What is AWS VPN and how does it work?


Amazon Web Services (opens in a new tab) (AWS) offers Site-to-Site and client VPN services. Client VPN is a form of remote VPN service, while Site-to-Site is a form of Cloud VPN. Confused? Read our comparison article Remote VPN vs Cloud VPN for a refresher on these two types of VPN.

AWS VPN encrypts network communications, making it harder for hackers to access sensitive email, customer information, and other confidential data. In this article, we’ll explore site-to-site and client VPN use cases, and discuss unique features, pricing, and support options.

Do I need a site-to-site or client VPN?

In a business context, AWS Client VPN creates temporary and secure communication tunnels between your corporate server and your employees’ devices. Tunnels are temporary, as they disappear when an employee logs out, and reappear when they log back in. With Client VPN, when an employee connects to the corporate network from home or downloads to their mobile device, all information passed between the employee’s device and your corporate network is secure.

You can use AWS Site-to-Site VPN to encrypt communications between two or more large corporate networks, such as a satellite office and a corporate office. Site-to-Site VPN creates a permanent high-capacity secure tunnel where an Amazon VPN gateway encrypts all communication. These permanent tunnels are more expensive than the temporary tunnels set up by the customer VPN, but they transfer large volumes of data more efficiently.

Which product is right for you depends on your VPN needs. To secure internal communication between several geographically separated networks, you need a site-to-site VPN. If you need secure remote access for employees, you will need a client VPN. It is not uncommon for companies to use both.

Why choose AWS VPN?

There are many cloud and remote VPN solutions, such as Perimeter 81 (opens in a new tab) and NorthLayer (opens in a new tab), so let’s look at what sets AWS VPN apart. If you want to know more about these providers, check out our Perimeter Review 81 (opens in a new tab) and NordLayer Review (opens in a new tab).

On the remote VPN side, AWS VPN provides a unique cloud-based model. Typically, you need to install a VPN client on your corporate server to set up a remote VPN. Remote VPN relies on the computing power of your server and employee devices to help encrypt communications. This can cause your system to slow down and imposes an upper limit on the number of remote employees you can connect at any one time.

With AWS Client VPN, there are no clients to install. Instead, everything stays in Amazon’s cloud, dramatically reducing the compute load on your system. This results in a faster system with fewer slowdowns and outages for remote employees.

The primary benefit of AWS Site-to-Site VPN is integration with other AWS services. First, being an AWS service, it benefits from the AWS Global Accelerator. This speeds up your system performance by up to 60%, which is especially noticeable for long-range communications. You can also monitor and troubleshoot your Site-to-Site VPN connection directly from your AWS management console.

Whichever VPN you choose, your data is secure. AWS VPN products use AES-256-bit encryption, the same standard used by the United States government and military.

How much does AWS VPN cost?

Client VPN and Site-to-Site VPN follow different pricing models. The pricing system for both products is simple compared to competing brands. There are no pricing tiers and no limit to the number of connected users.

Client VPN has two charges: $0.10 per hour for an endpoint association and $0.05 per client per hour for client (employee) connections. To start, you create an endpoint and associate subnets or IP addresses with it. This is all a bit technical, so to keep things simple, think of the endpoint as your corporate network. Remote employees will connect to this endpoint to access their apps for work. The endpoint is still active and the base rate for an endpoint is $0.10 per hour.

When employees connect to the VPN to start work, AWS Cloud VPN will charge you $0.05 per customer per hour. So if 10 employees log in and work for an hour, your total cost for that hour will be:

$0.05 x 10 = $0.50

Endpoint = $0.10

Total = $0.50 + $0.10 = $0.60

Pricing is simple and consistent whether you’re a small business with a few remote workers or a large company employing thousands of people.

Note that the values ​​above use data from AWS US East (Ohio), which covers connections throughout the eastern United States. A quick check of other regions indicated that prices are similar all over the world at the time of writing, but regional prices are subject to change at any time.

Billing for Site-to-Site VPN is a bit different. There are two charges: a connection charge for each site-to-site connection and a data transfer charge. Connection charges for US East (Ohio) are $0.05/hour and charges vary by region. The transfer of the first 100 GB of data is free. Thereafter, data transfer follows an on-demand pricing model. The higher the demand for Amazon’s services at that time, the more expensive the data transfer will be. Data transfer during off-peak hours is therefore cheaper. You can check current prices on demand for all regions on Amazon. EC2 On-Demand Pricing (opens in a new tab) page.

For Client and Site-to-Site VPNs, AWS billing is monthly and is drawn on the 1st of each month.

What customer support does AWS VPN offer?

Amazon AWS requires a high degree of technical knowledge to set up and run. Although its solutions are often technically simpler than competing products, there is little built-in support. You will need to purchase one of Amazon Premium Support Plans (opens in a new tab) or hire an in-house AWS specialist. The best option will depend on your own technical experience with AWS and your budget. Note that AWS support is not limited to AWS VPN and provides support for all products in the AWS suite.


Implementing one of Amazon’s IaaS (Infrastructure as a Service) solutions can be a complex yet rewarding task, and AWS VPN is no exception. Amazon offers two enterprise VPN products: AWS Client VPN, which allows employees to securely connect to your company’s server while working remotely, and AWS Site-to-Site VPN, which allows two networks to ‘geographically distant company to communicate securely with each other.

Both systems use military-grade encryption to conceal data and use scalable hourly pricing without complex pricing tiers. If you need a powerful and flexible IaaS VPN, consider AWS. To learn more about business VPN, check out our list of best business VPNs (opens in a new tab)and our choices for the best vpn service (opens in a new tab) globally.


About Author

Comments are closed.