Path of connection between two EC2 instances

I have an EC2 instance running in my own VPC. One of my partners also has an EC2 running in their own VPC in AWS. The two instances connect to each other via TCP to exchange data. Connection is made through their DNS address.

I am wondering about two scenarios:

  • The instances are in separate regions
  • The instances are in the same regions

What is the path taken by the TCP connection between the two instances? Does it matter that they both live within AWS? When the instances are in the same region, does the connection ever leave AWS to an external network switch / router?


Different regions means different datacenters, this means that the traffic is routed over the internet unless you have direct connect set up.

In case both VPCs are in the same region most cases the traffic won't leave the AWS datacenter network


The traffic will travel over the internet. In practice if they're in the same AWS region the traffic may never hit the public internet, but you shouldn't treat inter-account or inter-VPC traffic as secure - encrypt if the data is sensitive.

You can use VPC Peering if you want to ensure your traffic goes over the AWS backbone. That works across regions. VPC peering is free but you're charged for traffic, at least according to this blog article from 2014. I can't easily find more up to date pricing.