Encrypted Peering
The Problem

Achieving Security & Compliance for Data-in-motion within the Cloud


Most industry regulations specify how sensitive data in motion needs to be handled. Common regulations like SOC 2, HIPAA, and GDPR have varying requirements for encrypting traffic. Within public cloud environments — where security is a shared model — you may need defense in depth for traffic between VPCs. There are 3 common areas where additional security using encryption may be required:

  • AWS Intra-Region VPC peering where native encryption is not available from AWS or other provider
  • AWS Inter-Region VPC peering where encryption is available by AWS, however shared keys are used for your traffic as well as the traffic of other organizations, and/or
  • DevOps tools in an AWS Shared Services VPC that communicate to instances in a production VPC where sensitive data or personal information needs to be encrypted

If your company has regulatory requirements for data-in-motion, the monitoring and auditing of traffic across an AWS VPC network can become challenging as well. What’s needed is a cloud-native, secure peering solution.

The Aviatrix Solution

Encrypted Peering

Aviatrix Encrypted Peering

Aviatrix provides a point and click centralized Controller solution with distributed Gateway instances to create encrypted tunnels between VPCs. The two VPCs could be in the same region (intra-region), or in different regions (Inter-Region) or in a multicloud environment. Using the Aviatrix Controller, the workflow is similar to provisioning AWS peering or Azure peering, without the limitations.

For example, AWS has route entry limits of 100 entries per routing table. Audits are easily handled through information available in the centralized Controller.

For higher bandwidth encrypted cluster peering, refer to this doc.

How we’re different

Centrally Managed VPC Peering without Limits


Encrypted VPC peering designed for Cloud

Centrally provision and manage secure VPC connections across accounts and regions and eliminate inherent AWS network limitations for route tables.


High Availability

All the components — Controllers, Gateways and tunnels — can be deployed as high availability configurations to maximize redundancy and fault tolerance.

Simplified Troubleshooting

Built-in visibility and diagnostic tools provide link status, network performance and configurable alerts to simplify troubleshooting and monitoring. Additionally, events across all clouds can be logged and forwarded to tools such as Splunk and Datadog for further correlation.


Minimize Costs

Low, per-connection-hour pricing that can be optionally tacked on to your AWS or Azure bill.

Learn More

Have questions about Encrypted peering?

Ready to get started?

Choose your deployment model to build this networking use case on AWS in minutes.

Free 14-Day Trial – Cancel Anytime.

Cancel Anytime.

Free 14-Day Trial – Cancel Anytime.

Cancel Anytime.