We started to operate servers for our customers at AWS within one (root) account. Each customer environment is inside a separate VPC for maximum separation and ease of inter-instance access. Now with the second customer requiring a VPN connection I hit the wall with AWS the first time. You can’t have multiple VPC’s with VPN’s pointing to separate IP’s.
AWS support: “Unfortunately, due to routing restrictions in our regions we only allow a CGW IP to be used once per region.”
There is quite a number of discussions and threads around this, anyway without a straightforward technical solution (and installing software VPN is not suitable solution for me), I use a different workaround. I create additional accounts for every customer and link them back to our root account for consolidated billing. As nice side-effect, billings becomes more transparent for every account linked to one of our customers.
More info: http://docs.aws.amazon.com/awsaccountbilling/latest/about/consolidatedbilling.html