AWS Networking: How to Optimize VPN Connections for On-Premise Communication

Reduce VPN Connections for Seamless Communication Between AWS VPCs and On-Premise Services

Prev Question Next Question

Question

A company currently has a number of VPC's hosted in AWS.

They also have a VPN connection between their on-premise data center and AWS.

They want to limit the number of VPN connections they would need to create in order to ensure that the VPC's hosted in AWS can talk to the on-premise services.

Which of the below is a way that this can be achieved.

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer - B.

The AWS documentation mentions the following.

For more information on VPC-VPN connection sharing , please refer to the below link.

https://aws.amazon.com/answers/networking/aws-multiple-vpc-vpn-connection-sharing/
Shared Services VPC

This approach creates a shared services VPC which contains replicated services, and also application proxies for requests to remote resources that
cannot be directly replicated as a shared service. This approach eliminates the need to create VPN connections for additional VPCs because all required
on-premises resources will be accessed either directly or indirectly through the shared services VPC.

This option is best suited for customers with the following use case/requirements:

¢ The majority of their infrastructure is (or will be) on AWS
e The required on-premises resources are easy to replicate or proxy (e.g., Active Directory)
¢ They prefer to limit VPN traffic

¢ Strong security or compliance programs require additional application-level controls and proxy servers between their AWS and on-premises
resources (e.g., application-layer firewalls)

The company wants to limit the number of VPN connections they need to create in order to ensure that the VPC's hosted in AWS can talk to the on-premise services. There are several ways to achieve this goal:

A. Peer the VPC's together and then forward the traffic through one of the VPC's: This method involves peering all the VPCs together and then forwarding the traffic through one of the VPCs. This way, only one VPN connection is needed between the on-premise data center and the VPC that is used as a hub for all the other VPCs. However, this method requires all the VPCs to be peered together, which may not be desirable in all cases.

B. Create a shared services VPC and route all requests to the other VPCs via this VPC: This method involves creating a shared services VPC and routing all requests from the other VPCs through this VPC. This way, only one VPN connection is needed between the on-premise data center and the shared services VPC. The shared services VPC can be used to host services that are commonly used by all the other VPCs, such as DNS or authentication services.

C. There is no way, you need to ensure there is a VPN connection between each VPC and the on-premise infrastructure: This answer is incorrect. There are ways to limit the number of VPN connections needed between the on-premise data center and the VPCs hosted in AWS, as described above.

D. Make use of an AWS Storage Gateway to integrate AWS Cloud with existing on-premise infrastructure: This method involves using an AWS Storage Gateway to integrate AWS Cloud with existing on-premise infrastructure. This can be useful for integrating storage services, such as Amazon S3, with on-premise applications. However, it may not be suitable for all types of services that need to communicate between the on-premise data center and the VPCs hosted in AWS.

In conclusion, the best option to limit the number of VPN connections needed between the on-premise data center and the VPCs hosted in AWS is to create a shared services VPC and route all requests to the other VPCs via this VPC. This approach provides a centralized hub for all traffic and allows for the creation of a shared infrastructure that can be used by all VPCs.