicated infrastructure into Amazon Web Services. Each connectivity option leverages either VPN or AWS Direct Connect and, while both are viable options, you might find that one or both are better for your business requirements.


AWS-managed VPN

AWS-managed VPN is a hardware IPsec VPN that enables you to create an encrypted connection over the public Internet between your Amazon VPC and your private IT infrastructure. The VPN connection lets you extend your existing security and management policies to your VPC as if they were running within your own infrastructure.

VPN is a great connectivity option for businesses that are just getting started with AWS. It is quick and easy to setup. Keep in mind, however, that VPN connectivity utilizes the public Internet, which can have unpredictable performance and despite being encrypted, can present security concerns.


AWS Direct Connect

AWS Direct Connect bypasses the public Internet and establishes a secure, dedicated connection from your infrastructure into AWS. This dedicated connection occurs over a standard 1 GB or 10 GB Ethernet fiber-optic cable with one end of the cable connected to your router and the other to an AWS Direct Connect router. AWS has established these Direct Connect routers in large colocation facilities across the world, providing access to all AWS regions. With established connectivity via AWS Direct Connect, you can access your Amazon VPC and all AWS services.

AWS Direct Connect is a great option for businesses that are seeking secure, ultra-low latency connectivity into AWS. While provisioning AWS Direct Connect can sometimes be more involved, it is worth it once the connectivity is established the because of the ease of predictable network performance and 60% cost savings.

Comparison of AWS AWS-Managed VPN and AWS Direct Connect

AWS-Managed VPN

AWS Direct Connect

Performance
<4 GB per VPC
<1 GB, 1 GB, or 10 GB ports Up to 40 GB with Link Aggregation Group (LAG)
Connectivity
1VPN Connection to VPC
2 port connection to multiple VPCs
Resiliency
1 VPN Connection = 2 VPN tunnels
1 AWS router = redundant connectivity to 1 AWS region
Costs
$0.05 per VPN Connection Hour $0.09 per GB data transfer out
$0.2 to $0.3 per GB data transfer out Port hour fees(varies based on port speed)


Helpful Resources
Link Aggregation Groups
Amazon VPC Pricing
AWS Direct Connect Pricing

Danielle Hagel

Danielle Hagel

Director of Marketing

Danielle is is responsible for the go-to-market strategy for cloud partnerships at CoreSite.

Read more from this author

Subscribe to CoreSite

Thank you! Your submission has been received.
Oops! Something went wrong while submitting the form.