Trying to set this up in CloudFormation and getting a “Gateway.NotAttached” Error
We do - IGW for the public subnet and VPN Gateway used in the private subnet within the same VPC.
Do you mean a Virtual Private Gateway (VGW)? Yes you can.
After you create an Internet Gateway, you need to “attach” it to the correct VPC (see this CloudFormation resource: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpc-gateway-attachment.html). If you try to associate an Elastic IP with a network interface/instance and you don’t have an Internet Gateway attached to the VPC, you’ll get this error.
Yep! (I assume you’re talking about a Virtual Private Gateway?)
Internet Gateway is a path for instances ni your VPC with a public IP to reach the Internet (you’ll typically see a route for 0.0.0.0/0 to the IGW)
Virtual Private Gateway is a connector that a VPN tunnel can attach to (the other end of the VPN tunnel attaches to a Customer Gateway). So if my premise network is 192.168.11.0/24, I’d have a route in my routing tables to route addresses in that network to the Virtual Private Gateway. From there packets will go out over the VPN tunnel to our office.
Yes, we do. No issue.
Private subnets route to the VGW when they’re outbound to our on-prem subnets. 0.0.0.0/0 hits the NAT gateway.
Maybe you missed this element in your template : Type: ‘AWS::EC2::VPCGatewayAttachment’
You need to create this twice : for IGW and for VGW.