A system includes a virtual private gateway (VGW) provisioning service that is configured to receive a request to establish a VGW. The request specifies a service accessible through the VGW and a customer-configurable policy. The policy restricts access to the specified service to requests sent via the VGW to the specified service. Responsive to the request, the VGW provisioning service instantiates a VGW virtual machine. The VGW virtual machine includes a VGW application configured to establish a secure tunnel over a public network to a remote node and to receive encrypted traffic from the remote node over the secure tunnel. The VGW provisioning service also causes route data for the specified service to be provided to the VGW virtual machine. The VGW application advertises the route data for the specified service over the secure tunnel. The VGW provisioning service provides the policy to the identified service for compliance thereon.