SOC 2 does not require a company to use a VPN. Moreover, the idea of a VPN is slowly being phased out and people are moving towards the concept of Zero Trust networking. We'd recommend looking into Zero Trust to see if it fits your team's needs.
Cloudflare VPN and Zero Trust resources:
If you do want to use a VPN, most people set that up on AWS itself. Additional AWS VPN information can be found under this page Getting started with Client VPN.