- Newest
- Most votes
- Most comments
In the end it's all about the virtual interfaces that you create on top of the DX connection:
-
For your GovCloud account: As you want to run VPN over DX, you should create a Public VIF (https://docs.aws.amazon.com/directconnect/latest/UserGuide/create-vif.html#create-public-vif). This way VPN connectivity between the customer site and the AWS VPN endpoint in GovCloud will run over this Public VIF, as the CIDR with the AWS VPN endpoints is announced over this VIF. That VPN connection can then be connected to a TGW within GovCloud or you can leave it standalone. A Public VIF will not use DX Gateway.
-
For your Commercial account: As you don't want to use VPN over DX here, but instead connect the DX Gateway directly to a TGW, you would create a Transit VIF (https://docs.aws.amazon.com/directconnect/latest/UserGuide/create-vif.html#create-transit-vif).
Keep in mind that from an operational perspective, it's usually not a good idea to use the commercial account associated with a GovCloud account for anything. Usually you're better off using a completely separately commercial account, which can be part of an Organizations structure.
Relevant content
- Accepted Answerasked 5 years ago
- Accepted Answerasked a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago