AWS – Migrate VPN from a virtual private gateway to a transit gateway

When you migrate from setup where you have been using VPG ( Virtual Private Gateway ) to TG ( Transit Gateway ) it might be desirable not to reconfigure the VPN connection.

If you read through documentation it’s possible with just one caveat – tunnel will flip down/up during this process.

First find the details from your current VPN setup:

❯ aws ec2 describe-vpn-connections | jq '.VpnConnections[] | {VpnConnectionId, VpnGatewayId , TransitGatewayId}' 

The above should provide you with information about your VpnID and VpgID

  "VpnConnectionId": "vpn-1234567890",
  "VpnGatewayId": "vgw-123456",
  "TransitGatewayId": null

Having this info is now sufficient to execute command which will move your VPN connection to transit gateway ( you need to have that ID at hand )

 aws ec2 modify-vpn-connection --vpn-connection-id vpn-1234567890 -transit-gateway-id tgw-1234567890f 

Detailed information you can find in the article here https://aws.amazon.com/premiumsupport/knowledge-center/transit-gateway-migrate-vpn/