CloudWiki
Resource
Detect, troubleshoot & optimize AWS environments in real-time ->

Amazon Web Service (AWS)

Virtual Private Gateway

Network
A virtual private gateway is the VPN endpoint on the Amazon side of your Site-to-Site VPN connection that can be attached to a single VPC.
Costs
The AWS Virtual Private Gateway is a VPC component that provides the VPN endpoint for Amazon VPC traffic. There is a hourly charge for each active Virtual Private Gateway attached to a VPC, which varies depending on the region in which it is deployed. In addition to the hourly charge for the Virtual Private Gateway, there may also be data transfer fees for traffic sent through the VPN connection, as well as charges for the number of VPN connections established.
Direct Cost

--

Indirect Cost
No items found.
Terraform Name
aws_vpn_gateway
Virtual Private Gateway
attributes:
  • vpc_id - (Optional) The VPC ID to create in.
  • availability_zone - (Optional) The Availability Zone for the virtual private gateway.
  • tags - (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
  • amazon_side_asn - (Optional) The Autonomous System Number (ASN) for the Amazon side of the gateway. If you don't specify an ASN, the virtual private gateway is created with the default ASN.

Associating resources with a
Virtual Private Gateway
Resources do not "belong" to a
Virtual Private Gateway
Rather, one or more Security Groups are associated to a resource.
Create
Virtual Private Gateway
via Terraform:
The following HCL creates a virtual private gateway
Syntax:

resource "aws_vpn_gateway" "vpn_gw" {
 vpc_id = aws_vpc.main.id

 tags = {
   Name = "main"
 }
}

Create
Virtual Private Gateway
via CLI:
Parametres:

create-vpn-gateway
[--availability-zone <value>]
--type <value>
[--tag-specifications <value>]
[--amazon-side-asn <value>]
[--dry-run | --no-dry-run]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
[--debug]
[--endpoint-url <value>]
[--no-verify-ssl]
[--no-paginate]
[--output <value>]
[--query <value>]
[--profile <value>]
[--region <value>]
[--version <value>]
[--color <value>]
[--no-sign-request]
[--ca-bundle <value>]
[--cli-read-timeout <value>]
[--cli-connect-timeout <value>]
[--cli-binary-format <value>]
[--no-cli-pager]
[--cli-auto-prompt]
[--no-cli-auto-prompt]

Example:

aws ec2 create-vpn-gateway --type ipsec.1

Best Practices for
Virtual Private Gateway

Categorized by Availability, Security & Compliance and Cost

No items found.
Explore all the rules our platform covers
Related blog posts
We haven't write about
Virtual Private Gateway
yet.
View all blog posts ->
All Resources
Compute
Athena
Auto Scaling Group
Availability Zone
EC2
ECS
ECS Task Definition
EKS
Lambda Function
Region
SageMaker Notebook
Database
DMS
DocumentDB
DynamoDB
EMR
ElastiCache
Glue
OpenSearch
RDS
Network
ALB
API Gateway
CloudFront
Direct Connect
Direct Connect Gateway
ELB
ENI
Elastic IP
GLB
Internet Gateway
NAT Gateway
NLB
Prefix List
Route 53
Route Table
Site-to-Site VPN Connection
Subnet
Target Group
Transit Gateway
VPC
VPC Endpoint
VPC Peering
VPN Customer Gateway
Virtual Private Gateway
Permission
IAM Account Password Policy
IAM Group
IAM Policy
IAM Role
IAM User
Instance Profile
Queue
Kinesis
MSK
SES
SNS
SQS
Security
CloudWatch
GuardDuty
Config
WAF
Network ACL
KMS
Security Group
Storage
EFS
S3 Glacier
AMI
EBS Snapshots
EBS Volume
S3 Bucket
Kubernetes
Network Policy
StatefulSet
Service
ReplicaSet
Namespace
Ingress
Endpoints
Deployment
Service Account
Pod