learning pathAmazon VPC Connectivity Options
7 hours
Build hands-on tech skillsImprove theoretical and practical skills needed in real-world scenarios.
Stay focused, stay committedSupercharge your learning journey by enrolling, empowering you to stay focused, motivated, and achieve your goals with ease.
Earn a certificate of completionShow your skills and build your credibility when you include them in your resume and LinkedIn profile.

Training content


This learning path has been designed to provide you with an understanding of various connectivity options when architecting Amazon Virtual Private Clouds, enabling you to connect your own networks to your AWS infrastructure.

Learning Objectives:

  • Learn how to create your own large network topology that uses AWS Transit Gateway to connect multiple VPCs
  • Understand when and why it becomes appropriate to transition away from the standard methods of VPC peering when connecting large numbers of networks
  • Howe to create attachments and Route Tables for your AWS Transit Gateway
  • How to configure VPC route tables for use with your AWS Transit Gateway
  • How to observe AWS Transit Gateway traffic using flow logs
  • What AWS Direct Connect is, and why it’s needed
  • AWS Direct Connect architecture and prerequisites
  • How AWS Direct Connect is billed
  • The AWS Direct Connect connection process
  • Public, Private, and Transit Virtual Interfaces (VIFs)
  • AWS Direct Connect advanced connectivity
  • Understand the IPsec security framework
  • Authentication Headers
  • Encapsulating Security Payloads
  • Security Associations
  • IKE phase 1 and phase2, and both Transport mode and Tunnel Mode
  • Where and how IPsec VPNs are created within AWS VPCs
  • How to connect on-premises networks to Amazon VPCs using Internet Protocol Security (IPSec) virtual private network (VPN) tunnels
  • How to configure internal Border Gateway Protocol (BGP) on on-premises routers
  • How to configure on-premises routers to connect to Amazon VPCs using BGP
  • Understand the differences between static and dynamic routing
  • Gain experience with multi-homed instances and understand some reasons for using them
  • Encryption for data in transit using VPN and Direct Connect connections
  • Using IPsec security to configure encryption
  • The costs of connectivity services like Direct Connect, Site-to-Site VPN, and Transit Gateway
  • How to select the most cost-effective connectivity option considering your business requirements


As a perquisite to taking this learning path, you may find it beneficial in having some familiarity with the fundamentals of AWS and some of its core services.


If you have any feedback on this learning path, positive or negative, please send an e-mail to

Your certificate for this learning path
Stuart Scott
AWS Content Director
Learning Paths

Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.

To date, Stuart has created 150+ courses relating to Cloud reaching over 180,000 students, mostly within the AWS category and with a heavy focus on security and compliance.

Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.

He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.

In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.

Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.