According to the link below, to establish a VPN over a direct connect connection, we always have to use public VIFs, Why is that the case? Are we not able to use private VIFs?
I understand that private VIFs are used to connect to private IPs, while public VIFs are used for public IPs(for eg S3)
In that case, why do we always have to use public VIFs when establishing VPN over a Direct Connect connection?
For the AWS managed VPN, it needs to be terminated at VGW on the AWS side. VGW provides 2 VPN endpoints for each of the VPN connection, and these VPN endpoints are public IP endpoints that can be reached over the internet or over the public VIF.