Direct Connect and VPN
Up to this point, our VPC is a self-contained network that resides in the AWS network. It is flexible and functional, but to access the resources inside of the VPC, we will need to access them with their internet-facing services such as SSH and HTTPS.Â
In this section, we will look at the two ways AWS allow us to connect to the VPC from our private network: IPSec VPN Gateway and Direct Connect.Â
VPN Gateway
The first way to connect our on-premise network to VPC is with traditional IPSec VPN connections. We will need a publicly accessible device that can establish VPN connections to AWS's VPN device. The customer gateway needs to support route-based IPSec VPNs where the VPN connection is treated as a connection that a routing protocol can run over the virtual link. Currently, AWS recommends using BGP to exchange routes.Â
Â
On the VPC side, we can follow a similar routing table where we can route a particular subnet toward the Virtual Private Gateway target:
VPC VPN connection...