DEV Community: yushi kato/mjxo The latest articles on DEV Community by yushi kato/mjxo (@yushi_kato). https://dev.to/yushi_kato https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1143439%2F294c7fce-73ea-47ca-aa6e-8bc61c0cbab8.png DEV Community: yushi kato/mjxo https://dev.to/yushi_kato en [CFn] Shared use of AWS Transit Gateway by multiple accounts with AWS Resource Access Manager yushi kato/mjxo Mon, 28 Aug 2023 07:02:44 +0000 https://dev.to/aws-builders/cfn-shared-use-of-aws-transit-gateway-by-multiple-accounts-with-aws-resource-access-manager-26a7 https://dev.to/aws-builders/cfn-shared-use-of-aws-transit-gateway-by-multiple-accounts-with-aws-resource-access-manager-26a7 <h2> The first thing I want to tell you </h2> <p>Some of the screenshots in this article are in my native language, Japanese.</p> <p>However, it is my opinion that if the order is followed, there will be no significant difference in the indications.</p> <p>I hope this article will be of help to you.</p> <h2> Create a TransitGateway that can be shared among accounts. </h2> <p>Previously, I submitted the following article.<br> <a href="https://dev.to/yushi_kato/creating-aws-transit-gateway-with-cloudformation-intra-region-and-inter-region-1dj3">Creating AWS Transit Gateway with CloudFormation ~intra-region and inter-region</a></p> <p>This time, we would like to check the communication between instances across accounts.</p> <h2> ① Create a Transit Gateway in Resource Access Manager with an intermediate account as owner, and connect to the attachment created for the two accounts (*Resource region is common). </h2> <h3> configuration diagram </h3> <p>The following is what we will be creating, although it is a bit long to try to convey in words.</p> <p>In the previous article, we communicated with 4 instances within the same region and between different regions, so this time we will try to communicate within the same region and between different accounts.</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--xVZJxmie--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/yz2o9zua503aoozp4et7.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--xVZJxmie--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/yz2o9zua503aoozp4et7.png" alt="Image description" width="751" height="1068"></a></p> <p>The middle tgw account is also ap-northeast-1, although it is omitted in the above figure.</p> <h3> advance preparation </h3> <p>▪ Create two test accounts from <a href="https://aws.amazon.com/jp/organizations/">AWS Organizations</a>. (so that there are 3 accounts in total)</p> <p>*If you have trouble with the email address for account creation, we recommend Gmail's alias address feature.<br> Example: Own "<a href="mailto:hogehoge@gmail.com">hogehoge@gmail.com</a>" -&gt; "<a href="mailto:hogehoge+fuga@gmail.com">hogehoge+fuga@gmail.com</a>" and "<a href="mailto:hogehoge+piyo@gmail.com">hogehoge+piyo@gmail.com</a>" are available as alias addresses</p> <p>By the way, in this case, to work across 3 accounts, I used Chrome, Safari, and Firefox to browse each for clarity.</p> <h3> Procedure </h3> <p>*All tgw accounts, account A, and account B should work in the same region.<br> *Ami is assumed to be ap-northeast-1, so if you are in a different region, please change the value of the "ImageId" parameter when you create each stack.</p> <p>Run the following template on the account you want to use for tgw.</p> <h4> tgw_account.yml </h4> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">AWSTemplateFormatVersion</span><span class="pi">:</span> <span class="s2">"</span><span class="s">2010-09-09"</span> <span class="na">Parameters</span><span class="pi">:</span> <span class="na">PJPrefix</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Environment</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">prd</span> <span class="na">AccountAId</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">AccountBId</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Resources</span><span class="pi">:</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># RAM</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="na">ResourceShare</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::RAM::ResourceShare</span> <span class="na">DependsOn</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">TransitGateway</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">Name</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-ram</span> <span class="na">ResourceArns</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Sub</span> <span class="s">arn:aws:ec2:${AWS::Region}:${AWS::AccountId}:transit-gateway/${TransitGateway}</span> <span class="na">Principals</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">AccountAId</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">AccountBId</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-ram</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># TransitGateway</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="na">TransitGateway</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::TransitGateway</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">AmazonSideAsn</span><span class="pi">:</span> <span class="m">64512</span> <span class="c1"># default value</span> <span class="na">AutoAcceptSharedAttachments</span><span class="pi">:</span> <span class="s">enable</span> <span class="na">DefaultRouteTableAssociation</span><span class="pi">:</span> <span class="s">enable</span> <span class="na">DefaultRouteTablePropagation</span><span class="pi">:</span> <span class="s">enable</span> <span class="na">DnsSupport</span><span class="pi">:</span> <span class="s">enable</span> <span class="na">VpnEcmpSupport</span><span class="pi">:</span> <span class="s">enable</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-transitgateway</span> <span class="na">Outputs</span><span class="pi">:</span> <span class="na">TransitGatewayId</span><span class="pi">:</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TransitGateway</span> </code></pre> </div> <p>↓ <br> Go to the <a href="">AWS Resource Access Manager (RAM) </a>console of the account for tgw and you will see that the following is displayed under "I share: resource sharing". default value</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--hg4m0VhP--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/z2q0jqpimycw0sela1ze.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--hg4m0VhP--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/z2q0jqpimycw0sela1ze.png" alt="Image description" width="800" height="143"></a><br> ↓ <br> Go to the RAM console for Account A and Account B, respectively, and perform the following operations.</p> <h4> What to do on the RAM console </h4> <p>Go to "Share with Me: Share Resources" and follow the steps below to approve resource sharing from your tgw account.</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--RNcgoY9n--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/84fuscukyvalrvatq8qg.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--RNcgoY9n--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/84fuscukyvalrvatq8qg.png" alt="Image description" width="800" height="123"></a><br> ↓<br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--88wJFczM--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/fvvqej9b59w1sk87yylx.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--88wJFczM--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/fvvqej9b59w1sk87yylx.png" alt="Image description" width="800" height="155"></a><br> ↓<br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--rACfUgBE--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/csk1por2tsx6i071hqgp.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--rACfUgBE--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/csk1por2tsx6i071hqgp.png" alt="Image description" width="800" height="257"></a><br> ↓<br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--aU7tfrMR--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/5z2np6qnjsunq3j7nnws.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--aU7tfrMR--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/5z2np6qnjsunq3j7nnws.png" alt="Image description" width="800" height="145"></a><br> ↓<br> The tgw resource that could be found in the "Share with Me: Share Resources" section will disappear, and the same resource will be found in the "Share with Me: Share Resources" tab one tab down.</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--AQkomIij--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/j085dagwj9ceyzsnatzz.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--AQkomIij--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/j085dagwj9ceyzsnatzz.png" alt="Image description" width="800" height="135"></a><br> ↓<br> If this is confirmed, the approval has been successfully completed.<br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--Z2t5G4YQ--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/cm04j7drvua4jrm04z8m.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--Z2t5G4YQ--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/cm04j7drvua4jrm04z8m.png" alt="Image description" width="800" height="156"></a><br> ↓<br> After the approval is completed in the A/B accounts, you will see that the status of "Shared Principal" is "Associated" in the tgw account as shown below.<br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--sJ22PBIk--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/7umas8no885njbbh71c1.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--sJ22PBIk--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/7umas8no885njbbh71c1.png" alt="Image description" width="800" height="128"></a><br> ↓</p> <h4> account_a.yml </h4> <p>Run the following template on account A.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">AWSTemplateFormatVersion</span><span class="pi">:</span> <span class="s">2010-09-09</span> <span class="na">Parameters</span><span class="pi">:</span> <span class="na">PJPrefix</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Environment</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">prd</span> <span class="c1"># for VPC1</span> <span class="na">VPC1CidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">10.1.0.0/16</span> <span class="na">VPC1PrivateSubnetForEC2CidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">10.1.0.0/24</span> <span class="na">VPC1PrivateSubnetForTransitGatewayAttachmentCidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">10.1.1.0/28</span> <span class="c1"># for VPC2</span> <span class="na">VPC2CidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">10.2.0.0/16</span> <span class="na">VPC2PrivateSubnetForEC2CidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">10.2.0.0/24</span> <span class="na">VPC2PrivateSubnetForTransitGatewayAttachmentCidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">10.2.1.0/28</span> <span class="c1"># for Both EC2</span> <span class="na">ImageId</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">ami-079a2a9ac6ed876fc</span> <span class="na">InstanceType</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">t2.micro</span> <span class="c1"># for 2ndAccount</span> <span class="c1"># for VPC1</span> <span class="na">2ndAccountVPC1CidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">10.3.0.0/16</span> <span class="c1"># for VPC2</span> <span class="na">2ndAccountVPC2CidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">10.4.0.0/16</span> <span class="na">TransitGatewayId</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Resources</span><span class="pi">:</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># TransitGateway</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="na">VPC1TransitGatewayAttachment</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::TransitGatewayAttachment</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">SubnetIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForTransitGatewayAttachment</span> <span class="na">TransitGatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TransitGatewayId</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-transitgatewayattachment-vpc1</span> <span class="c1"># for VPC2</span> <span class="na">VPC2TransitGatewayAttachment</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::TransitGatewayAttachment</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">SubnetIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForTransitGatewayAttachment</span> <span class="na">TransitGatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TransitGatewayId</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-transitgatewayattachment-vpc2</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># VPC</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="na">VPC1</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPC</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1CidrBlock</span> <span