A configuration resource each cloud provider uses to describe the on-premises router that terminates a Site-to-Site VPN. Like the address book entry for the building on the other end of a private telephone line — the cloud needs to know its public IP, routing protocols, and CIDR ranges to negotiate the encrypted tunnel.
AWS uses a Customer Gateway, Azure uses a Local Network Gateway, GCP uses an External (Peer) VPN Gateway, and OCI uses a CPE — every hybrid VPN topology pairs one of these with the cloud-side gateway and the on-premises data center.