Skip to main content

AWS Cloud connectivity - Solution architectures

Welcome to this comprehensive guide that explores the different AWS cloud connectivity options available for accessing your AWS resources. In this guide, we will explore two architectures: Connectivity to the AWS Cloud via IPsec Internet and Private Connectivity to the AWS Cloud.

On Demand Cloud Connect IPSEC – AWS

We provide you with two architecture options for accessing your AWS resources over the internet:

  • Standard Architecture
  • High Availability (HA) Architecture

Both options deploy an Active/Active VPN Gateway on the AWS side, ensuring local redundancy. If one AWS Gateway experiences a failure, the second one will immediately take over.

Standard Architecture

You are a customer that wants to interconnect one site to AWS IaaS through a basic Public Connector, this solution is for you.

Description of the Standard architecture

Standard architecture.

  • A customer IPsec VRF instance is deployed on a unique PoP
  • Two IPSec tunnels are set to reach both AWS VPN
  • HA : And another two IPSec tunnels are set to the same VPN Gateways

High Availability Architecture

You are a customer that wants to interconnect one site to AWS IaaS through an HA Public Connector, this solution is for you.

Description of the High Availability architecture

High Availability architecture.

  • The architecture brings a redundancy
  • A second customer VRF is deployed on a “backup” PoP
  • And another couple of IPSec tunnels are set to the same VPN Gateways
  • Those tunnels act like those on the nominal PoP
  • But on a global view, we have four levels of backup.

On Demand Cloud Connect Private – AWS

Based on a private circuit directly connected to the Cloud Service Provider and transit over our MPLS network, this solution provides you the best quality and security for a Multi-cloud approach.

Description of the Private Connectivity architecture

Private Connectivity architecture.

This architecture, shared with Business Galerie, is available to reach AWS resources through a private connection. This is done thanks to an ExpressRoute Gateway coupled with an ExpressRoute Circuit on AWS side. Unlike a public architecture, to connect such a private access, we will use dedicated connections, from our interconnection routers (CDE) in our backbone to AWS Edge routers.