There are three VPN options for connecting to AWS:
- AWS managed VPN gateway
- AWS VPN CloudHub
- Using a VPN instance
An Amazon VPN gateway can be used as a simple, secure, and cost-effective solution when you need to quickly provision access to your AWS VPC subnets from your on-premise datacenter via a private link. For each VPN connection, two public tunnel endpoints are created to enable automatic failover from your gateway device:
You can also connect to multiple remote sites from one AWS VPN gateway; however, no transient traffic can pass through a VPN gateway:
If transient traffic is required between your sites, AWS VPN CloudHub can be considered as a solution. The VPN CloudHub is designed with a hub-and-spoke model that you can use with or without a VPC. The AWS VPN CloudHub allows you to arbitrarily connect your AWS resources and on-premises data centers together:
If neither of those options are satisfactory, then you can use a custom VPN instance that can be configured arbitrarily inside your environment. There are many open source and commercial options of VPN instances available on the internet and the AWS marketplace.