6.2.2. Key Concepts Review: Hybrid & Inter-VPC Connectivity

Scalable and secure hybrid cloud connectivity and inter-VPC connectivity enable seamless data flow, centralized management, and flexible workload deployment across diverse network environments.

Scenario: You need to connect 20 application VPCs to a central shared services VPC, and also connect your on-premises data center to all these VPCs for a mission-critical application.

This review consolidates concepts for connecting networks in AWS and between AWS and on-premises.

Core Concepts & AWS Services for Hybrid & Inter-VPC Connectivity:

• Inter-VPC Connectivity:
  • VPC Peering: Direct connection between two VPCs, non-transitive.
  • AWS Transit Gateway (TGW): Central transit hub, transitive routing for many VPCs.
    • TGW Attachments & Routing: Connect networks, direct traffic.
    • TGW Network Manager: Centralized global network management and monitoring.
    • TGW Scenarios: Hub-and-Spoke, Shared Services VPCs.
• Hybrid Cloud Connectivity:
  • AWS Site-to-Site VPN: Secure, encrypted connection over public internet.
  • AWS Client VPN: Remote access for users.
  • AWS Direct Connect (DX): Dedicated, private network connection to AWS.
    • DX Connections & Virtual Interfaces (VIFs): Physical links & logical segments (Private, Public, Transit).
    • DX Resiliency & HA Patterns: Redundancy across connections/locations.
• Hybrid Cloud Routing: BGP, VPN ECMP for dynamic routing and load balancing.

⚠️ Common Pitfall: Overlapping CIDR blocks between connected networks (VPCs, on-premises). This is a fundamental design flaw that prevents direct routing.

Key Trade-Offs:

• Simplicity vs. Scalability: VPC Peering is simple for a few connections but doesn't scale. Transit Gateway is more complex but scales to hundreds of connections.
• Cost vs. Performance/Reliability: VPN is cheaper and faster to set up but relies on the public internet. Direct Connect is more expensive but offers consistent, private performance.

Reflection Question: How do scalable and secure hybrid cloud connectivity (Direct Connect, VPN) and inter-VPC connectivity (Transit Gateway) options fundamentally enable seamless data flow and support flexible workload deployment across diverse network environments?