class="na">InstanceTenancy</span><span class="pi">:</span> <span class="s">default</span> <span class="na">EnableDnsSupport</span><span class="pi">:</span> <span class="no">true</span> <span class="na">EnableDnsHostnames</span><span class="pi">:</span> <span class="no">true</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-vpc1</span> <span class="c1"># for VPC2</span> <span class="na">VPC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPC</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2CidrBlock</span> <span class="na">InstanceTenancy</span><span class="pi">:</span> <span class="s">default</span> <span class="na">EnableDnsSupport</span><span class="pi">:</span> <span class="no">true</span> <span class="na">EnableDnsHostnames</span><span class="pi">:</span> <span class="no">true</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-vpc2</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># Subnet</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="na">VPC1PrivateSubnetForEC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Subnet</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2CidrBlock</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">AvailabilityZone</span><span class="pi">:</span> <span class="kt">!Select</span> <span class="pi">[</span> <span class="nv">0</span><span class="pi">,</span> <span class="kt">!GetAZs</span> <span class="pi">]</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-subnet-private-vpc1forec2</span> <span class="na">VPC1PrivateSubnetForTransitGatewayAttachment</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Subnet</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForTransitGatewayAttachmentCidrBlock</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">AvailabilityZone</span><span class="pi">:</span> <span class="kt">!Select</span> <span class="pi">[</span> <span class="nv">0</span><span class="pi">,</span> <span class="kt">!GetAZs</span> <span class="pi">]</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-subnet-private-vpc1forec2transitgatewayattachment</span> <span class="c1"># for VPC2</span> <span class="na">VPC2PrivateSubnetForEC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Subnet</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForEC2CidrBlock</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2</span> <span class="na">AvailabilityZone</span><span class="pi">:</span> <span class="kt">!Select</span> <span class="pi">[</span> <span class="nv">0</span><span class="pi">,</span> <span class="kt">!GetAZs</span> <span class="pi">]</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-subnet-private-vpc2forec2</span> <span class="na">VPC2PrivateSubnetForTransitGatewayAttachment</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Subnet</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForTransitGatewayAttachmentCidrBlock</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2</span> <span class="na">AvailabilityZone</span><span class="pi">:</span> <span class="kt">!Select</span> <span class="pi">[</span> <span class="nv">0</span><span class="pi">,</span> <span class="kt">!GetAZs</span> <span class="pi">]</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-subnet-private-vpc2forec2transitgatewayattachment</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># VPCEndpoint</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="na">VPC1VPCEndpointSSM</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCEndpoint</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">PrivateDnsEnabled</span><span class="pi">:</span> <span class="no">true</span> <span class="na">SecurityGroupIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1VPCEndpointSecurityGroup</span> <span class="na">ServiceName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">com.amazonaws.${AWS::Region}.ssm</span> <span class="na">SubnetIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2</span> <span class="na">VpcEndpointType</span><span class="pi">:</span> <span class="s">Interface</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">VPC1VPCEndpointSSMMessages</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCEndpoint</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">PrivateDnsEnabled</span><span class="pi">:</span> <span class="no">true</span> <span class="na">SecurityGroupIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1VPCEndpointSecurityGroup</span> <span class="na">ServiceName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">com.amazonaws.${AWS::Region}.ssmmessages</span> <span class="na">SubnetIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2</span> <span class="na">VpcEndpointType</span><span class="pi">:</span> <span class="s">Interface</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">VPC1VPCEndpointEC2Messages</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCEndpoint</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">PrivateDnsEnabled</span><span class="pi">:</span> <span class="no">true</span> <span class="na">SecurityGroupIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1VPCEndpointSecurityGroup</span> <span class="na">ServiceName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">com.amazonaws.${AWS::Region}.ec2messages</span> <span class="na">SubnetIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2</span> <span class="na">VpcEndpointType</span><span class="pi">:</span> <span class="s">Interface</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">VPC1VPCEndpointS3</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCEndpoint</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RouteTableIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2RouteTable</span> <span class="na">ServiceName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">com.amazonaws.${AWS::Region}.s3</span> <span class="na">VpcEndpointType</span><span class="pi">:</span> <span class="s">Gateway</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="c1"># for VPC2</span> <span class="na">VPC2VPCEndpointSSM</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCEndpoint</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">PrivateDnsEnabled</span><span class="pi">:</span> <span class="no">true</span> <span class="na">SecurityGroupIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC2VPCEndpointSecurityGroup</span> <span class="na">ServiceName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">com.amazonaws.${AWS::Region}.ssm</span> <span class="na">SubnetIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForEC2</span> <span class="na">VpcEndpointType</span><span class="pi">:</span> <span class="s">Interface</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2</span> <span class="na">VPC2VPCEndpointSSMMessages</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCEndpoint</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">PrivateDnsEnabled</span><span class="pi">:</span> <span class="no">true</span> <span class="na">SecurityGroupIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC2VPCEndpointSecurityGroup</span> <span class="na">ServiceName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">com.amazonaws.${AWS::Region}.ssmmessages</span> <span class="na">SubnetIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForEC2</span> <span class="na">VpcEndpointType</span><span class="pi">:</span> <span class="s">Interface</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2</span> <span class="na">VPC2VPCEndpointEC2Messages</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCEndpoint</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">PrivateDnsEnabled</span><span class="pi">:</span> <span class="no">true</span> <span class="na">SecurityGroupIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC2VPCEndpointSecurityGroup</span> <span class="na">ServiceName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">com.amazonaws.${AWS::Region}.ec2messages</span> <span class="na">SubnetIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForEC2</span> <span class="na">VpcEndpointType</span><span class="pi">:</span> <span class="s">Interface</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2</span> <span class="na">VPC2VPCEndpointS3</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCEndpoint</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RouteTableIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForEC2RouteTable</span> <span class="na">ServiceName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">com.amazonaws.${AWS::Region}.s3</span> <span class="na">VpcEndpointType</span><span class="pi">:</span> <span class="s">Gateway</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># RouteTable</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="c1"># PrivateSubnetForEC2</span> <span class="na">VPC1PrivateSubnetForEC2RouteTable</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::RouteTable</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-routetable-vpc1privatesubnetforec2</span> <span class="na">VPC1PrivateSubnetForEC2RouteTableAssociation</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SubnetRouteTableAssociation</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">SubnetId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2RouteTable</span> <span class="na">VPC1TransitGatewayRoute</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Route</span> <span class="na">DependsOn</span><span class="pi">:</span> <span class="s">VPC1TransitGatewayAttachment</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2RouteTable</span> <span class="na">DestinationCidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2CidrBlock</span> <span class="na">TransitGatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TransitGatewayId</span> <span class="na">VPC1TransitGatewayRoutefor2ndAccountVPC1</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Route</span> <span class="na">DependsOn</span><span class="pi">:</span> <span class="s">VPC1TransitGatewayAttachment</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2RouteTable</span> <span class="na">DestinationCidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">2ndAccountVPC1CidrBlock</span> <span class="na">TransitGatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TransitGatewayId</span> <span class="na">VPC1TransitGatewayRoutefor2ndAccountVPC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Route</span> <span class="na">DependsOn</span><span class="pi">:</span> <span class="s">VPC1TransitGatewayAttachment</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2RouteTable</span> <span class="na">DestinationCidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">2ndAccountVPC2CidrBlock</span> <span class="na">TransitGatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TransitGatewayId</span> <span class="c1"># for VPC2</span> <span class="c1"># PrivateSubnetForEC2</span> <span class="na">VPC2PrivateSubnetForEC2RouteTable</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::RouteTable</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-routetable-vpc2privatesubnetforec2</span> <span class="na">VPC2PrivateSubnetForEC2RouteTableAssociation</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SubnetRouteTableAssociation</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">SubnetId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForEC2</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForEC2RouteTable</span> <span class="na">VPC2TransitGatewayRoute</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Route</span> <span class="na">DependsOn</span><span class="pi">:</span> <span class="s">VPC2TransitGatewayAttachment</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForEC2RouteTable</span> <span class="na">DestinationCidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1CidrBlock</span> <span class="na">TransitGatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TransitGatewayId</span> <span class="na">VPC2TransitGatewayRoutefor2ndAccountVPC1</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Route</span> <span class="na">DependsOn</span><span class="pi">:</span> <span class="s">VPC1TransitGatewayAttachment</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForEC2RouteTable</span> <span class="na">DestinationCidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">2ndAccountVPC1CidrBlock</span> <span class="na">TransitGatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TransitGatewayId</span> <span