AWS Site-to-Site VPN, Egress-only internet gateway & VPC Limitations

Amazon Cloud Concepts Learning --> Day7

AWS Site-to-Site VPN

• Customers can connect from their own on-premises network to the AWS side network and set up routing to send traffic across the link to the target network with the aid of site-to-site VPN.

• These exchanges take place via a private, encrypted IPsec channel. This network's data flow is all encrypted and compliant with IPsec.

Key Concepts for Site-to-Site VPN

• Customer gateway: An AWS resource which provides information to AWS about your customer gateway device.

• Virtual private gateway: A virtual private gateway is the VPN endpoint on the Amazon side of your Site-to-Site VPN connection that can be attached to a single VPC.

• VPN connection: A secure connection between your on-premises equipment and your VPCs.

Site-to-Site VPN Limitations

• On a virtual private gateway, IPv6 traffic is not supported for VPN connections.

• Path MTU Discovery is not supported by an AWS VPN connection.

Egress-only internet gateway

• An egress-only internet gateway is a highly available, redundant, horizontally scaled VPC component that keeps the internet from establishing an IPv6 connection with your instances while enabling outbound IPv6 communication from instances in your VPC to the internet.

• An egress-only internet gateway is for use with IPv6 traffic only. To enable outbound-only internet communication over IPv4, use a NAT gateway instead.

• Stateful in nature, an egress-only internet gateway relays traffic from the subnet's instances to the internet or other AWS services before returning the answer to the instances.

• You cannot associate a security group with an egress-only internet gateway.

• You can use a network ACL to control the traffic to and from the subnet for which the egress-only internet gateway routes traffic.

VPC Limitations

https://awslearner.hashnode.dev/amazon-web-services-via-category