VPN (Virtual Private Network)
💡 Definition
AWS VPN solutions establish secure connections between your on-premises networks, remote offices, client devices, and the AWS global network.
🔑 Key Concepts
- Site-to-Site VPN: Connects your entire on-premises network (data center/office) to your VPC.
- Encrypted: Uses IPsec to encrypt traffic over the public internet.
- Components: Virtual Private Gateway (VGW) on AWS side, Customer Gateway (CGW) on your side.
- Client VPN: Connects individual users (laptops/phones) to your AWS or on-premises resources (using OpenVPN).
⚙️ How it Works
Site-to-Site: Creates an encrypted tunnel over the public internet. Traffic flows securely between your office router and the AWS VPC.
🎯 Use Cases
- Hybrid Cloud: Extending your corporate network into the cloud.
- Remote Access: Allowing developers to securely access private servers from home (Client VPN).
- Backup Connectivity: Serving as a backup to a Direct Connect link.
💰 Pricing Model
- Site-to-Site: Charged per connection hour + data transfer out.
- Client VPN: Charged per active client connection hour + data transfer.
📝 Exam Tips (CLF-C02)
- Site-to-Site VPN uses the public internet (but encrypted).
- Quick to set up compared to Direct Connect.
- Good for backup or lower bandwidth requirements.
See Also: * Direct Connect * VPC * Transit Gateway