CloudWiki
Resource

Virtual Private Gateway

Amazon Web Services
Network
A virtual private gateway is the VPN endpoint on the Amazon side of your Site-to-Site VPN connection that can be attached to a single VPC.
Terraform Name
terraform
aws_vpn_gateway
Virtual Private Gateway
attributes:
  • vpc_id - (Optional) The VPC ID to create in.
  • availability_zone - (Optional) The Availability Zone for the virtual private gateway.
  • tags - (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
  • amazon_side_asn - (Optional) The Autonomous System Number (ASN) for the Amazon side of the gateway. If you don't specify an ASN, the virtual private gateway is created with the default ASN.

Associating resources with a
Virtual Private Gateway
Resources do not "belong" to a
Virtual Private Gateway
Rather, one or more Security Groups are associated to a resource.
Create
Virtual Private Gateway
via Terraform:
The following HCL creates a virtual private gateway
Syntax:

resource "aws_vpn_gateway" "vpn_gw" {
 vpc_id = aws_vpc.main.id

 tags = {
   Name = "main"
 }
}

Create
Virtual Private Gateway
via CLI:
Parametres:

create-vpn-gateway
[--availability-zone <value>]
--type <value>
[--tag-specifications <value>]
[--amazon-side-asn <value>]
[--dry-run | --no-dry-run]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
[--debug]
[--endpoint-url <value>]
[--no-verify-ssl]
[--no-paginate]
[--output <value>]
[--query <value>]
[--profile <value>]
[--region <value>]
[--version <value>]
[--color <value>]
[--no-sign-request]
[--ca-bundle <value>]
[--cli-read-timeout <value>]
[--cli-connect-timeout <value>]
[--cli-binary-format <value>]
[--no-cli-pager]
[--cli-auto-prompt]
[--no-cli-auto-prompt]

Example:

aws ec2 create-vpn-gateway --type ipsec.1

aws cost
Costs
The AWS Virtual Private Gateway is a VPC component that provides the VPN endpoint for Amazon VPC traffic. There is a hourly charge for each active Virtual Private Gateway attached to a VPC, which varies depending on the region in which it is deployed. In addition to the hourly charge for the Virtual Private Gateway, there may also be data transfer fees for traffic sent through the VPN connection, as well as charges for the number of VPN connections established.
Direct Cost

--

Indirect Cost
No items found.
Best Practices for
Virtual Private Gateway

Categorized by Availability, Security & Compliance and Cost

Low
Access allowed from VPN
No items found.
Low
Auto Scaling Group not in use
No items found.
Medium
Connections towards DynamoDB should be via VPC endpoints
No items found.
Medium
Container in CrashLoopBackOff state
No items found.
Low
EC2 with GPU capabilities
No items found.
Medium
EC2 with high privileged policies
No items found.
Medium
ECS cluster delete alarm
No items found.
Critical
ECS task with Admin access (*:*)
Medium
ECS task with high privileged policies
No items found.
Critical
EKS cluster delete alarm
No items found.
Medium
ElastiCache cluster delete alarm
No items found.
Medium
Ensure Container liveness probe is configured
No items found.
Medium
Ensure ECS task definition has memory limit
No items found.
Critical
Ensure EMR cluster master nodes are not publicly accessible
No items found.
More from
Amazon Web Services