class="na">VPC2TransitGatewayRoutefor2ndAccountVPC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Route</span> <span class="na">DependsOn</span><span class="pi">:</span> <span class="s">VPC1TransitGatewayAttachment</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForEC2RouteTable</span> <span class="na">DestinationCidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">2ndAccountVPC2CidrBlock</span> <span class="na">TransitGatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TransitGatewayId</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># EC2</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="na">VPC1EC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Instance</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">IamInstanceProfile</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">EC2InstanceProfile</span> <span class="na">ImageId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">ImageId</span> <span class="na">InstanceType</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">InstanceType</span> <span class="na">NetworkInterfaces</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">DeviceIndex</span><span class="pi">:</span> <span class="m">0</span> <span class="na">SubnetId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2</span> <span class="na">GroupSet</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1EC2SecurityGroup</span> <span class="c1"># for VPC2</span> <span class="na">VPC2EC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Instance</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">IamInstanceProfile</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">EC2InstanceProfile</span> <span class="na">ImageId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">ImageId</span> <span class="na">InstanceType</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">InstanceType</span> <span class="na">NetworkInterfaces</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">DeviceIndex</span><span class="pi">:</span> <span class="m">0</span> <span class="na">SubnetId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForEC2</span> <span class="na">GroupSet</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC2EC2SecurityGroup</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># IAM</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># Role</span> <span class="na">EC2Role</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::IAM::Role</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">AssumeRolePolicyDocument</span><span class="pi">:</span> <span class="na">Version</span><span class="pi">:</span> <span class="s">2012-10-17</span> <span class="na">Statement</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Effect</span><span class="pi">:</span> <span class="s">Allow</span> <span class="na">Action</span><span class="pi">:</span> <span class="s">sts:AssumeRole</span> <span class="na">Principal</span><span class="pi">:</span> <span class="na">Service</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">ec2.amazonaws.com</span> <span class="na">ManagedPolicyArns</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore</span> <span class="c1"># InstanceProfile</span> <span class="na">EC2InstanceProfile</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::IAM::InstanceProfile</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">Path</span><span class="pi">:</span> <span class="s">/</span> <span class="na">Roles</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">EC2Role</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># SecurityGroup</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="c1"># SecurityGroup</span> <span class="na">VPC1VPCEndpointSecurityGroup</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroup</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">GroupName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-securitygroup-vpcendpoint-vpc1</span> <span class="na">GroupDescription</span><span class="pi">:</span> <span class="s">for VPCE</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-securitygroup-vpcendpoint-vpc1</span> <span class="c1"># Ingress</span> <span class="na">VPC1VPCEndpointSecurityGroupIngressEC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroupIngress</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">FromPort</span><span class="pi">:</span> <span class="m">443</span> <span class="na">ToPort</span><span class="pi">:</span> <span class="m">443</span> <span class="na">IpProtocol</span><span class="pi">:</span> <span class="s">tcp</span> <span class="na">SourceSecurityGroupId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1EC2SecurityGroup</span> <span class="na">GroupId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">VPC1VPCEndpointSecurityGroup.GroupId</span> <span class="c1">#------------------------------------------------------------#</span> <span class="c1"># SecurityGroup</span> <span class="na">VPC1EC2SecurityGroup</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroup</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">GroupDescription</span><span class="pi">:</span> <span class="s">VPC1EC2SecurityGroup</span> <span class="na">GroupName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-securitygroup-vpc1ec2</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-securitygroup-vpc1ec2</span> <span class="c1"># Ingress</span> <span class="na">VPC1EC2SecurityGroupIngressFromSameAccountVPC2EC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroupIngress</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">FromPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">ToPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">IpProtocol</span><span class="pi">:</span> <span class="s">icmp</span> <span class="na">CidrIp</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2CidrBlock</span> <span class="na">GroupId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">VPC1EC2SecurityGroup.GroupId</span> <span class="na">VPC1EC2SecurityGroupIngressFrom2ndAccountVPC1EC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroupIngress</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">FromPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">ToPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">IpProtocol</span><span class="pi">:</span> <span class="s">icmp</span> <span class="na">CidrIp</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">2ndAccountVPC1CidrBlock</span> <span class="na">GroupId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">VPC1EC2SecurityGroup.GroupId</span> <span class="na">VPC1EC2SecurityGroupIngressFrom2ndAccountVPC2EC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroupIngress</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">FromPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">ToPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">IpProtocol</span><span class="pi">:</span> <span class="s">icmp</span> <span class="na">CidrIp</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">2ndAccountVPC2CidrBlock</span> <span class="na">GroupId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">VPC1EC2SecurityGroup.GroupId</span> <span class="c1">#------------------------------------------------------------#</span> <span class="c1"># for VPC2</span> <span class="c1"># SecurityGroup</span> <span class="na">VPC2VPCEndpointSecurityGroup</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroup</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2</span> <span class="na">GroupName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-securitygroup-vpcendpoint-vpc2</span> <span class="na">GroupDescription</span><span class="pi">:</span> <span class="s">for VPCE</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-securitygroup-vpcendpoint-vpc2</span> <span class="c1"># Ingress</span> <span class="na">VPC2VPCEndpointSecurityGroupIngressEC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroupIngress</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">FromPort</span><span class="pi">:</span> <span class="m">443</span> <span class="na">ToPort</span><span class="pi">:</span> <span class="m">443</span> <span class="na">IpProtocol</span><span class="pi">:</span> <span class="s">tcp</span> <span class="na">SourceSecurityGroupId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2EC2SecurityGroup</span> <span class="na">GroupId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">VPC2VPCEndpointSecurityGroup.GroupId</span> <span class="c1">#------------------------------------------------------------#</span> <span class="c1"># SecurityGroup</span> <span class="na">VPC2EC2SecurityGroup</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroup</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">GroupDescription</span><span class="pi">:</span> <span class="s">VPC2EC2SecurityGroup</span> <span class="na">GroupName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-securitygroup-vpc2ec2</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-securitygroup-vpc2ec2</span> <span class="c1"># Ingress</span> <span class="na">VPC2EC2SecurityGroupIngressFromSameAccountVPC1EC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroupIngress</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">FromPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">ToPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">IpProtocol</span><span class="pi">:</span> <span class="s">icmp</span> <span class="na">CidrIp</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1CidrBlock</span> <span class="na">GroupId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">VPC2EC2SecurityGroup.GroupId</span> <span class="na">VPC2EC2SecurityGroupIngressFrom2ndAccountVPC1EC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroupIngress</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">FromPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">ToPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">IpProtocol</span><span class="pi">:</span> <span class="s">icmp</span> <span class="na">CidrIp</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">2ndAccountVPC1CidrBlock</span> <span class="na">GroupId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">VPC2EC2SecurityGroup.GroupId</span> <span class="na">VPC2EC2SecurityGroupIngressFrom2ndAccountVPC2EC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroupIngress</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">FromPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">ToPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">IpProtocol</span><span class="pi">:</span> <span class="s">icmp</span> <span class="na">CidrIp</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">2ndAccountVPC2CidrBlock</span> <span class="na">GroupId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">VPC2EC2SecurityGroup.GroupId</span> </code></pre> </div> <h4> account_b.yml </h4> <p>Run the following template on account B.