AWS networking provides the infrastructure necessary to securely connect virtual machines to one another, and to connect on-premises data centers with AWS VMs.
AWS blocks unauthorized traffic to and within AWS data centers using a variety of technologies such as:
- partitioned Local Area Networks (LANs), and
- physical separation of back-end servers from public-facing interfaces.
Network isolation prevents unwanted tenant-to-tenant communications, and access controls block unauthorized users from the network. Virtual machines do not receive inbound traffic from the Internet unless customers configure them to do so.
A customer can assign multiple deployments within a subscription to a virtual network and allow those deployments to communicate with each other using private IP addresses. Each virtual network is isolated from other virtual networks.
Built-in cryptographic technology enables customers to encrypt communications within and between deployments, between AWS regions, and from AWS to on premises data centers. Encryption can be configured to protect administrator access to virtual machines through remote desktop sessions and remote Windows PowerShell. Access to the AWS Management Portal is encrypted by default using HTTPS.