Configure a VPN to provide a secure connection to your SDDC over the public Internet or AWS Direct Connect. Route-based and policy-based IPsec VPNs are supported. Either type of VPN can connect to the SDDC over the Internet. A route-based VPN can also connect to the SDDC over AWS Direct Connect.
You can also configure a Layer 2 VPN, which can be especially useful for workload migration.
For more information about IPsec VPNs, see the VMware Designlet VMware Cloud on AWS SDDC Connectivity With IPSec VPN.