Overview
This article looks at the various methods available for connecting multiple VPCs across multiple regions, either using the (existing) customer network or the AWS network
Best Practices
- Avoid overlapping CIDR blocks
- implement HA with no sing;le point of failure
- Verify ability to scale solution
- Consider data volumes and costs
- Ensure devices support BGP to simplify setup and management
- Only connect VPCs which absolutely need to communicate with each other
Routing over non AWS Networks
- Internet-based VPN – between a corporate regional HQ and other regions. Connection to AWS is via AWS Direct Connect or VPN. Typically HQ will have AWS Direct Connect to nearest AWS AZ. Performance and latency subject to public internet
- Corporate Network Backbone – for corporate with existing private WANs. BGP os leveraging to route traffic over the corporate network. Performance and latency subject to corporate backbone
Routing over AWS Networks
- Inter region VPC peering – always encrypted, stays on AWS network with no single point of failure – just pay for data transfer
- Transit VPC – high availability hub and spoke solution which supports on premise connections but need to manage connections yourself, pay for data and the EC2 instances
- Transit Gateway – managed solution – pay per hour as well as data transfer costs
- AWS PrivateLink – unidirectional service to access service in another account – used to access a SaaS with going over public internet