Aviatrix for AWS

Aviatrix for Amazon Web Services

Aviatrix provides a modern cloud networking solution purpose-built for public clouds such as AWS. Aviatrix simplifies the way you enable enterprise site to AWS cloud, users to AWS cloud and cloud to cloud secure connectivity. Aviatrix solution requires no new hardware and deploys in minutes.

AWS Partner NetworkUnlike traditional networking devices, Aviatrix provides a centrally managed, point-and-click REST API driven solution for AWS. The Central Controller builds encrypted tunnel connections and security services by integrating with AWS infrastructure to launch gateway instances, modify AWS network routing tables, security policies and leverage other AWS native services. The result is a seamless user experience.

Aviatrix for AWS consists of two components: the Aviatrix Gateway, which is deployed on-premises or in the VPC; and the Aviatrix Cloud Controller, which provides centralized orchestration and management of one or more Gateways.

The New Standard for VPC Connectivity in AWS

Announced by AWS and Aviatrix at re:Invent 2018, a Zero Trust Architecture for VPC networks combining Aviatrix Orchestrator and AWS Transit Gateway helps to:

  • Ensure your AWS network meets VPC segmentation best practices
  • Limit lateral movement in the event of a breach
  • Minimize blast radius resulting from misconfigurations
  • Avoid project delays due to tedious, manual configuration
  • Migrate from existing vRouter-based (eg CSR) Transit VPCs
  • Move from a flat architecture to a transit architecture
Aviatrix Enterprise Multi-Cloud Backbone Overview
6:52 min | Share
Customer Testimonial: GREE Deploys VPCs Faster with Aviatrix
2:22 min | Share
Deploying Aviatrix using Terraform Provider
3:14 min | Share

Why Customers Choose Aviatrix


Centrally managed, point and click solution deploys in minutes.

Highly Available

Built-in gateway redundancy supports hot standby and failover in seconds Scalable. The solution does not require a unique public IP address on the hub gateway connecting to each spoke gateway. No limits on the number of spoke VPCs can be connected to hub VPC.


Central dashboard monitors, displays and alerts link status and link latency.


Stateful firewall at the gateway to enforce security policies. OpenVPN based user access allows end to end cloud network solution.

Cost Saving

If hub and spoke VPCs are in the same region, encrypted traffic is routed over AWS peering, reducing network bandwidth cost by 10 times (as compared to AWS Transit VPC solution that goes over Internet with VGW for hub and spoke traffic).

Remote Access: SSL VPN

Aviatrix Cloud Connect (ACC) enables enterprise-class secure remote access to AWS. Aviatrix SSL VPN to AWS offers global-scale, full-function remote access VPN capabilities. It enables an enterprise's employees and partners to directly connect into AWS over VPN.
AWS Remote Access

Combined with Aviatrix for AWS and inter-cloud peering, Aviatrix remote access VPN allows users to securely access their environments with a single certificate, even if they are spread across multiple VPCs, networks, and cloud providers. This capability greatly reduces user VPN management time for CloudOps.

  • Supports remote access for end users to connect to the cloud directly.
  • Supports wide range of clients: Windows, OS X, Linux, Chromebook, Android, and iOS.
  • Supports a scalable and highly available Cloud VPN solution.
    • Integrated with AWS load balancing, the solution scales to very large number of VPN gateways to serve thousands of users and bandwidth.
  • Supports multi-factor authentication: Duo, LDAP, and Okta.
  • Supports SAML authentication with Aviatrix proprietary VPN clients for Windows, OS X, and Linux.
  • Supports user-profile based access rules that allow administrators to define and enforce access privilege to any resources (network, protocols, and ports) in AWS VPC at the perimeter of the enterprise cloud network.
  • Supports the following log forwarders for remote logging: Logstash, Splunk, Sumo Logic, and rsyslog.
  • Supports split-tunnel and full-tunnel mode. Split-tunnel mode allows additional CIDRs to be pushed to client.
  • Supports modular configuration to support incremental configuration as your environment scales.
  • Supports active user dashboard and user browsing activity.
  • Requires no extra hop to access instances in different projects.
  • Supports policy-based multi-region and multi-cloud (AWS, Azure, and GCP) encrypted peering.
  • Supports multiple accounts for different business groups and projects.

Secure Inter-region Peering with AWS

Aviatrix is a next generation cloud networking solution built from the ground up for Amazon AWS. Simplify the way you inter-connect VPCs across AWS regions, connect your data center to a VPC, and connect AWS VPCs to other cloud providers. Easy to set up, fully encrypted, and peering based on policy. Based on the Aviatrix centralized controller, the solution simplifies and automates AWS inter-region peering. Get two connections for free.

Highlights include:

  • High availability with standby tunnel and automatic failover
  • Automatic discovery of VPCs
  • Configuration of routing across VPC networks; no static routes necessary
  • Policy-based routing
  • Stateful inspection for TCP port filtering

Encryption on AWS Direct Connect

Aviatrix provides a unique and powerful solution to enable high performance encryption on top of an established Direct Connect link between Amazon VPCs and customer site.
GCP Encryption

With the Aviatrix solution, an encrypted IPSec tunnel is established between the Aviatrix gateway and customer’s edge network or Aviatrix Virtual Appliance over an established Direct Connect connection.

  • No additional hardware is required to encrypt traffic.
  • The central controller offers point-and-click deployment.
  • The Aviatrix Gateway interoperates with third-party IPsec-enabled routing and firewall devices.
  • Aviatrix gateways support 1:1 redundancy for high availability. The controller monitors all IPsec tunnel status. If the tunnel goes down, the controller automatically reprograms the cloud infrastructure routing table to switch to a standby gateway instance.
  • The controller provides diagnostic capabilities for troubleshooting the gateway and IPsec tunnel status.
  • Extensive logging allows administrators to have complete visibility of network traffic.

Related Resources

Frequently Asked Questions
Aviatrix Answers

Visit our Answers section for FAQs sorted by common use cases.

Get Started
Product and Technical Documentation

All Aviatrix product documentation, step-by-step implementation guides, technical how-to’s and product release notes organized by use cases and fully searchable.

Recorded Sessions
Bootcamps and Webinars

Presented by our Solution Architects, AWS Bootcamps ditch the marketing spin and deliver fact-based advice and cloud networking best practices, often featuring a product walkthrough to demonstrate key points, followed by live Q&A.