AWS Network Connectivity Options
Internet Gateway
Provides Internet connectivity to VPC
It is a horizontally scaled redundant and highly available component that allows communication among instances in your VPC or the internet.
Your network traffic is not subject to bandwidth restrictions or availability risks.
It serves two purposes: it provides a target in VPC route tables for internet traffic and performs NAT for instances that do not have public IPv4 addresses.
Supports IPv4 and IPv6 traffic.NAT Gateway
This allows instances in a private network to connect to the internet and other AWS services. However, it prevents the Internet establishing connections with the instances.
Private NAT gateway allows instances within private subnets, to connect to other VPCs and the on-premises network. Egress Only Internet Gateway
For IPv6 traffic, NAT devices cannot be supported. Instead, use an Egress only Internet gateway
An egress-only Internet gateway, which is horizontally scaled, redundant and highly available, is a VPC component that can be used to access the Internet.
VPC Endpoints
VPC Endpoint allows for a private connection between VPC and supported AWS services. PrivateLink powered VPC endpoint services are available without the need for an internet gateway, VPN connection, NAT device, VPN connection or AWS Direct Connect connection.
VPC instances do not require public IP addresses for communication with the service’s resources. Traffic between the VPC service and another service does not leave Amazon’s network.
VPC Endpoints can be described as virtual devices. They are horizontally scaled and redundant and highly available VPC components. They allow communication between instances within the VPC and services, without imposing any availability risks or bandwidth limitations on the network traffic.
VPC Endpoints can be divided into two types: Interface Endpoints – This is an elastic network interface that has a private IP address and serves as an entry point to traffic destined for supported services.
Gateway Endpoints – A gateway that is a target of a route in your route list, used to redirect traffic to an AWS service. VPC Private Links currently only available for Amazon S3 or DynamoDB.
Provides private connectivity between VPCs, AWS Services, and your on-premises network without exposing your traffic the public internet.
Privately exposes a service/application that is located in one VPC (service supplier) to other VPCs within an AWS Regional in a manner that only consumers can initiate connections to the service provider VPC.
AWS PrivateLink can be combined with ALB’s advanced routing capabilities to make it a target of NLB. VPC Peering
Allows for networking between two VPCs to route traffic using private IPv4 or IPv6 addresses
You can create connections between your VPCs and another AWS account.
This allows bidirectional connectivity between VPCs
Supports inter-region VPC peering connectivity
Uses existing AWS infrastructure
There is no single point of failure in communication or bandwidth bottleneck.
VPC peering connections are limited and cannot be used with OverlappingCIDR blocks
Does not offer Transitive peering
Edge to Edge routing via Gateway or private connection is not supported
It is best to use when resources in one VPC need to communicate with resources from another VPC. The environment of both VPCs can be controlled and secured.
AWS VPN CloudHub allows secure communication between two sites using AWS Managed VPN and Direct Connect
AWS VPN CloudHub works on a simple hub and spoke model that can be used with or against a VPC
AWS VPN CloudHub is available if you have multiple branches and internet connections and wish to implement a convenient,