How can I attach a private IP from a different subnet to an EC2 instance?

Question

First of all, I know enough about VPN setup just to be dangerous, so hopefully I can explain my problem clear enough.

We have a server in our AWS VPC that a client will need to access via a VPN connection. The client wants to access the server as though it's a specific IP address on their internal network. That IP address is not within the subnet we use, nor even the VPC, so I'm wondering if/how I can map it to our server. It seems like I want something like an EIP, only a private one I can select. Is that possible?

Here are some values from the AWS side:

vpc: 10.0.0.0/16
subnet: 10.0.1.0/24
instance: 10.0.1.140

The desired IP address from the client's perspective is 10.128.13.25. I'd like to configure the AWS side so that requests to 10.128.13.25 route to 10.0.1.140.

I've done something similar outside of AWS. In that case the server was multi-homed, and configured one interface as 10.128.13.25. I'm not sure how to do that within AWS, though. Any suggestions on how I can do it?

UPDATE:

I tried to add an ENI with the desired IP address, but that address is not just in a different subnet, it's outside the 10.0.0.0/16 range of our VPC. I've seen a little about peer-to-peer VPCs. Do I need to create a second VPC, then set them up as peers?

Answer 1

If you establish the VPN connection to the Virtual Private Gateway in your VPC, and set it as the target of non-local traffic in your subnet's routing table, your customer will be able to reach the VPC as an extension of his network. But mind that the IP ranges can not overlap, e.g. use 10.x.y.z on-premise, 192.168.x.y on the VPC.

If i understood correctly, you do not need a EIP or dual homed instances for that. If you actually need, you can attach multiple ENIs with different IP addresses to your instances, even bound to separate subnets.

See: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_VPN.html