Amazon Virtual Private Cloud
Transit Gateways

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.

Transit Gateway VPN Attachments

To attach a VPN connection to your transit gateway, you must specify the customer gateway. For more information about the requirements for a customer gateway, see Requirements for Your Customer Gateway in the AWS Site-to-Site VPN Network Administrator Guide.

For static VPNs, add the static routes to the transit gateway route table.

Create a Transit Gateway Attachment to a VPN

To create a VPN attachment using the console

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. On the navigation pane, choose Transit Gateway Attachments.

  3. Choose Create Transit Gateway Attachment.

  4. For Transit Gateway ID, choose the transit gateway for the attachment. You can choose a transit gateway that you own.

  5. For Attachment type, choose VPN.

  6. For Customer Gateway, do one of the following:

    • To use an existing customer gateway, choose Existing, and then select the gateway to use.

      If your customer gateway is behind a network address translation (NAT) device that's enabled for NAT traversal (NAT-T), use the public IP address of your NAT device, and adjust your firewall rules to unblock UDP port 4500.

    • To create a customer gateway, choose New, then for IP Address, type a static public IP address and BGP ASN.

      For Routing options, choose whether to use Dynamic or Static.

  7. For Tunnel Options, see Site-to-Site VPN Routing Options in the AWS Site-to-Site VPN User Guide.

  8. For Inside IP CIDR, For more information about VPN tunnels, see Configuring the VPN Tunnels for Your Site-to-Site VPN Connection, and Overview of Setting Up a Site-to-Site VPN Connection in the AWS Site-to-Site VPN User Guide.

  9. Choose Create attachment.

To create a VPN attachment using the AWS CLI

Use the create-vpn-connection command.

View Your VPN Attachments

To view your VPN attachments using the console

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. On the navigation pane, choose Transit Gateway Attachments.

  3. Choose the search bar, select Resource type from the menu, and then select VPN.

  4. The VPN attachments are displayed. Choose an attachment to view its details or to add tags.

To view your VPN attachments using the AWS CLI

Use the describe-transit-gateway-attachments command.