AWS Cloud connectivity - Solution architectures
Welcome to this comprehensive guide that explores the different AWS cloud connectivity options available for accessing your AWS resources. In this guide, we will explore two architectures: Connectivity to the AWS Cloud via IPsec Internet and Private Connectivity to the AWS Cloud.
On Demand Cloud Connect IPSEC – AWS
We provide you with two architecture options for accessing your AWS resources over the internet:
- Standard Architecture
- High Availability (HA) Architecture
Both options deploy an Active/Active VPN Gateway on the AWS side, ensuring local redundancy. If one AWS Gateway experiences a failure, the second one will immediately take over.
Standard Architecture
You are a customer that wants to interconnect one site to AWS IaaS through a basic Public Connector, this solution is for you.
Standard architecture.
- A customer IPsec VRF instance is deployed on a unique PoP
- Two IPSec tunnels are set to reach both AWS VPN
- HA : And another two IPSec tunnels are set to the same VPN Gateways
High Availability Architecture
You are a customer that wants to interconnect one site to AWS IaaS through an HA Public Connector, this solution is for you.
High Availability architecture.
- The architecture brings a redundancy
- A second customer VRF is deployed on a “backup” PoP
- And another couple of IPSec tunnels are set to the same VPN Gateways
- Those tunnels act like those on the nominal PoP
- But on a global view, we have four levels of backup.
On Demand Cloud Connect Private – AWS
Based on a private circuit directly connected to the Cloud Service Provider and transit over our MPLS network, this solution provides you the best quality and security for a Multi-cloud approach.
Private Connectivity architecture.
This architecture, shared with Business Galerie, is available to reach AWS resources through a private connection. This is done thanks to an ExpressRoute Gateway coupled with an ExpressRoute Circuit on AWS side. Unlike a public architecture, to connect such a private access, we will use dedicated connections, from our interconnection routers (CDE) in our backbone to AWS Edge routers.