Skip to content


Folders and files

Last commit message
Last commit date

Latest commit



13 Commits

AWS Site-to-Site VPN Private IP VPN

This sample contains Terraform and AWS CDK code to deploy an AWS Site-to-Site VPN Private IP VPN over AWS Direct Connect. In both examples, the following resources are created by default:

  • Direct Connect gateway. By default, both examples create a new Direct Connect gateway resource. If you want to test this code over an existing Direct Connect gateway, check each specific example to understand how you can configure this.
  • Customer gateway, and AWS Site-to-Site VPN Private IP VPN.
  • AWS Transit Gateway, and one Transit Gateway Route Table where all the VPCs and the VPN will be associated and they will propagate their routes.
  • Two Spoke VPCs, each of them with EC2 instances and VPC endpoints (AWS Systems Manager) to test the end-to-end connectivity.

In both examples, the following variables are defined with default values:

  • ASN numbers: AWS-side (for the Transit Gateway and the Direct Connect gateway), and customer-side (for the Customer gateway).
  • Transit Gateway CIDR block - used for the private Outer IPs when creating the VPN.
  • Allowed prefixes - AWS-side CIDR blocks to add in the Direct Connect gateway (if created)
  • Customer gateway IP - use the private IP of your device on premises.

Feel free to change these variables (check each example to see how you can do that) to build the Private IP VPN connection with values from your hybrid network.

Architecture diagram

The resources deployed and the architectural pattern they follow is purely for demonstration/testing purposes. Take it as an example on how to create all the necessary resources to build a Private IP VPN on top of a Direct Connect connection. The AWS Direct Connect connection and Transit VIF required to finish the end-to-end connectivity are not built in this example. The configuration of the VPN tunnels in the on-premises routers is done as an usual AWS Site-to-Site VPN connection (check the documentation in the References section).



See CONTRIBUTING for more information.


This library is licensed under the MIT-0 License. See the LICENSE file.


No description, website, or topics provided.



Code of conduct

Security policy





No releases published


No packages published