S2S VPN with Meraki FW

Since AWS act as responder it's the duty of CGW (Customer Gateway) device to initiate the IKE/IPsec traffic to bring up the connection as by default startup Action will be set to "Add".

Add: Your customer gateway device must initiate the IKE negotiation to bring the tunnel up.

As you are unable to bring up the connection when CGW is initiating the traffic, you can try to make AWS as Initiator and verify if you are seeing any traffic and change in the Tunnel Status.

In order to make AWS as initiator please perform the below Steps:

Make sure both AWS and CGW (Customer Gateway) are configured with IKEv2.

Modify VPN Tunnel Options and change the Startup Action to "Start". Refer below doc [1]

Start: AWS initiates the IKE negotiation to bring the tunnel up. Only supported if your customer gateway is configured with an IP address.

[1] Modify Site-to-Site VPN tunnel options - https://docs.aws.amazon.com/vpn/latest/s2svpn/modify-vpn-tunnel-options.html

This seems like a good doc: A Visual Guide to Setting up a Meraki to AWS Site-to-Site VPN.

High-level steps:

1. Create a VPC (if you do not already have the existing VPC you’d like to be the other half of the tunnel).
2. Allocate a subnet (if you have not already done so – for a new VPC)
3. Configure the VPN connection on AWS’s side
4. Configure the VPN connection on Meraki’s side
5. Ping from a host on the Meraki side to a host on the AWS side, to bring up the tunnel.

I suggest using monitoring traffic to keep the tunnel up.

Another option is to run a Virtual Meraki MX in AWS to get all the features of the Meraki MX. Here is reference deployment doc on Cisco Meraki Virtual MX with AWS Transit Gateway - Secure SD-WAN traffic between branch offices to resources on the AWS Cloud