Is it possible to initiate the site-to-site VPN connection from the AWS side?

Trying to help a customer establish a site to site connection to one of our VPCs and they have a bit of an unfortunate topology on their side which requires us to initiate the connection to their VPN appliance (a Palo Alto VM-100 deployed in Azure behind a load balancer)

From the AWS docs I’ve seen so far, so long as I have the Startup Action to ‘Add’ and the DPD Timeout Action to ‘Restart’, then the AWS site-to-site should attempt to initiate the connection right?

The issue we face is that their customer gateway is the load balancer which actually sits in front of their VPN appliance. (they don’t want us to target their VPN appliance directly) Because of this, if they initiate the connection from their VPN appliance our site-to-site doesn’t recognize it because the IP is different from the customer gateway

Any tips for how to restart the connection? I was hoping there was an AWS cli command but I haven’t come across one yet

Thanks for taking the time to read

Yeah I found that already but the problem is that I can’t verify that it’s actually trying to initiate the connection, I can only assume that when I modify the connection it makes an attempt, thank you though for sharing!

I think there aren’t any logs that are user-accessible on the AWS side. I’ve opened a ticket with AWS before related to site-to-site and they were able to give me more information about the connection (in other words, they can see some logging on their end, I’m pretty sure.)