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">AWSTemplateFormatVersion</span><span class="pi">:</span> <span class="s">2010-09-09</span> <span class="na">Parameters</span><span class="pi">:</span> <span class="na">PJPrefix</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Environment</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">prd</span> <span class="c1"># for VPC1</span> <span class="na">VPC1CidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">10.3.0.0/16</span> <span class="na">VPC1PrivateSubnetForEC2CidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">10.3.0.0/24</span> <span class="na">VPC1PrivateSubnetForTransitGatewayAttachmentCidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">10.3.1.0/28</span> <span class="c1"># for VPC2</span> <span class="na">VPC2CidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">10.4.0.0/16</span> <span class="na">VPC2PrivateSubnetForEC2CidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">10.4.0.0/24</span> <span class="na">VPC2PrivateSubnetForTransitGatewayAttachmentCidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">10.4.1.0/28</span> <span class="c1"># for Both EC2</span> <span class="na">ImageId</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">ami-079a2a9ac6ed876fc</span> <span class="na">InstanceType</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">t2.micro</span> <span class="c1"># for 1stAccount</span> <span class="c1"># for VPC1</span> <span class="na">1stAccountVPC1CidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">10.1.0.0/16</span> <span class="c1"># for VPC2</span> <span class="na">1stAccountVPC2CidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">10.2.0.0/16</span> <span class="na">TransitGatewayId</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Resources</span><span class="pi">:</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># TransitGateway</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="na">VPC1TransitGatewayAttachment</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::TransitGatewayAttachment</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">SubnetIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForTransitGatewayAttachment</span> <span class="na">TransitGatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TransitGatewayId</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-transitgatewayattachment-vpc1</span> <span class="c1"># for VPC2</span> <span class="na">VPC2TransitGatewayAttachment</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::TransitGatewayAttachment</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">SubnetIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForTransitGatewayAttachment</span> <span class="na">TransitGatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TransitGatewayId</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-transitgatewayattachment-vpc2</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># VPC</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="na">VPC1</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPC</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1CidrBlock</span> <span class="na">InstanceTenancy</span><span class="pi">:</span> <span class="s">default</span> <span class="na">EnableDnsSupport</span><span class="pi">:</span> <span class="no">true</span> <span class="na">EnableDnsHostnames</span><span class="pi">:</span> <span class="no">true</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-vpc1</span> <span class="c1"># for VPC2</span> <span class="na">VPC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPC</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2CidrBlock</span> <span class="na">InstanceTenancy</span><span class="pi">:</span> <span class="s">default</span> <span class="na">EnableDnsSupport</span><span class="pi">:</span> <span class="no">true</span> <span class="na">EnableDnsHostnames</span><span class="pi">:</span> <span class="no">true</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-vpc2</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># Subnet</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="na">VPC1PrivateSubnetForEC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Subnet</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2CidrBlock</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">AvailabilityZone</span><span class="pi">:</span> <span class="kt">!Select</span> <span class="pi">[</span> <span class="nv">0</span><span class="pi">,</span> <span class="kt">!GetAZs</span> <span class="pi">]</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-subnet-private-vpc1forec2</span> <span class="na">VPC1PrivateSubnetForTransitGatewayAttachment</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Subnet</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForTransitGatewayAttachmentCidrBlock</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">AvailabilityZone</span><span class="pi">:</span> <span class="kt">!Select</span> <span class="pi">[</span> <span class="nv">0</span><span class="pi">,</span> <span class="kt">!GetAZs</span> <span class="pi">]</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-subnet-private-vpc1forec2transitgatewayattachment</span> <span class="c1"># for VPC2</span> <span class="na">VPC2PrivateSubnetForEC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Subnet</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForEC2CidrBlock</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2</span> <span class="na">AvailabilityZone</span><span class="pi">:</span> <span class="kt">!Select</span> <span class="pi">[</span> <span class="nv">0</span><span class="pi">,</span> <span class="kt">!GetAZs</span> <span class="pi">]</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-subnet-private-vpc2forec2</span> <span class="na">VPC2PrivateSubnetForTransitGatewayAttachment</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Subnet</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForTransitGatewayAttachmentCidrBlock</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2</span> <span class="na">AvailabilityZone</span><span class="pi">:</span> <span class="kt">!Select</span> <span class="pi">[</span> <span class="nv">0</span><span class="pi">,</span> <span class="kt">!GetAZs</span> <span class="pi">]</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-subnet-private-vpc2forec2transitgatewayattachment</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># VPCEndpoint</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="na">VPC1VPCEndpointSSM</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCEndpoint</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">PrivateDnsEnabled</span><span class="pi">:</span> <span class="no">true</span> <span class="na">SecurityGroupIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1VPCEndpointSecurityGroup</span> <span class="na">ServiceName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">com.amazonaws.${AWS::Region}.ssm</span> <span class="na">SubnetIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2</span> <span class="na">VpcEndpointType</span><span class="pi">:</span> <span class="s">Interface</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">VPC1VPCEndpointSSMMessages</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCEndpoint</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">PrivateDnsEnabled</span><span class="pi">:</span> <span class="no">true</span> <span class="na">SecurityGroupIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1VPCEndpointSecurityGroup</span> <span class="na">ServiceName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">com.amazonaws.${AWS::Region}.ssmmessages</span> <span class="na">SubnetIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2</span> <span class="na">VpcEndpointType</span><span class="pi">:</span> <span class="s">Interface</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">VPC1VPCEndpointEC2Messages</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCEndpoint</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">PrivateDnsEnabled</span><span class="pi">:</span> <span class="no">true</span> <span class="na">SecurityGroupIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1VPCEndpointSecurityGroup</span> <span class="na">ServiceName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">com.amazonaws.${AWS::Region}.ec2messages</span> <span class="na">SubnetIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2</span> <span class="na">VpcEndpointType</span><span class="pi">:</span> <span class="s">Interface</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">VPC1VPCEndpointS3</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCEndpoint</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RouteTableIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2RouteTable</span> <span class="na">ServiceName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">com.amazonaws.${AWS::Region}.s3</span> <span class="na">VpcEndpointType</span><span class="pi">:</span> <span class="s">Gateway</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="c1"># for VPC2</span> <span class="na">VPC2VPCEndpointSSM</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCEndpoint</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">PrivateDnsEnabled</span><span class="pi">:</span> <span class="no">true</span> <span class="na">SecurityGroupIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC2VPCEndpointSecurityGroup</span> <span class="na">ServiceName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">com.amazonaws.${AWS::Region}.ssm</span> <span class="na">SubnetIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForEC2</span> <span class="na">VpcEndpointType</span><span class="pi">:</span> <span class="s">Interface</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2</span> <span class="na">VPC2VPCEndpointSSMMessages</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCEndpoint</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">PrivateDnsEnabled</span><span class="pi">:</span> <span class="no">true</span> <span class="na">SecurityGroupIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC2VPCEndpointSecurityGroup</span> <span class="na">ServiceName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">com.amazonaws.${AWS::Region}.ssmmessages</span> <span class="na">SubnetIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForEC2</span> <span class="na">VpcEndpointType</span><span class="pi">:</span> <span class="s">Interface</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2</span> <span class="na">VPC2VPCEndpointEC2Messages</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCEndpoint</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">PrivateDnsEnabled</span><span class="pi">:</span> <span class="no">true</span> <span class="na">SecurityGroupIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC2VPCEndpointSecurityGroup</span> <span class="na">ServiceName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">com.amazonaws.${AWS::Region}.ec2messages</span> <span class="na">SubnetIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForEC2</span> <span class="na">VpcEndpointType</span><span class="pi">:</span> <span class="s">Interface</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2</span> <span class="na">VPC2VPCEndpointS3</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCEndpoint</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RouteTableIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForEC2RouteTable</span> <span class="na">ServiceName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">com.amazonaws.${AWS::Region}.s3</span> <span class="na">VpcEndpointType</span><span class="pi">:</span> <span class="s">Gateway</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># RouteTable</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="c1"># PrivateSubnetForEC2</span> <span class="na">VPC1PrivateSubnetForEC2RouteTable</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::RouteTable</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-routetable-vpc1privatesubnetforec2</span> <span class="na">VPC1PrivateSubnetForEC2RouteTableAssociation</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SubnetRouteTableAssociation</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">SubnetId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2RouteTable</span> <span class="na">VPC1TransitGatewayRouteforSameAccountVPC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Route</span> <span class="na">DependsOn</span><span class="pi">:</span> <span class="s">VPC1TransitGatewayAttachment</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2RouteTable</span> <span class="na">DestinationCidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2CidrBlock</span> <span class="na">TransitGatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TransitGatewayId</span> <span class="na">VPC1TransitGatewayRoutefor1stAccountVPC1</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Route</span> <span class="na">DependsOn</span><span class="pi">:</span> <span class="s">VPC1TransitGatewayAttachment</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2RouteTable</span> <span class="na">DestinationCidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">1stAccountVPC1CidrBlock</span> <span class="na">TransitGatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TransitGatewayId</span> <span class="na">VPC1TransitGatewayRoutefor1stAccountVPC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Route</span> <span class="na">DependsOn</span><span class="pi">:</span> <span class="s">VPC1TransitGatewayAttachment</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2RouteTable</span> <span class="na">DestinationCidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">1stAccountVPC2CidrBlock</span> <span class="na">TransitGatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TransitGatewayId</span> <span class="c1"># for VPC2</span> <span class="c1"># PrivateSubnetForEC2</span> <span class="na">VPC2PrivateSubnetForEC2RouteTable</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::RouteTable</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-routetable-vpc2privatesubnetforec2</span> <span class="na">VPC2PrivateSubnetForEC2RouteTableAssociation</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SubnetRouteTableAssociation</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">SubnetId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForEC2</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForEC2RouteTable</span> <span