AWS Site to Site VPN connection


I understand that you are looking to create a site-to-site VPN. AWS offers  to connect to your VPC and here are all the information about this:

To benefit from this solution, you will need a device on the on-prem side that will at least met the following requirements:

Once you have this, you will need to create the AWS VPN from the virtual private gateway you will attach to your VPC to the customer gateway, also created using it’s public IP in the AWS console. Here are all the steps you need to follow:

Once the VPN is in place, you will need to download the configuration from the AWS console (which will contain all the needed information like IPs, preshared keys..) Here you can find example configurations for some of the possible customer devices:

I hope you find this information useful! the process is simple. just make sure you have private subnet properly define in your VPC per AZ.

for more information on your VPC with public and private network:

 how to manage your AWS VPC private DNS records:

Trying to access an instance via private DNS and it is not working?

For it to be accessed from outside the VPC, we need extra steps to follow. We need to have an instance inside the VPC that will take the records from the AWS provided DNS and then forward it to the local on-prem DNS.
Same with any private records you will add in a hosted private zone in R53. Please remember that a private hosted R53 zone needs to be linked with the VPC.
This article guides you on the exact steps and configuration to have this done:

If you will ever need the revers way (to populate the VPC with on-prem records) this article describes all the steps:

if you are using windows environment:




I put a lot of thoughts into these blogs, so I could share the information in a clear and useful way. If you have any comments, thoughts, questions, or you need someone to consult with, feel free to contact me:

Leave a Reply