diff --git a/README.md b/README.md
index 45b57dcf8..108945404 100644
--- a/README.md
+++ b/README.md
@@ -11,6 +11,7 @@ These types of resources are supported:
 * [Route table](https://www.terraform.io/docs/providers/aws/r/route_table.html)
 * [Internet Gateway](https://www.terraform.io/docs/providers/aws/r/internet_gateway.html) 
 * [NAT Gateway](https://www.terraform.io/docs/providers/aws/r/nat_gateway.html)
+* [VPN Gateway](https://www.terraform.io/docs/providers/aws/r/vpn_gateway.html)
 * [VPC Endpoint](https://www.terraform.io/docs/providers/aws/r/vpc_endpoint.html) (S3 and DynamoDB)
 * [RDS DB Subnet Group](https://www.terraform.io/docs/providers/aws/r/db_subnet_group.html) 
 * [ElastiCache Subnet Group](https://www.terraform.io/docs/providers/aws/r/elasticache_subnet_group.html) 
@@ -30,6 +31,7 @@ module "vpc" {
   public_subnets  = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]
 
   enable_nat_gateway = true
+  enable_vpn_gateway = true
 
   tags = {
     Terraform = "true"
diff --git a/examples/complete-vpc/main.tf b/examples/complete-vpc/main.tf
index d5bad4b93..80d995fb8 100644
--- a/examples/complete-vpc/main.tf
+++ b/examples/complete-vpc/main.tf
@@ -14,6 +14,7 @@ module "vpc" {
   create_database_subnet_group = false
 
   enable_nat_gateway = true
+  enable_vpn_gateway = true
 
   enable_s3_endpoint       = true
   enable_dynamodb_endpoint = true
diff --git a/main.tf b/main.tf
index 7fc4679ef..1208d4fec 100644
--- a/main.tf
+++ b/main.tf
@@ -242,3 +242,14 @@ resource "aws_route_table_association" "public" {
   subnet_id      = "${element(aws_subnet.public.*.id, count.index)}"
   route_table_id = "${aws_route_table.public.id}"
 }
+
+##############
+# VPN Gateway
+##############
+resource "aws_vpn_gateway" "this" {
+  count = "${var.enable_vpn_gateway ? 1 : 0}"
+
+  vpc_id = "${aws_vpc.this.id}"
+
+  tags = "${merge(var.tags, map("Name", format("%s", var.name)))}"
+}
diff --git a/outputs.tf b/outputs.tf
index 3afde25ec..374377805 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -112,3 +112,9 @@ output "vpc_endpoint_dynamodb_id" {
   description = "The ID of VPC endpoint for DynamoDB"
   value       = "${aws_vpc_endpoint.dynamodb.id}"
 }
+
+# VPN Gateway
+output "vgw_id" {
+  description = "The ID of the VPN Gateway"
+  value       = "${aws_vpn_gateway.this.id}"
+}
diff --git a/variables.tf b/variables.tf
index 1a03aa864..908f1461f 100644
--- a/variables.tf
+++ b/variables.tf
@@ -80,6 +80,11 @@ variable "map_public_ip_on_launch" {
   default     = true
 }
 
+variable "enable_vpn_gateway" {
+  description = "Should be true if you want to create a new VPN Gateway resource and attach it to the VPC"
+  default     = false
+}
+
 variable "private_propagating_vgws" {
   description = "A list of VGWs the private route table should propagate"
   default     = []