How do I establish an AWS VPN over an AWS Direct Connect connection?

Last updated: 2018-11-06

I want to establish a virtual private network (VPN) connection from my local network to my Amazon Virtual Private Cloud (Amazon VPC) over an AWS Direct Connect connection. How can I do this?

Short description

An AWS VPN over a Direct Connect connection to your VPC is likely faster and more secure than a VPN over the internet. An AWS VPN connection over a Direct Connect connection provides consistent levels of throughput and encryption algorithms that protect your data.


  1. Create your Direct Connect connection.
  2. Create a public virtual interface for your Direct Connect connection. For Prefixes you want to advertise, enter your customer gateway device’s public IP address and any network prefixes that you want to advertise.
    Note: Your public virtual interface receives all AWS public IP address prefixes from each AWS Region (except the AWS China Region). These include the public IP addresses of AWS managed VPN endpoints.
  3. Create a new VPN connection. Be sure to use the same customer gateway’s public IP address that you used in the previous step.
    Note: The customer gateway can be configured in Border Gateway Protocol (BGP) with an Autonomous System Number (ASN).
  4. Configure your VPN to connect to your VPC. For sample configurations, see Examples for VPC.