AWS VPN
Business VPN software
Network security software
- Features
- Ease of use
- Ease of management
- Quality of support
- Affordability
- Market presence
Take the quiz to check if AWS VPN and its alternatives fit your requirements.
Pay-as-you-go
Free Trial unavailableFree version unavailable
Small
Medium
Large
- Information technology and software
- Energy and utilities
- Healthcare and life sciences
What is AWS VPN
AWS VPN is a set of managed VPN services that provide encrypted connectivity between customer networks, remote users, and Amazon Virtual Private Clouds (VPCs). It is primarily used by IT and network teams to connect on-premises sites to AWS (site-to-site) and to provide remote user access to AWS and connected networks (client VPN). The service integrates with AWS networking constructs such as VPC route tables, security groups, and AWS identity options, and it is operated as a managed service rather than customer-managed VPN appliances.
Managed IPsec VPN connectivity
AWS Site-to-Site VPN provides managed IPsec tunnels between customer gateways and AWS, reducing the need to deploy and maintain VPN concentrator infrastructure in AWS. It supports common enterprise VPN interoperability patterns with customer-managed routers and firewalls. This fits organizations that want standard VPN connectivity into cloud networks without adopting a separate overlay networking stack.
Native AWS network integration
AWS VPN integrates directly with VPC routing, including route propagation and association with AWS networking components. This makes it straightforward to connect VPN traffic to specific subnets and control access using AWS security controls. For teams already standardizing on AWS networking, this reduces operational friction compared with running third-party VPN software on compute instances.
Remote access via Client VPN
AWS Client VPN provides a managed remote-access VPN endpoint for users to reach AWS resources and, optionally, connected networks. It supports common authentication approaches (for example, certificate-based authentication and integration with AWS identity services) and centralized endpoint management. This can simplify remote access for AWS-centric environments compared with self-hosting remote-access VPN servers.
AWS-centric deployment model
AWS VPN is designed primarily to terminate in AWS and to extend access to AWS VPCs and attached networks. Organizations seeking a vendor-neutral, multi-cloud control plane or a single overlay spanning heterogeneous environments may find the model less flexible. Multi-cloud and non-AWS-centric use cases often require additional architecture and tooling outside AWS VPN.
Feature scope vs SASE/ZTNA
AWS VPN focuses on VPN connectivity rather than providing a full secure access service edge or zero-trust network access feature set. Capabilities such as advanced user/device posture checks, application-level segmentation, and integrated secure web gateway functions typically require additional AWS services or third-party products. Teams comparing it to modern access platforms may view it as more network-centric than identity- and app-centric.
Operational complexity at scale
Large deployments can require careful planning around routing, overlapping CIDRs, split tunneling choices, and integration with existing network security controls. Troubleshooting end-to-end connectivity often spans customer edge devices, AWS routing, and security policies, which can increase time-to-resolution. Cost and configuration management can also become more complex when many endpoints, tunnels, or environments are involved.
Plan & Pricing
Pricing model: Pay-as-you-go Free tier/trial: No permanently free plan or time-limited trial stated on the AWS VPN pricing page.
Pricing (official AWS VPN pricing page):
- Site-to-Site VPN (1.25 Gbps): $0.05 per VPN-connection-hour (example shown for US East (Ohio) on the pricing page). Note: standard data transfer out charges also apply.
- Site-to-Site VPN (5 Gbps): $0.60 per 5 Gbps Site-to-Site VPN connection-hour.
- Site-to-Site VPN Concentrator: $1.95 per VPN Concentrator-hour; connections to sites via a VPN Concentrator: $0.01 per Site-to-Site VPN connection-hour.
- Accelerated Site-to-Site VPN: uses the Site-to-Site VPN connection rates above plus additional hourly charges for two AWS Global Accelerator endpoints and DT-Premium (Data Transfer Premium) fees (per the pricing page and Global Accelerator pricing).
- AWS Client VPN: $0.10 per Client VPN endpoint-hour (endpoint hourly fee) plus $0.05 per active Client VPN connection-hour (per-connection hourly fee). Public IPv4 address charges and standard data transfer charges may also apply.
Other notes from the official page:
- Data transfer out charges (EC2/VPC data transfer rates) and public IPv4 address charges are charged separately; CloudWatch logging charges apply if you enable logging.
- Pricing examples (monthly cost calculations) are provided on the official page for common scenarios.
(These figures are taken directly from the AWS VPN official pricing page.)
Seller details
Amazon Web Services, Inc.
Seattle, Washington, USA
2006
Subsidiary
https://aws.amazon.com/
https://x.com/awscloud
https://www.linkedin.com/company/amazon-web-services/
