Allow a network connection between 3 different environments

Question

I've 3 environments: AWS environment and 2 isolated on-premises environments. The on-premises environments have a VPN connection and can communicate properly together. One of these 2 on-premises environments has a VPN connection to AWS environment. However, there's an application that will be built on AWS that needs access to the on-premises environment that doesn't has VPN connection to the AWS environment.

How to allow the connection between these environments without having to establish a new VPN connection between them?

Answer 1

If you want to use only VPN you can do it in two ways.

Option 1

From the picture below you have only VPN 1 and VPN 2.
In this case your application will be on C and it needs to access something on B.
A router on A will know how to communicate with both networks, B and C.
So it will be like this: C -> A -> B

More slow, but works fine, and probably it should already work today withou any new configuration/change.

---

Option 2

From the picture below you will crate the new VPN 3 between C and B.

Answer 2

What you need is AWS Direct Connect: https://aws.amazon.com/directconnect/

"AWS Direct Connect lets you establish a dedicated network connection between your network and one of the AWS Direct Connect locations. Using industry standard 802.1q VLANs, this dedicated connection can be partitioned into multiple virtual interfaces. This allows you to use the same connection to access public resources such as objects stored in Amazon S3 using public IP address space, and private resources such as Amazon EC2 instances running within an Amazon Virtual Private Cloud (VPC) using private IP space, while maintaining network separation between the public and private environments. Virtual interfaces can be reconfigured at any time to meet your changing needs."

Before you set this up, you better plan out your ip ranges in your VPC since you don't want to use the ip ranges that your onprem network occupied.