Amazon provides multiple options for you to connect your dedicated infrastructure into Amazon Web Services. Each connectivity option leverages either VPN or AWS Direct Connect and, while both are viable options, you might find that one or both are better for your business requirements.
AWS-managed VPN is a hardware IPsec VPN that enables you to create an encrypted connection over the public Internet between your Amazon VPC and your private IT infrastructure. The VPN connection lets you extend your existing security and management policies to your VPC as if they were running within your own infrastructure.
VPN is a great connectivity option for businesses that are just getting started with AWS. It is quick and easy to setup. Keep in mind, however, that VPN connectivity utilizes the public Internet, which can have unpredictable performance and despite being encrypted, can present security concerns.
AWS Direct Connect
AWS Direct Connect bypasses the public Internet and establishes a secure, dedicated connection from your infrastructure into AWS. This dedicated connection occurs over a standard 1 GB or 10 GB Ethernet fiber-optic cable with one end of the cable connected to your router and the other to an AWS Direct Connect router. AWS has established these Direct Connect routers in large colocation facilities across the world, providing access to all AWS regions. With established connectivity via AWS Direct Connect, you can access your Amazon VPC and all AWS services.
AWS Direct Connect is a great option for businesses that are seeking secure, ultra-low latency connectivity into AWS. While provisioning AWS Direct Connect can sometimes be more involved, it is worth it once the connectivity is established the because of the ease of predictable network performance and 60% cost savings.
Comparison of AWS AWS-Managed VPN and AWS Direct Connect
||AWS Direct Connect
||<4 GB per VPC
||<1 GB, 1 GB, or 10 GB ports
Up to 40 GB with Link Aggregation
||1VPN Connection to VPC
||2 port connection to multiple VPCs
||1 VPN Connection = 2 VPN tunnels
||1 AWS router = redundant connectivity to 1 AWS region
||$0.05 per VPN Connection Hour
$0.09 per GB data transfer out
|$0.2 to $0.3 per GB data transfer out
Port hour fees(varies based on port speed)
Link Aggregation Groups
Amazon VPC Pricing
AWS Direct Connect Pricing