Transit Gateway v/s Direct Connect v/s Site-to-Site VPN

Saloni SinghSaloni Singh
2 min read

Letโ€™s discuss about VPC today, we all must have heard of Transit gateway, Direct Connect and Site-to-Site VPN, all of these seem to sound similar, but whatโ€™s the difference between them?

A ๐—ง๐—ฟ๐—ฎ๐—ป๐˜€๐—ถ๐˜ ๐—š๐—ฎ๐˜๐—ฒ๐˜„๐—ฎ๐˜† is a central hub by which you can connect VPCs and on-premises networks within the AWS environment.
๐——๐—ถ๐—ฟ๐—ฒ๐—ฐ๐˜ ๐—–๐—ผ๐—ป๐—ป๐—ฒ๐—ฐ๐˜ does this by creating a direct, dedicated private connection with your on-premises network and AWS.
Creating a ๐—ฆ๐—ถ๐˜๐—ฒ-๐˜๐—ผ-๐—ฆ๐—ถ๐˜๐—ฒ ๐—ฉ๐—ฃ๐—ก creates an encrypted over-the-public-internet โ€œtunnelโ€ to associate your on-premises network with a single AWS VPC.
So, in fact, a Transit Gateway provides for managing multiple VPCs and on-premises networks connections, with Direct Connect offering a direct, high-bandwidth connection, and a Site-to-Site VPN is a fundamental connection using the public Internet for a single VPC link.

๐—ž๐—ฒ๐˜† ๐—ฑ๐—ถ๐—ณ๐—ณ๐—ฒ๐—ฟ๐—ฒ๐—ป๐—ฐ๐—ฒ๐˜€:

๐—™๐˜‚๐—ป๐—ฐ๐˜๐—ถ๐—ผ๐—ป๐—ฎ๐—น๐—ถ๐˜๐˜†:
๐—ง๐—ฟ๐—ฎ๐—ป๐˜€๐—ถ๐˜ ๐—š๐—ฎ๐˜๐—ฒ๐˜„๐—ฎ๐˜† : It is central to make the different VPCs and on-premises network connect to each other; it simplifies network management.
๐——๐—ถ๐—ฟ๐—ฒ๐—ฐ๐˜ ๐—–๐—ผ๐—ป๐—ป๐—ฒ๐—ฐ๐˜ : Dedicated and private connection that connects your on-premises network to AWS with high bandwidth with minimal latency.
๐—ฆ๐—ถ๐˜๐—ฒ-๐˜๐—ผ-๐—ฆ๐—ถ๐˜๐—ฒ ๐—ฉ๐—ฃ๐—ก : An encrypted tunnel across the public internet which interconnects your on-premises network to an AWS VPC.

๐—ฆ๐—ฐ๐—ฎ๐—น๐—ฎ๐—ฏ๐—ถ๐—น๐—ถ๐˜๐˜†
๐—ง๐—ฟ๐—ฎ๐—ป๐˜€๐—ถ๐˜ ๐—š๐—ฎ๐˜๐—ฒ๐˜„๐—ฎ๐˜†: It is highly scalable, thus allowing easy addition of new VPCs or on-premises network connections.
๐——๐—ถ๐—ฟ๐—ฒ๐—ฐ๐˜ ๐—–๐—ผ๐—ป๐—ป๐—ฒ๐—ฐ๐˜: Highly scalable depending on the chosen bandwidth tier.
๐—ฆ๐—ถ๐˜๐—ฒ-๐˜๐—ผ-๐—ฆ๐—ถ๐˜๐—ฒ ๐—ฉ๐—ฃ๐—ก: Not as scalable as Direct Connect because it is restrained by public internet bandwidth.

๐—ฆ๐—ฒ๐—ฐ๐˜‚๐—ฟ๐—ถ๐˜๐˜†:
๐—ง๐—ฟ๐—ฎ๐—ป๐˜€๐—ถ๐˜ ๐—š๐—ฎ๐˜๐—ฒ๐˜„๐—ฎ๐˜†: It is secure in the AWS infrastructure, but on the on-premises connection, there would rely on extra security measures.
๐——๐—ถ๐—ฟ๐—ฒ๐—ฐ๐˜ ๐—–๐—ผ๐—ป๐—ป๐—ฒ๐—ฐ๐˜: Very secure since it is based on a dedicated private connection.
๐—ฆ๐—ถ๐˜๐—ฒ-๐˜๐—ผ-๐—ฆ๐—ถ๐˜๐—ฒ ๐—ฉ๐—ฃ๐—ก: Relies on encryption to protect traffic across the internet.

๐—ช๐—ต๐—ฒ๐—ป ๐˜๐—ผ ๐˜‚๐˜€๐—ฒ ๐—ฒ๐—ฎ๐—ฐ๐—ต:
๐—ง๐—ฟ๐—ฎ๐—ป๐˜€๐—ถ๐˜ ๐—š๐—ฎ๐˜๐—ฒ๐˜„๐—ฎ๐˜†:
You want to connect multiple VPCs and on-premises networks with complex routing requirements.
๐——๐—ถ๐—ฟ๐—ฒ๐—ฐ๐˜ ๐—–๐—ผ๐—ป๐—ป๐—ฒ๐—ฐ๐˜:
You want a high-bandwidth, dedicated private connection to AWS for large data transfers.
๐—ฆ๐—ถ๐˜๐—ฒ-๐˜๐—ผ-๐—ฆ๐—ถ๐˜๐—ฒ ๐—ฉ๐—ฃ๐—ก:
You want a simple way to connect a single on-premises network to an AWS VPC with smaller data volumes.

0
Subscribe to my newsletter

Read articles from Saloni Singh directly inside your inbox. Subscribe to the newsletter, and don't miss out.

AWSCloudvpcDirectConnectsite-to-site-vpndifference

Written by

Saloni Singh
Saloni Singh

โ€ข A Software Engineer with hands-on experience in AWS and Aws DevOps โ€ข Experience in CodePipeline using CodeCommit, CodeBuild and CodeDeploy โ€ข Experience with Terraform, Gitlab, Kubernetes, AWS DevOps, Helm charts, Golang, Python and NodeJS โ€ข Hands-on experience on AWS Migration projects including services - DMS, Glue, Aurora, Lambda, S3 โ€ข Possesses good knowledge on Bash Shell Scripting and Python Programming