Overview
As AWS environments scale, network designs often become complex, particularly when combining multiple connectivity methods and numerous VPCs.
Common Connectivity Elements
- Customer Gateway (CGW) – On-premises VPN endpoint used to establish Site-to-Site VPN connections.
- VPN Connection – Encrypted IPSec tunnel from CGW to AWS for hybrid workloads.
- VPC Peering – Private, point-to-point connectivity between two VPCs.
- Non-transitive; separate connections are required for each pair of VPCs.
- Direct Connect Gateway (DXGW) – Extends a single Direct Connect to multiple VPCs across different AWS Regions.
Architectural Challenges
- Large numbers of VPC peering links create a full mesh that is difficult to manage and scale.
- Mixing VPN, Direct Connect, and peering increases complexity in:
- Route management
- Security controls (SGs, NACLs, firewall rules)
- Monitoring and troubleshooting network paths
Recommendation
- Use Transit Gateway or Direct Connect Gateway where appropriate to simplify routing, centralize connectivity, and reduce operational overhead.