Example VPC Architecture
Gateways
- Internet Gateway (IGW)—allows internet access from a VPC
- NAT Gateway (NATGW)—provides internet access to EC2 instances in private subnets, outbound only
- Transit Gateway (TGW)—Provides hub and spoke connectivity for VPCs
- Virtual Private Gateway (VGW)—Connects site-to-site VPN tunnels to a VPC
- Direct Connect Gateway (DXGW)—Connect global VPCs to Direct Connect
- Customer Gateway (CGW)—On-prem router equipment, connects with VGW, TGW or DXGW
VPC Peering
- VPC-to-VPC communication
- Non-transitive
- Full mesh required for any-to-any connectivity
- Downsides:
- Difficult to manage firewall
- Unmanageable at high scale—125 peer limit