class="na">VPC2TransitGatewayRouteforSameAccountVPC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Route</span> <span class="na">DependsOn</span><span class="pi">:</span> <span class="s">VPC2TransitGatewayAttachment</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForEC2RouteTable</span> <span class="na">DestinationCidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1CidrBlock</span> <span class="na">TransitGatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TransitGatewayId</span> <span class="na">VPC2TransitGatewayRoutefor1stAccountVPC1</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Route</span> <span class="na">DependsOn</span><span class="pi">:</span> <span class="s">VPC1TransitGatewayAttachment</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForEC2RouteTable</span> <span class="na">DestinationCidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">1stAccountVPC1CidrBlock</span> <span class="na">TransitGatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TransitGatewayId</span> <span class="na">VPC2TransitGatewayRoutefor1stAccountVPC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Route</span> <span class="na">DependsOn</span><span class="pi">:</span> <span class="s">VPC1TransitGatewayAttachment</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForEC2RouteTable</span> <span class="na">DestinationCidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">1stAccountVPC2CidrBlock</span> <span class="na">TransitGatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TransitGatewayId</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># EC2</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="na">VPC1EC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Instance</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">IamInstanceProfile</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">EC2InstanceProfile</span> <span class="na">ImageId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">ImageId</span> <span class="na">InstanceType</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">InstanceType</span> <span class="na">NetworkInterfaces</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">DeviceIndex</span><span class="pi">:</span> <span class="m">0</span> <span class="na">SubnetId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2</span> <span class="na">GroupSet</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1EC2SecurityGroup</span> <span class="c1"># for VPC2</span> <span class="na">VPC2EC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Instance</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">IamInstanceProfile</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">EC2InstanceProfile</span> <span class="na">ImageId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">ImageId</span> <span class="na">InstanceType</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">InstanceType</span> <span class="na">NetworkInterfaces</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">DeviceIndex</span><span class="pi">:</span> <span class="m">0</span> <span class="na">SubnetId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForEC2</span> <span class="na">GroupSet</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC2EC2SecurityGroup</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># IAM</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># Role</span> <span class="na">EC2Role</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::IAM::Role</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">AssumeRolePolicyDocument</span><span class="pi">:</span> <span class="na">Version</span><span class="pi">:</span> <span class="s">2012-10-17</span> <span class="na">Statement</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Effect</span><span class="pi">:</span> <span class="s">Allow</span> <span class="na">Action</span><span class="pi">:</span> <span class="s">sts:AssumeRole</span> <span class="na">Principal</span><span class="pi">:</span> <span class="na">Service</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">ec2.amazonaws.com</span> <span class="na">ManagedPolicyArns</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore</span> <span class="c1"># InstanceProfile</span> <span class="na">EC2InstanceProfile</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::IAM::InstanceProfile</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">Path</span><span class="pi">:</span> <span class="s">/</span> <span class="na">Roles</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">EC2Role</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># SecurityGroup</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="c1"># SecurityGroup</span> <span class="na">VPC1VPCEndpointSecurityGroup</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroup</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">GroupName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-securitygroup-vpcendpoint-vpc1</span> <span class="na">GroupDescription</span><span class="pi">:</span> <span class="s">for VPCE</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-securitygroup-vpcendpoint-vpc1</span> <span class="c1"># Ingress</span> <span class="na">VPC1VPCEndpointSecurityGroupIngressEC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroupIngress</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">FromPort</span><span class="pi">:</span> <span class="m">443</span> <span class="na">ToPort</span><span class="pi">:</span> <span class="m">443</span> <span class="na">IpProtocol</span><span class="pi">:</span> <span class="s">tcp</span> <span class="na">SourceSecurityGroupId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1EC2SecurityGroup</span> <span class="na">GroupId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">VPC1VPCEndpointSecurityGroup.GroupId</span> <span class="c1">#------------------------------------------------------------#</span> <span class="c1"># SecurityGroup</span> <span class="na">VPC1EC2SecurityGroup</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroup</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">GroupDescription</span><span class="pi">:</span> <span class="s">VPC1EC2SecurityGroup</span> <span class="na">GroupName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-securitygroup-vpc1ec2</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-securitygroup-vpc1ec2</span> <span class="c1"># Ingress</span> <span class="na">VPC1EC2SecurityGroupIngressFromSameAccountVPC2EC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroupIngress</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">FromPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">ToPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">IpProtocol</span><span class="pi">:</span> <span class="s">icmp</span> <span class="na">CidrIp</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2CidrBlock</span> <span class="na">GroupId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">VPC1EC2SecurityGroup.GroupId</span> <span class="na">VPC1EC2SecurityGroupIngressFrom1stAccountVPC1EC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroupIngress</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">FromPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">ToPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">IpProtocol</span><span class="pi">:</span> <span class="s">icmp</span> <span class="na">CidrIp</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">1stAccountVPC1CidrBlock</span> <span class="na">GroupId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">VPC1EC2SecurityGroup.GroupId</span> <span class="na">VPC1EC2SecurityGroupIngressFrom1stAccountVPC2EC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroupIngress</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">FromPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">ToPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">IpProtocol</span><span class="pi">:</span> <span class="s">icmp</span> <span class="na">CidrIp</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">1stAccountVPC2CidrBlock</span> <span class="na">GroupId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">VPC1EC2SecurityGroup.GroupId</span> <span class="c1">#------------------------------------------------------------#</span> <span class="c1"># for VPC2</span> <span class="c1"># SecurityGroup</span> <span class="na">VPC2VPCEndpointSecurityGroup</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroup</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2</span> <span class="na">GroupName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-securitygroup-vpcendpoint-vpc2</span> <span class="na">GroupDescription</span><span class="pi">:</span> <span class="s">for VPCE</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-securitygroup-vpcendpoint-vpc2</span> <span class="c1"># Ingress</span> <span class="na">VPC2VPCEndpointSecurityGroupIngressEC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroupIngress</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">FromPort</span><span class="pi">:</span> <span class="m">443</span> <span class="na">ToPort</span><span class="pi">:</span> <span class="m">443</span> <span class="na">IpProtocol</span><span class="pi">:</span> <span class="s">tcp</span> <span class="na">SourceSecurityGroupId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2EC2SecurityGroup</span> <span class="na">GroupId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">VPC2VPCEndpointSecurityGroup.GroupId</span> <span class="c1">#------------------------------------------------------------#</span> <span class="c1"># SecurityGroup</span> <span class="na">VPC2EC2SecurityGroup</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroup</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">GroupDescription</span><span class="pi">:</span> <span class="s">VPC2EC2SecurityGroup</span> <span class="na">GroupName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-securitygroup-vpc2ec2</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-securitygroup-vpc2ec2</span> <span class="c1"># Ingress</span> <span class="na">VPC2EC2SecurityGroupIngressFromSameAccountVPC1EC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroupIngress</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">FromPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">ToPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">IpProtocol</span><span class="pi">:</span> <span class="s">icmp</span> <span class="na">CidrIp</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1CidrBlock</span> <span class="na">GroupId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">VPC2EC2SecurityGroup.GroupId</span> <span class="na">VPC2EC2SecurityGroupIngressFrom1stAccountVPC1EC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroupIngress</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">FromPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">ToPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">IpProtocol</span><span class="pi">:</span> <span class="s">icmp</span> <span class="na">CidrIp</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">1stAccountVPC1CidrBlock</span> <span class="na">GroupId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">VPC2EC2SecurityGroup.GroupId</span> <span class="na">VPC2EC2SecurityGroupIngressFrom1stAccountVPC2EC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroupIngress</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">FromPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">ToPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">IpProtocol</span><span class="pi">:</span> <span class="s">icmp</span> <span class="na">CidrIp</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">1stAccountVPC2CidrBlock</span> <span class="na">GroupId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">VPC2EC2SecurityGroup.GroupId</span> </code></pre> </div> <p>That is all.</p> <h3> Execute ping on the EC2 instance to confirm communication </h3> <p>I was able to confirm the communication successfully.</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--jgsVmHft--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/5jlvkohvw3r4wviexg9u.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--jgsVmHft--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/5jlvkohvw3r4wviexg9u.png" alt="Image description" width="800" height="951"></a></p> <h2> What I've learned so far </h2> <p>The Transitgateway shared in RAM is a regional service, which is obvious when you think about it, so for example, if you try to run the Account B stack mentioned earlier on us-east-1, you will get an error as follows.