Please note there are SA (Security Association) limitations when you use Policy based VPN on CGW.
See below from the VPN FAQ:
Q: How many IPsec security associations can be established concurrently per tunnel?
A: The AWS VPN service is a route-based solution, so when using a route-based configuration you will not run into SA limitations. If, however, you are using a policy-based solution you will need to limit to a single SA, as the service is a route-based solution.
This Knowledge center article describes this issue in detail.
More information on Site-to-Site VPN routing options can be found here.
Addressable clients for Client VPNAccepted Answerasked 3 years ago
multiple VPN connections with same VPCAccepted Answerasked 4 years ago
Policy Based Site to Site VPN-VGWAccepted Answerasked 12 days ago
Looking for clarity on site-to-site VPN connetionsasked 3 years ago
Terminate each Site-to-Site VPN Tunnels to Multiple Customer GatewaysAccepted Answerasked 2 years ago
S2S VPN tunnels up but no communication.asked 4 months ago
Is possible to set up the BGP pass on a S2S VPN connectionAccepted Answerasked 4 months ago
AWS S2S VPN - Policy based Vs Route based implementationAccepted Answerasked 20 days ago
Policy based VPN in AWSAccepted Answerasked 5 years ago
CIsco AnyConnect and AWS Client VPNAccepted AnswerMODERATORasked 3 years ago