How do we correctly link the DC Gateway into the VPC, is a VG required?

I'm struggling to get my head around a lot of the AWS information.

We have a Direct Connection and it's half working. The DC Gateway has a virtual interface that links to my onsite hardware.

Ping works. BGP works.

The DC has no other associated gateways.

I think what I'm supposed to do is create a Virtual Private gateway that links to a VPC. I can do this, and it sort of works, to the extent that the subnets that are in the VPC can be successfully advertised over the BGP session to my hardware.

However, it doesn't actually work because I can't exchange traffic with IP addresses inside the VPC from my onsite hardware anyway.

So what gives me pause here is when I try to create the Private gateway, the string appears:

"A virtual private gateway is the router on the Amazon side of the VPN tunnel."

but I don't want AWS to setup a VPN tunnel. Also that VPG wants an AS configured, which implies that it wants to do BGP peering into the VPC with some device that's talking BGP back to it, which doesn't seem right to me.

So how and where do I configure the VPC side of the DC gateway? Where do I type in a static IP that will be the default gateway for my VPC's subnet, so that the instances can send packets to that IP which will arrive at the hardware end of my AWS DC?

Also -- with no traditional console access to the "router" that forms the AWS side of the DC, how do we do packet captures and other debugging to find out where packets are being lost?

Edited by: DC-Client on Sep 1, 2021 4:25 PM