AWS Site-to-Site VPN introduces Private IP VPNs for enhanced security and privacy
Starting June 2022, AWS Site-to-Site VPN supports the ability to deploy IPSec VPN connections over Direct Connect using private IP addresses. This change allows us to encrypt DX traffic between the on-premises network and AWS without the need for public IP addresses, leading to improved network security and privacy at the same time.
AWS Site-to-Site VPN is a fully managed service that creates a secure connection between a data centre or branch office and AWS resources using IP security (IPSec) tunnels.
Until now, it was necessary to use a public IP address to connect on-premises networks to AWS VPCs. Many of our customers require robust encryption of network traffic through Direct Connect and, at the same time, are not allowed to use public IP addresses for this communication. With this release, we can configure private IP addresses (RFC1918) on their IPSec VPN tunnels over Direct Connect and ensure that traffic between AWS and on-premises networks is encrypted and private.
This feature allows us to improve the overall security posture to better comply with any regulatory or security mandates. Pricing for Private IP VPN connection is the same as regular Site-to-site VPN connection. For additional information, visit the AWS Site-to-site VPN product page, documentation, and pricing page.