Skip to content

Connect to Your Network

Connecting Nautobot Cloud to your network is essential for enabling advanced automation features like Ansible AWX or NautobotGPT. These services require a secure site-to-site connection to monitor or manage your network. There are four ways to establish this connection.

Four Ways to Connect

Your Nautobot Cloud account comes with a dedicated Virtual Private Cloud (VPC), containing all your Nautobot Cloud services. Nautobot Cloud provides several options to securely connect to this VPC, giving your Nautobot Cloud instances access to your on-premises or cloud-based network infrastructure.


Network diagram of Nautobot cloud connectivity options
Network diagram of Nautobot cloud connectivity options. The three connection types are overlaid for demonstration purposes.

Comparison Chart

Method Description Use Case Self-Service
Secure Proxy Install a lightweight relay in your network that makes an outbound connection to Nautobot Cloud. Worker traffic is tunneled through it transparently — no inbound firewall rules or VPN infrastructure required. Organizations that want fast, self-serve connectivity without VPN or AWS infrastructure. Works with any network topology. Yes
Virtual Private Network Establish a secure VPN connection between your Nautobot Cloud account's network and your company's cloud or on-prem network. Organizations with little or no AWS presence and those who need quick setup and teardown. Yes
AWS Transit Gateway Use an AWS VPC as Nautobot's point of contact to your network, optionally forwarding traffic to your on-prem network as well. Organizations with VPCs set up, especially with routing centralized around this VPC. No, contact support.
AWS Direct Connect Use a dedicated physical network connection from your on-premises data center to an AWS delivery partner. Those with an existing AWS Direct Connect setup or have high bandwidth, low latency requirements. No, contact support.

Choosing a connection method

To choose the right connectivity method for you, consider the following factors:

  • Is your network on-prem, cloud-based, or hybrid?
  • Do you have an AWS account? If so, what is your level of AWS presence?
  • What is your network's best point of contact for external networking services?

For the simplest self-serve setup with no infrastructure prerequisites, use Secure Proxy — install a small relay in your network and you are done. For a site-to-site VPN without AWS, connect using a site-to-site VPN. For a cloud-based connection routed through an AWS VPC, connect using AWS Transit Gateway. Finally, if you already have a physical link to an AWS datacenter, connect using AWS Direct Connect for minimum latency, maximum bandwidth, and excellent consistency. The decision tree below serves as a general guide for most use cases. Contact support for additional guidance.

Decision tree for connectivity options

For help deciding on a connectivity method for your use case, contact support.

How to Get Started

Secure Proxy and VPN setup are fully self-serve. The AWS Transit Gateway and AWS Direct Connect options require that you contact support.