Hello,
I think AWS could use any private address space for their tunnel endpoints, but using the APIPA addresses actually makes sense, because those are pretty much never used by any company internally, so the chances of an addressing conflict are almost negligible. Most if not all companies use the 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 addresses somewhere in their network, so if AWS would assign addresses from these blocks, they could overlap. Nobody uses APIPA, so it is easy to set up and requires no back and forth between AWS and the customer regarding IP addressing conflicts.
This is from the document linked below:
'Another interesting point is that the tunnels at the CGW use private link-local addresses in the 169.254.0.0/16 space while the tunnel objects on the AWS side use public IP’s. Even though it’s a private IP address, the AWS tunnel endpoint will still be able to reach these private IP’s because they are reachable through the CGW uplink public IP address. (AWS associates these private IP’s to your account and VGW when you configure the VPN at the AWS console).'
https://cloudsm.art/2019/11/05/aws-hybrid-cloud-vpn-connections/