Access app only through VPN

We have an Internal MeteorJS App that’s hosted on Heroku. It’s currently available over the Web.
We will be securing this by only having the site accessible if accessed through a single-tunnel VPN with a static IP that we have.

I thought there’d be some simple config option under Heroku Resources, but no dice. A little more research led me to believe that Private Spaces is their solution for this.

I put in a ticket to their Support staff with our needs and they confirmed Private Spaces is the way to go. They’re setting me up with their Sales Team next.

Private Spaces - Add-ons - Heroku Elements Looks like these Private Spaces start at 1k. This is too much for our needs.

Anybody know of a workaround or a way to work with Heroku on this? Would AWS offer cheaper solutions. Thanks!

I must note that we have a AWS VPC for some other apps and that we’ll ultimately move our Meteor App to that. Blockers are that we already have a CICD, pipeline, integration, Buildpack, already setup with Heroku. I played with MUP for a little bit but had no success deploying yet.