Detect, troubleshoot & optimize AWS environments in real-time ->

Amazon Web Service (AWS)

Virtual Private Gateway

A virtual private gateway is the VPN endpoint on the Amazon side of your Site-to-Site VPN connection that can be attached to a single VPC.
The AWS Virtual Private Gateway is a VPC component that provides the VPN endpoint for Amazon VPC traffic. There is a hourly charge for each active Virtual Private Gateway attached to a VPC, which varies depending on the region in which it is deployed. In addition to the hourly charge for the Virtual Private Gateway, there may also be data transfer fees for traffic sent through the VPN connection, as well as charges for the number of VPN connections established.
Direct Cost


Indirect Cost
No items found.
Terraform Name
Virtual Private Gateway
  • vpc_id - (Optional) The VPC ID to create in.
  • availability_zone - (Optional) The Availability Zone for the virtual private gateway.
  • tags - (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
  • amazon_side_asn - (Optional) The Autonomous System Number (ASN) for the Amazon side of the gateway. If you don't specify an ASN, the virtual private gateway is created with the default ASN.

Associating resources with a
Virtual Private Gateway
Resources do not "belong" to a
Virtual Private Gateway
Rather, one or more Security Groups are associated to a resource.
Virtual Private Gateway
via Terraform:
The following HCL creates a virtual private gateway

resource "aws_vpn_gateway" "vpn_gw" {
 vpc_id =

 tags = {
   Name = "main"

Virtual Private Gateway
via CLI:

[--availability-zone <value>]
--type <value>
[--tag-specifications <value>]
[--amazon-side-asn <value>]
[--dry-run | --no-dry-run]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
[--endpoint-url <value>]
[--output <value>]
[--query <value>]
[--profile <value>]
[--region <value>]
[--version <value>]
[--color <value>]
[--ca-bundle <value>]
[--cli-read-timeout <value>]
[--cli-connect-timeout <value>]
[--cli-binary-format <value>]


aws ec2 create-vpn-gateway --type ipsec.1

Best Practices for
Virtual Private Gateway

Categorized by Availability, Security & Compliance and Cost

No items found.
Explore all the rules our platform covers
Related blog posts
All Resources