CloudWiki
Resource
Detect, troubleshoot & optimize AWS environments in real-time ->

Amazon Web Service (AWS)

VPN Customer Gateway

Network
A customer gateway is a resource that you create in your VPC that represents the customer gateway device in your on-premises network for working with Site-to-Site VPN connection.
Costs
There is no additional cost to use the VPN Customer Gateway as it is a required component of an VPN connection. However, the customer is responsible for providing and maintaining the customer gateway device or software, and for any costs associated with it such as hardware costs, software license fees, and internet connectivity costs.
Direct Cost

--

Indirect Cost
No items found.
Terraform Name
aws_customer_gateway
VPN Customer Gateway
attributes:
  • bgp_asn - (Required) The gateway's Border Gateway Protocol (BGP) Autonomous System Number (ASN).
  • certificate_arn - (Optional) The Amazon Resource Name (ARN) for the customer gateway certificate.
  • device_name - (Optional) A name for the customer gateway device.
  • ip_address - (Required) The IPv4 address for the customer gateway device's outside interface.
  • type - (Required) The type of customer gateway. The only type AWS supports at this time is "ipsec.1".
  • tags - (Optional) Tags to apply to the gateway. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Associating resources with a
VPN Customer Gateway
Resources do not "belong" to a
VPN Customer Gateway
Rather, one or more Security Groups are associated to a resource.
Create
VPN Customer Gateway
via Terraform:
The following HCL creates a customer gateway with the specified IP address for its outside interface.
Syntax:

resource "aws_customer_gateway" "main" {
 bgp_asn    = 65000
 ip_address = "172.83.124.10"
 type       = "ipsec.1"

 tags = {
   Name = "main-customer-gateway"
 }
}

Create
VPN Customer Gateway
via CLI:
Parametres:

create-customer-gateway
--bgp-asn <value>
[--public-ip <value>]
[--certificate-arn <value>]
--type <value>
[--tag-specifications <value>]
[--device-name <value>]
[--ip-address <value>]
[--dry-run | --no-dry-run]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
[--debug]
[--endpoint-url <value>]
[--no-verify-ssl]
[--no-paginate]
[--output <value>]
[--query <value>]
[--profile <value>]
[--region <value>]
[--version <value>]
[--color <value>]
[--no-sign-request]
[--ca-bundle <value>]
[--cli-read-timeout <value>]
[--cli-connect-timeout <value>]
[--cli-binary-format <value>]
[--no-cli-pager]
[--cli-auto-prompt]
[--no-cli-auto-prompt]

Example:

aws ec2 create-customer-gateway --type ipsec.1 --public-ip 12.1.2.3 --bgp-asn 65534

Best Practices for
VPN Customer Gateway

Categorized by Availability, Security & Compliance and Cost

No items found.
Explore all the rules our platform covers
Related blog posts
We haven't write about
VPN Customer Gateway
yet.
View all blog posts ->
All Resources
Compute
Athena
Auto Scaling Group
Availability Zone
EC2
ECS
ECS Task Definition
EKS
Lambda Function
Region
SageMaker Notebook
Database
DMS
DocumentDB
DynamoDB
EMR
ElastiCache
Glue
OpenSearch
RDS
Network
ALB
API Gateway
CloudFront
Direct Connect
Direct Connect Gateway
ELB
ENI
Elastic IP
GLB
Internet Gateway
NAT Gateway
NLB
Prefix List
Route 53
Route Table
Site-to-Site VPN Connection
Subnet
Target Group
Transit Gateway
VPC
VPC Endpoint
VPC Peering
VPN Customer Gateway
Virtual Private Gateway
Permission
IAM Account Password Policy
IAM Group
IAM Policy
IAM Role
IAM User
Instance Profile
Queue
Kinesis
MSK
SES
SNS
SQS
Security
CloudWatch
GuardDuty
Config
WAF
Network ACL
KMS
Security Group
Storage
EFS
S3 Glacier
AMI
EBS Snapshots
EBS Volume
S3 Bucket
Kubernetes
Network Policy
StatefulSet
Service
ReplicaSet
Namespace
Ingress
Endpoints
Deployment
Service Account
Pod