Oct 1, 2025
seen from Germany
seen from United States
seen from United States
seen from United States
seen from United States
seen from China
seen from Poland
seen from South Korea
seen from Australia
seen from United States
seen from Malaysia
seen from Germany
seen from United States
seen from United States
seen from China
seen from Germany
seen from United Kingdom
seen from United States
seen from Türkiye
seen from United States
Selective routing of traffic from public subnet in AWS VPC to VPN Gateway
Recently, we had an usecase where we need to route certain traffic from the machines in VPC public subnet through VPN gateway.It took quite a bit of time to understand how to do this as AWS VPC documentation doesn't specify much about selective routing in Public Subnet instead use cases of using either internet gateway or vpn gateway on subnets.
Once you have a successful VPN Gateway established and attached to your AWS VPC, you can just add traffic that you want to route through VPN Gateway by adding specific routes in the Routing Table of your public subnet.
Lets say you want to route traffic to specific ip address like 122.64.64.65, 122.64.64.66, 122.61.64.78, 122.64.62.79 through your VPN gateway then you can just add these routes to the routing table and select your VPN gateway for it. Also if you know the CIDR of your network (192.168.10.1/16) outside VPC then can just route traffic to that network through VPN gateway and let the rest of the traffic flow through Internet Gateway.
So entries in your public subnet routing table will look like :
10.0.0.0/24 ==> Local (Traffic within your VPC subnets) 0.0.0.0/0 ==> igw-xxxxxxxx (Rest of the traffic over Internet gateway) 192.168.10.1/16 ==> vgw-xxxxxxxx (Specific traffic to VPN gateway)
This will be useful in cases where you want to a consume a service like ldap from your private datacenter which is exposed to web/app servers running in Public Subnet of AWS Virtual Private Cloud through VPN.