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Resource handler returned message: "Transit Gateway tgw-xxxxxxxxxxxxxxxxx was deleted or does not exist. (Service: Ec2, Status Code: 400, Request ID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx)" (RequestToken: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx, HandlerErrorCode: NotFound) </code></pre> </div> <h2> ②Connecting regions by different accounts (3 accounts ver.) </h2> <p>My understanding to date is that by creating a Peering Attachment in the tgw account, it may be possible to</p> <p>(*I have included a diagram of 8 VPCs (within regions, between regions, and between accounts) with the intention of following the trend from before last time, but I will simplify what I actually create).<br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--Dkkm4kvh--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/7acic7wq639g002h23s0.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--Dkkm4kvh--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/7acic7wq639g002h23s0.png" alt="Image description" width="800" height="551"></a></p> <p>With this aim,<br> [account A/ap-northeast-1/VPC1].<br> ↓↑<br> [account B/us-east-1/VPC1]<br> Let's see if we can get a communication like the following.</p> <h3> configuration diagram </h3> <p>The previous diagram was messy, but this time the quirks are abbreviated as follows.<br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--J0UQ9zQG--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/9d8fdi05740ahnm08biz.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--J0UQ9zQG--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/9d8fdi05740ahnm08biz.png" alt="Image description" width="800" height="524"></a></p> <h3> procedure </h3> <h4> tgw_account_1stRegion.yml </h4> <p>Run the following template in the tgw account ap-northeast-1.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">AWSTemplateFormatVersion</span><span class="pi">:</span> <span class="s2">"</span><span class="s">2010-09-09"</span> <span class="na">Parameters</span><span class="pi">:</span> <span class="na">PJPrefix</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Environment</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">prd</span> <span class="na">AccountAId</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Resources</span><span class="pi">:</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># RAM</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="na">ResourceShare</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::RAM::ResourceShare</span> <span class="na">DependsOn</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">TransitGateway</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">Name</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-ram</span> <span class="na">ResourceArns</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Sub</span> <span class="s">arn:aws:ec2:${AWS::Region}:${AWS::AccountId}:transit-gateway/${TransitGateway}</span> <span class="na">Principals</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">AccountAId</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-ram-for-account-a</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># TransitGateway</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="na">TransitGateway</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::TransitGateway</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">AmazonSideAsn</span><span class="pi">:</span> <span class="m">64512</span> <span class="c1"># default value</span> <span class="na">AutoAcceptSharedAttachments</span><span class="pi">:</span> <span class="s">enable</span> <span class="na">DefaultRouteTableAssociation</span><span class="pi">:</span> <span class="s">enable</span> <span class="na">DefaultRouteTablePropagation</span><span class="pi">:</span> <span class="s">enable</span> <span class="na">DnsSupport</span><span class="pi">:</span> <span class="s">enable</span> <span class="na">VpnEcmpSupport</span><span class="pi">:</span> <span class="s">enable</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-transitgateway-for-account-a</span> <span class="na">Outputs</span><span class="pi">:</span> <span class="na">TransitGatewayId</span><span class="pi">:</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TransitGateway</span> <span class="na">PeerRegion</span><span class="pi">:</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">AWS::Region</span> <span class="na">PeerTransitGatewayId</span><span class="pi">:</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TransitGateway</span> </code></pre> </div> <p>↓ </p> <h4> tgw_account_2ndRegion.yml </h4> <p>Run the following template for the same tgw account, this time in the us-east-1 region.<br> *Please copy and paste the same name output value from the "tgw_account_1stRegion.yml" stack for the blank parameter value.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">AWSTemplateFormatVersion</span><span class="pi">:</span> <span class="s2">"</span><span class="s">2010-09-09"</span> <span class="na">Parameters</span><span class="pi">:</span> <span class="na">PJPrefix</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Environment</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">prd</span> <span class="na">AccountBId</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">PeerRegion</span><span class="pi">:</span> <span class="c1"># Input the same name output value of the 1st region's stack</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">PeerTransitGatewayId</span><span class="pi">:</span> <span class="c1"># Input the same name output value of the 1st region's stack</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Resources</span><span class="pi">:</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># RAM</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="na">ResourceShare</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::RAM::ResourceShare</span> <span class="na">DependsOn</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">TransitGateway</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">Name</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-ram</span> <span class="na">ResourceArns</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Sub</span> <span class="s">arn:aws:ec2:${AWS::Region}:${AWS::AccountId}:transit-gateway/${TransitGateway}</span> <span class="na">Principals</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">AccountBId</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-ram-for-account-b</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># TransitGateway</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="na">TransitGateway</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::TransitGateway</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">AmazonSideAsn</span><span class="pi">:</span> <span class="m">64512</span> <span class="c1"># default value</span> <span class="na">AutoAcceptSharedAttachments</span><span class="pi">:</span> <span class="s">enable</span> <span class="na">DefaultRouteTableAssociation</span><span class="pi">:</span> <span class="s">enable</span> <span class="na">DefaultRouteTablePropagation</span><span class="pi">:</span> <span class="s">enable</span> <span class="na">DnsSupport</span><span class="pi">:</span> <span class="s">enable</span> <span class="na">VpnEcmpSupport</span><span class="pi">:</span> <span class="s">enable</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-transitgateway-for-account-b</span> <span class="na">TransitGatewayPeeringAttachment</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::TransitGatewayPeeringAttachment</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">PeerAccountId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">AWS::AccountId</span> <span class="na">PeerRegion</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">PeerRegion</span> <span class="na">PeerTransitGatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">PeerTransitGatewayId</span> <span class="na">TransitGatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TransitGateway</span> <span class="na">Outputs</span><span class="pi">:</span> <span class="na">TransitGatewayId</span><span class="pi">:</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TransitGateway</span> </code></pre> </div> <p>↓<br> Peering Attachment that is in "Pending Acceptance" status in the "Transit Gateway Attachment" of the ap-northeast-1 region of the tgw account, go to "Action" -&gt; "Transit Gateway Attachment. Accept".</p> <h4> consent procedure </h4> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--Z_-uEtZv--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/qkbhp7ap73g24huf9vr4.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--Z_-uEtZv--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/qkbhp7ap73g24huf9vr4.png" alt="Image description" width="800" height="90"></a><br> ↓<br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--37VEgLGD--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/jlalrygimxgvjmwuswus.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--37VEgLGD--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/jlalrygimxgvjmwuswus.png" alt="Image description" width="516" height="334"></a><br> ↓<br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--S4rlys2X--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/52b7yhinwa1iuzn05jdi.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--S4rlys2X--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/52b7yhinwa1iuzn05jdi.png" alt="Image description" width="800" height="131"></a><br> ↓<br> Pending is displayed.<br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--P80hAVJr--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/o62dltm8ejls4qv2utam.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--P80hAVJr--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/o62dltm8ejls4qv2utam.png" alt="Image description" width="800" height="87"></a><br> ↓<br> Change to Available. (Completed)<br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--RpySqEMZ--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/dg2i7wxlik64bwqlguwd.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--RpySqEMZ--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/dg2i7wxlik64bwqlguwd.png" alt="Image description" width="800" height="89"></a><br> ↓<br> Go to the RAM console of account A ap-northeast-1 and approve the pending resource sharing (invitation). (*Refer to the previous chapter procedure "RAM Work" block for instructions)<br> ↓<br> Go to the RAM console of account B on us-east-1 and approve the pending resource sharing (invitation). (*Refer to the previous section, "RAM Work" block for instructions.)<br> ↓<br> Execute the following template on account A's ap-northeast-1.<br> ↓</p> <h4> AccountA_1stRegion.yml </h4> <p>*Please copy and paste the "TransitGatewayId" parameter value from the "tgw_account_1stRegion.yml" stack output value of the same name.