In cases where only two regions are to be connected, the IPsec VPN solution deploys point-to point IPsec VPN tunnels between those regions.
The VPN connectivity topology automatically upgrades to a full-mesh architecture once more than 2 AWS regions are inter-connected. A full-mesh architecture ensures that each AWS region is directly connected to every other region.
In cases where there are multiple VPCs inside the same AWS region, a local transit VPC is provisioned in each AWS region. Local transit VPCs connect to VPCs inside the same region via a hub and spoke topology. Each local transit VPC is directly connected to every other transit VPC in each region.
To learn more download the Managed IPsec VPN Whitepaper