How do I establish an AWS VPN over an AWS Direct Connect connection?

Lesedauer: 2 Minute

I want to establish a virtual private network (VPN) connection from my local network to my Amazon Virtual Private Cloud (Amazon VPC) over an AWS Direct Connect connection. How can I do this?

Short description

An AWS VPN over a Direct Connect connection to your VPC is likely faster and more secure than a VPN over the internet. An AWS VPN connection over a Direct Connect connection provides consistent levels of throughput and encryption algorithms that protect your data.


  1. Create your Direct Connect connection.
  2. Create a public virtual interface for your Direct Connect connection. For Prefixes you want to advertise, enter your customer gateway device’s public IP address and any network prefixes that you want to advertise.
    Note: Your public virtual interface receives all AWS public IP address prefixes from each AWS Region (except the AWS China Region). These include the public IP addresses of AWS managed VPN endpoints.
  3. Create a new VPN connection. Be sure to use the same customer gateway’s public IP address that you used in the previous step.
    Note: You can configure the customer gateway in Border Gateway Protocol (BGP) with an Autonomous System Number (ASN).
  4. Configure your VPN to connect to your VPC. For example configurations, see tutorials for creating VPCs.

Related information

Troubleshooting AWS Direct Connect

Logging AWS Direct Connect API calls using AWS CloudTrail

AWS OFFICIALAktualisiert vor einem Jahr