Static route greyed out on Site-to-Site connection

When you're unable to edit static routes on your Site-to-Site VPN connection (with the option greyed out), this typically indicates that your VPN connection is configured to use dynamic routing (BGP) rather than static routing.

For a Site-to-Site VPN connection, you can use either static routing or dynamic routing (BGP), but not both simultaneously. If your VPN is configured for dynamic routing, you won't be able to add static routes directly to the VPN connection.

You have a couple of options:

1. If you need to add more routes using the current setup, you can:

• Enable route propagation on your route tables if it's not already enabled. Navigate to VPC > Route tables > select your route table > Route propagation > Edit route propagation > Enable the propagation checkbox.
• If route propagation is already enabled, you'll need to ensure the routes are being advertised from your on-premises device via BGP.

2. If you specifically need static routing:

• You would need to create a new VPN connection configured for static routing.
• Add all your required static routes to this new connection.
• Then remove the old dynamic routing VPN connection after ensuring the new one is working properly.

Remember that when migrating from dynamic to static routing (or vice versa), make sure that the route to your VPC is properly configured before deleting the old connection to avoid service disruption.
Sources
How to propagate additional newly added route in route table | AWS re:Post
How to Change Site-to-Site vpn Static Route to BGP Route | AWS re:Post