VPN Monitor on AWS
VPN Monitor on AWS

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.


Amazon Web Services (AWS) offers customers the ability to achieve highly available network connections between Amazon Virtual Private Cloud (Amazon VPC) and their on-premises infrastructure. This capability extends customer access to AWS resources in a reliable, scalable, and cost-effective way. While there are several ways to connect on-premises infrastructure to Amazon VPC, many customers choose to implement VPN connections because they are a quick and easy way to set up remote connectivity to a VPC.

Amazon VPC supports industry standard, encrypted Internet Protocol security (IPsec) VPN connections to AWS networks. But, VPN tunnel connectivity to an Amazon VPC can be subject to configuration issues with Internet Key Exchange, IPsec, network access control lists, security groups, network routing tables, firewalls, VPN gateways, and VPN tunnel redundancy.

To help identify these issues and ensure high availability, it is critical to monitor the state of the connections and the state of each tunnel for every VPN connection.

The VPN Monitor solution automatically configures the services and components necessary to monitor the state of all VPN connections and tunnels in all AWS Regions of a customer’s account.

This solution creates an AWS Lambda function and a custom Amazon CloudWatch metric. The Lambda function makes a DescribeVpnConnections API call that checks the status of all VPN connections and tunnels at a predefined interval (1 minute or 5 minutes) and records the status information in a CloudWatch metric. Customers can access this information using the AWS Management Console, or through CloudWatch API calls.


You are responsible for the cost of the AWS services used while running the VPN Monitor. There is no additional cost for deploying the automated solution. The total cost for running this solution depends on the interval you select for the Lambda function as well as the number of VPN connections you have. As of the date of publication, the monthly costs are as follows:

  • Lambda: $0.91 for a 1-minute interval; or $0.18 for a 5-minute interval

  • Amazon CloudWatch (custom metric): $0.50 per VPN connection

The following table gives the cost breakdown for two example scenarios.

Monitor 10 VPN connections at 1-minute intervals Monitor 20 VPN connections at 5-minute intervals
AWS Lambda $0.91 $0.18
Amazon CloudWatch $5.00 $10.00
Total (monthly) $5.91 $10.18

On this page: