Check for the following common errors on the customer gateway device:
A Phase 1 or Phase 2 mismatch on the VPN tunnel causes a rekey issue.
The Phase 1 and Phase 2 lifetime fields on the customer gateway don't match the AWS parameters. Note: The IKEv2 lifetime value field is independent of peers.
The encryption domain or traffic selector doesn't include both the source and destination networks.
A Site-to-Site VPN that's configured for static routing experiences asymmetric routing.
Make sure that the customer gateway device has one VPN connection. Then, verify that the VPN connection has redundancy with a second customer gateway device. For more information, see Site-to-Site VPN single and multiple VPN connection examples.