A transit gateway is a network transit hub that you can use to interconnect your virtual private clouds (VPCs) and on-premises networks. As your cloud infrastructure expands globally, inter-Region peering connects transit gateways together using the AWS Global Infrastructure.
Enabling peering between multiple VPCs on AWS can be difficult. It can be much more difficult if they are in different regions.
Here is digram about AWS VPC Peering vs. AWS Transit Gateway
I will walk you through the process of enabling peering between multiple VPCs.
I have 2 VPCs and Subnet information.
US East 1: 10.1.0.0/16 - 3 Public & 3 Private subnets /20
US West 2: 10.2.0.0/16 - 3 Public & 3 Private subnets /20
Two Route tables each VPC. Public route table is using Internet Gateway to access outside and private route table has just local. Here are their screenshots
US East 1 Region:
US West 2 Region
Also I created Two EC2 instances each region. One public instance and one private instance. I am going to use Ping, ssh & telnet as my test cases using private ip addresses.
US East 1 Region
Create Transit Gateway with unique ASN: TGW-US-East-1-TG1
Create Transit Gateway Attachment: TGW-US-East-1-VPC and select all available subnets.
- Verify Transit Gateway Route tables (Make sure there is entry at Propagations & Routes tabs
- Update Route Tables (both Public & Private Route tables) at US East 1 VPC. Add recently created Transit Gateway with US West 2 VPC CIDR address 10.2.0.0/16
- Copy US East 1 Transit Gateway ID & Save somewhere:
US West 2 Region
Create Transit Gateway with unique ASN: TGW-US-West-2-TG2
Create Transit Gateway Attachment: TGW-US-West-2-VPC and select all available subnets.
Update Route Tables (both Public & Private Route tables) at US West 2 VPC. Add recently created Transit Gateway with US East 1 VPC CIDR address 10.1.0.0/16
Create Transit Gateway attachment Peering Connection at US West 2 region (Need to paste US East 1 region Transit Gateway ID - copied from earlier step)
Sent Peering request to US East 1
At US East 1 Region Accept Peering request
After 20 minutes Peering was available
Back to Transit Gateway route tables under Transit Gateway and create static route
At US East 1 Region Transit Gateway route tables add US West 2 CIDR
Click "Create static route" enter US West 2 CIDR and choose Peering type
At US West 2 Region Transit Gateway route tables add US East 1 CIDR
Click "Create static route" enter US East 1 CIDR and choose Peering type
US East 1 Region EC2 service
Security group for EC2 instance. Didn't open for anywhere 0.0.0.0/16. Just opened for US West 2 VPC/CIDR at inbound rules
From US East 1 Region EC2 instance Ping/SSH/Telnet using US West 2 Region EC2 instance's private ip address (successful)
From US West 2 Region EC2 instance Ping/SSH/Telnet using US East 1 Region EC2 instance's private ip address (successful)
Now we are successfully peered two VPCs (different regions) using AWS Transit Gateway method.
Here is solution digram
Clean up hint: Shutdown or terminate ec2 instances, delete security group, delete transit gateway attachments from both regions (vpc & peering) then delete transit gateway from both regions. _
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Top comments (0)