In cases where only two regions are to be connected, the IPsec VPN solution deploys point-to point IPsec VPN tunnels between those regions.
The VPN connectivity topology automatically upgrades to a full-mesh architecture once more than 2 AWS regions are inter-connected. A full-mesh architecture ensures that each AWS region is directly connected to every other region.
In cases where there are multiple VPCs inside the same AWS region, a transit VPC is provisioned. Each connected transit VPC is directly connected to every other transit VPC in each region.
To learn more download the Managed IPsec VPN Whitepaper