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">AWSTemplateFormatVersion</span><span class="pi">:</span> <span class="s">2010-09-09</span> <span class="na">Parameters</span><span class="pi">:</span> <span class="na">PJPrefix</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Environment</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">prd</span> <span class="c1"># for VPC1</span> <span class="na">VPC1CidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">10.1.0.0/16</span> <span class="na">VPC1PrivateSubnetForEC2CidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">10.1.0.0/24</span> <span class="na">VPC1PrivateSubnetForTransitGatewayAttachmentCidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">10.1.1.0/28</span> <span class="na">ImageId</span><span class="pi">:</span> <span class="c1"># EC2のImageId</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">ami-079a2a9ac6ed876fc</span> <span class="na">InstanceType</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">t2.micro</span> <span class="c1"># for 2ndAccount</span> <span class="na">2ndAccountVPC1CidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">10.2.0.0/16</span> <span class="c1"># Input the same name output value in tgw_account.yml</span> <span class="na">TransitGatewayId</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Resources</span><span class="pi">:</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># TransitGateway</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="na">VPC1TransitGatewayAttachment</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::TransitGatewayAttachment</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">SubnetIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForTransitGatewayAttachment</span> <span class="na">TransitGatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TransitGatewayId</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-transitgatewayattachment-vpc1</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># VPC</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="na">VPC1</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPC</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1CidrBlock</span> <span class="na">InstanceTenancy</span><span class="pi">:</span> <span class="s">default</span> <span class="na">EnableDnsSupport</span><span class="pi">:</span> <span class="no">true</span> <span class="na">EnableDnsHostnames</span><span class="pi">:</span> <span class="no">true</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-vpc1</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># Subnet</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="na">VPC1PrivateSubnetForEC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Subnet</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2CidrBlock</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">AvailabilityZone</span><span class="pi">:</span> <span class="kt">!Select</span> <span class="pi">[</span> <span class="nv">0</span><span class="pi">,</span> <span class="kt">!GetAZs</span> <span class="pi">]</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-subnet-private-vpc1forec2</span> <span class="na">VPC1PrivateSubnetForTransitGatewayAttachment</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Subnet</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForTransitGatewayAttachmentCidrBlock</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">AvailabilityZone</span><span class="pi">:</span> <span class="kt">!Select</span> <span class="pi">[</span> <span class="nv">0</span><span class="pi">,</span> <span class="kt">!GetAZs</span> <span class="pi">]</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-subnet-private-vpc1forec2transitgatewayattachment</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># VPCEndpoint</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="na">VPC1VPCEndpointSSM</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCEndpoint</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">PrivateDnsEnabled</span><span class="pi">:</span> <span class="no">true</span> <span class="na">SecurityGroupIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1VPCEndpointSecurityGroup</span> <span class="na">ServiceName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">com.amazonaws.${AWS::Region}.ssm</span> <span class="na">SubnetIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2</span> <span class="na">VpcEndpointType</span><span class="pi">:</span> <span class="s">Interface</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">VPC1VPCEndpointSSMMessages</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCEndpoint</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">PrivateDnsEnabled</span><span class="pi">:</span> <span class="no">true</span> <span class="na">SecurityGroupIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1VPCEndpointSecurityGroup</span> <span class="na">ServiceName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">com.amazonaws.${AWS::Region}.ssmmessages</span> <span class="na">SubnetIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2</span> <span class="na">VpcEndpointType</span><span class="pi">:</span> <span class="s">Interface</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">VPC1VPCEndpointEC2Messages</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCEndpoint</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">PrivateDnsEnabled</span><span class="pi">:</span> <span class="no">true</span> <span class="na">SecurityGroupIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1VPCEndpointSecurityGroup</span> <span class="na">ServiceName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">com.amazonaws.${AWS::Region}.ec2messages</span> <span class="na">SubnetIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2</span> <span class="na">VpcEndpointType</span><span class="pi">:</span> <span class="s">Interface</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">VPC1VPCEndpointS3</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCEndpoint</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RouteTableIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2RouteTable</span> <span class="na">ServiceName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">com.amazonaws.${AWS::Region}.s3</span> <span class="na">VpcEndpointType</span><span class="pi">:</span> <span class="s">Gateway</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># RouteTable</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="c1"># PrivateSubnetForEC2</span> <span class="na">VPC1PrivateSubnetForEC2RouteTable</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::RouteTable</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-routetable-vpc1privatesubnetforec2</span> <span class="na">VPC1PrivateSubnetForEC2RouteTableAssociation</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SubnetRouteTableAssociation</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">SubnetId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2RouteTable</span> <span class="na">VPC1TransitGatewayRoute</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Route</span> <span class="na">DependsOn</span><span class="pi">:</span> <span class="s">VPC1TransitGatewayAttachment</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2RouteTable</span> <span class="na">DestinationCidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">2ndAccountVPC1CidrBlock</span> <span class="na">TransitGatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TransitGatewayId</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># EC2</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="na">VPC1EC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Instance</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">IamInstanceProfile</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">EC2InstanceProfile</span> <span class="na">ImageId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">ImageId</span> <span class="na">InstanceType</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">InstanceType</span> <span class="na">NetworkInterfaces</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">DeviceIndex</span><span class="pi">:</span> <span class="m">0</span> <span class="na">SubnetId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2</span> <span class="na">GroupSet</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1EC2SecurityGroup</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># IAM</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># Role</span> <span class="na">EC2Role</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::IAM::Role</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">AssumeRolePolicyDocument</span><span class="pi">:</span> <span class="na">Version</span><span class="pi">:</span> <span class="s">2012-10-17</span> <span class="na">Statement</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Effect</span><span class="pi">:</span> <span class="s">Allow</span> <span class="na">Action</span><span class="pi">:</span> <span class="s">sts:AssumeRole</span> <span class="na">Principal</span><span class="pi">:</span> <span class="na">Service</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">ec2.amazonaws.com</span> <span class="na">ManagedPolicyArns</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore</span> <span class="c1"># InstanceProfile</span> <span class="na">EC2InstanceProfile</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::IAM::InstanceProfile</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">Path</span><span class="pi">:</span> <span class="s">/</span> <span class="na">Roles</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">EC2Role</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># SecurityGroup</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="c1"># SecurityGroup</span> <span class="na">VPC1VPCEndpointSecurityGroup</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroup</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">GroupName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-securitygroup-vpcendpoint-vpc1</span> <span class="na">GroupDescription</span><span class="pi">:</span> <span class="s">for VPCE</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-securitygroup-vpcendpoint-vpc1</span> <span class="c1"># Ingress</span> <span class="na">VPC1VPCEndpointSecurityGroupIngressEC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroupIngress</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">FromPort</span><span class="pi">:</span> <span class="m">443</span> <span class="na">ToPort</span><span class="pi">:</span> <span class="m">443</span> <span class="na">IpProtocol</span><span class="pi">:</span> <span class="s">tcp</span> <span class="na">SourceSecurityGroupId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1EC2SecurityGroup</span> <span class="na">GroupId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">VPC1VPCEndpointSecurityGroup.GroupId</span> <span class="c1">#------------------------------------------------------------#</span> <span class="c1"># SecurityGroup</span> <span class="na">VPC1EC2SecurityGroup</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroup</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">GroupDescription</span><span class="pi">:</span> <span class="s">VPC1EC2SecurityGroup</span> <span class="na">GroupName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-securitygroup-vpc1ec2</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-securitygroup-vpc1ec2</span> <span class="c1"># Ingress</span> <span class="na">VPC1EC2SecurityGroupIngressFrom2ndAccountVPC1CidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroupIngress</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">FromPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">ToPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">IpProtocol</span><span class="pi">:</span> <span class="s">icmp</span> <span class="na">CidrIp</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">2ndAccountVPC1CidrBlock</span> <span class="na">GroupId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">VPC1EC2SecurityGroup.GroupId</span> </code></pre> </div> <p>↓</p> <h4> AccountB_2ndRegion.yml </h4> <p>Run the following template on account B, us-east-1.<br> *Please copy and paste the "TransitGatewayId" parameter value from the "tgw_account_1stRegion.yml" stack output value of the same name.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">AWSTemplateFormatVersion</span><span class="pi">:</span> <span class="s">2010-09-09</span> <span class="na">Parameters</span><span class="pi">:</span> <span class="na">PJPrefix</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Environment</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">prd</span> <span class="c1"># for VPC1</span> <span class="na">VPC1CidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">10.2.0.0/16</span> <span class="na">VPC1PrivateSubnetForEC2CidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">10.2.0.0/24</span> <span class="na">VPC1PrivateSubnetForTransitGatewayAttachmentCidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">10.2.1.0/28</span> <span class="na">ImageId</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">ami-06e46074ae430fba6</span> <span class="na">InstanceType</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">t2.micro</span> <span class="c1"># for 1stAccount</span> <span class="na">1stAccountVPC1CidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">10.1.0.0/16</span> <span class="c1"># Input the same name output value in tgw_account.yml</span> <span class="na">TransitGatewayId</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Resources</span><span class="pi">:</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># TransitGateway</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="na">VPC1TransitGatewayAttachment</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::TransitGatewayAttachment</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">SubnetIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForTransitGatewayAttachment</span> <span class="na">TransitGatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TransitGatewayId</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-transitgatewayattachment-vpc1</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># VPC</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="na">VPC1</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPC</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1CidrBlock</span> <span class="na">InstanceTenancy</span><span class="pi">:</span> <span class="s">default</span> <span class="na">EnableDnsSupport</span><span class="pi">:</span> <span class="no">true</span> <span class="na">EnableDnsHostnames</span><span class="pi">:</span> <span class="no">true</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-vpc1</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># Subnet</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="na">VPC1PrivateSubnetForEC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Subnet</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2CidrBlock</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">AvailabilityZone</span><span class="pi">:</span> <span class="kt">!Select</span> <span class="pi">[</span> <span class="nv">0</span><span class="pi">,</span> <span class="kt">!GetAZs</span> <span class="pi">]</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-subnet-private-vpc1forec2</span> <span class="na">VPC1PrivateSubnetForTransitGatewayAttachment</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Subnet</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForTransitGatewayAttachmentCidrBlock</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">AvailabilityZone</span><span class="pi">:</span> <span class="kt">!Select</span> <span class="pi">[</span> <span class="nv">0</span><span class="pi">,</span> <span class="kt">!GetAZs</span> <span class="pi">]</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-subnet-private-vpc1forec2transitgatewayattachment</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># VPCEndpoint</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="na">VPC1VPCEndpointSSM</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCEndpoint</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">PrivateDnsEnabled</span><span class="pi">:</span> <span class="no">true</span> <span class="na">SecurityGroupIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1VPCEndpointSecurityGroup</span> <span class="na">ServiceName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">com.amazonaws.${AWS::Region}.ssm</span> <span class="na">SubnetIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2</span> <span class="na">VpcEndpointType</span><span class="pi">:</span> <span class="s">Interface</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">VPC1VPCEndpointSSMMessages</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCEndpoint</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">PrivateDnsEnabled</span><span class="pi">:</span> <span class="no">true</span> <span class="na">SecurityGroupIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1VPCEndpointSecurityGroup</span> <span class="na">ServiceName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">com.amazonaws.${AWS::Region}.ssmmessages</span> <span class="na">SubnetIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2</span> <span class="na">VpcEndpointType</span><span class="pi">:</span> <span class="s">Interface</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">VPC1VPCEndpointEC2Messages</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCEndpoint</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">PrivateDnsEnabled</span><span class="pi">:</span> <span class="no">true</span> <span class="na">SecurityGroupIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1VPCEndpointSecurityGroup</span> <span class="na">ServiceName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">com.amazonaws.${AWS::Region}.ec2messages</span> <span class="na">SubnetIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2</span> <span class="na">VpcEndpointType</span><span class="pi">:</span> <span class="s">Interface</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">VPC1VPCEndpointS3</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCEndpoint</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RouteTableIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2RouteTable</span> <span class="na">ServiceName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">com.amazonaws.${AWS::Region}.s3</span> <span class="na">VpcEndpointType</span><span class="pi">:</span> <span class="s">Gateway</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># RouteTable</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="c1"># PrivateSubnetForEC2</span> <span class="na">VPC1PrivateSubnetForEC2RouteTable</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::RouteTable</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-routetable-vpc1privatesubnetforec2</span> <span class="na">VPC1PrivateSubnetForEC2RouteTableAssociation</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SubnetRouteTableAssociation</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">SubnetId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2RouteTable</span> <span class="na">VPC1TransitGatewayRoute</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Route</span> <span class="na">DependsOn</span><span class="pi">:</span> <span class="s">VPC1TransitGatewayAttachment</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2RouteTable</span> <span class="na">DestinationCidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">1stAccountVPC1CidrBlock</span> <span class="na">TransitGatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TransitGatewayId</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># EC2</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="na">VPC1EC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Instance</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">IamInstanceProfile</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">EC2InstanceProfile</span> <span class="na">ImageId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">ImageId</span> <span class="na">InstanceType</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">InstanceType</span> <span class="na">NetworkInterfaces</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">DeviceIndex</span><span class="pi">:</span> <span class="m">0</span> <span class="na">SubnetId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2</span> <span class="na">GroupSet</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1EC2SecurityGroup</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># IAM</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># Role</span> <span class="na">EC2Role</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::IAM::Role</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">AssumeRolePolicyDocument</span><span class="pi">:</span> <span class="na">Version</span><span class="pi">:</span> <span class="s">2012-10-17</span> <span class="na">Statement</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Effect</span><span class="pi">:</span> <span class="s">Allow</span> <span class="na">Action</span><span class="pi">:</span> <span class="s">sts:AssumeRole</span> <span class="na">Principal</span><span class="pi">:</span> <span class="na">Service</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">ec2.amazonaws.com</span> <span class="na">ManagedPolicyArns</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore</span> <span class="c1"># InstanceProfile</span> <span class="na">EC2InstanceProfile</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::IAM::InstanceProfile</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">Path</span><span class="pi">:</span> <span class="s">/</span> <span class="na">Roles</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">EC2Role</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># SecurityGroup</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="c1"># SecurityGroup</span> <span class="na">VPC1VPCEndpointSecurityGroup</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroup</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">GroupName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-securitygroup-vpcendpoint-vpc1</span> <span class="na">GroupDescription</span><span class="pi">:</span> <span class="s">for VPCE</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-securitygroup-vpcendpoint-vpc1</span> <span class="c1"># Ingress</span> <span class="na">VPC1VPCEndpointSecurityGroupIngressEC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroupIngress</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">FromPort</span><span class="pi">:</span> <span class="m">443</span> <span class="na">ToPort</span><span class="pi">:</span> <span class="m">443</span> <span class="na">IpProtocol</span><span class="pi">:</span> <span class="s">tcp</span> <span class="na">SourceSecurityGroupId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1EC2SecurityGroup</span> <span class="na">GroupId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">VPC1VPCEndpointSecurityGroup.GroupId</span> <span class="c1">#------------------------------------------------------------#</span> <span class="c1"># SecurityGroup</span> <span class="na">VPC1EC2SecurityGroup</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroup</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">GroupDescription</span><span class="pi">:</span> <span class="s">VPC1EC2SecurityGroup</span> <span class="na">GroupName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-securitygroup-vpc1ec2</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-securitygroup-vpc1ec2</span> <span class="c1"># Ingress</span> <span class="na">VPC1EC2SecurityGroupIngressFrom1stAccountVPC1CidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroupIngress</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">FromPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">ToPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">IpProtocol</span><span class="pi">:</span> <span class="s">icmp</span> <span class="na">CidrIp</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">1stAccountVPC1CidrBlock</span> <span class="na">GroupId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">VPC1EC2SecurityGroup.GroupId</span> </code></pre> </div> <p>↓<br> Go to the "VPC" console of the tgw account ap-northeast-1 and go to "Transit Gateway Route Table" -&gt; created TGW route table ID -&gt; "Create Static Route" to [10.2.0.0/16] for Peering Attachment Add a route.</p> <h4> Static route addition procedure </h4> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--ZaD6_-hM--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/85e4zyflkb2q9wrbwj0c.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--ZaD6_-hM--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/85e4zyflkb2q9wrbwj0c.png" alt="Image description" width="800" height="102"></a><br> ↓<br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--OyfEwkBg--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/1i1ydjbrzbz2m57b6deu.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--OyfEwkBg--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/1i1ydjbrzbz2m57b6deu.png" alt="Image description" width="800" height="434"></a><br> ↓<br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--SyCktDox--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/ztp12xg24w63vuyoagqy.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--SyCktDox--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/ztp12xg24w63vuyoagqy.png" alt="Image description" width="800" height="582"></a><br> ↓<br> In the same way, go to the "VPC" console on us-east-1 of the tgw account and go to "Transit Gateway Route Table" -&gt; created TGW route table ID -&gt; "Create Static Route" for Peering Attachment at [10.1.0.0/16]. Add a static route for Peering Attachment.</p> <p>The last step of adding a static route was done manually, instead of creating a template for each route.</p> <h3> Execute ping on the EC2 instance to confirm communication </h3> <p>account A's ap-northeast-1 -&gt; account B's us-east-1<br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s---oQn1KaT--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/uspzug5qhrkwzqyc1xt9.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s---oQn1KaT--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/uspzug5qhrkwzqyc1xt9.png" alt="Image description" width="800" height="246"></a></p> <p>account B's us-east-1 -&gt; account A's ap-northeast-1<br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--JDpC53tU--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/34lgy3k4g1mlimx2om49.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--JDpC53tU--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/34lgy3k4g1mlimx2om49.png" alt="Image description" width="800" height="205"></a></p> <p>I was able to confirm communication.</p> <h2> ③Connect different accounts different regions (2 accounts ver.) </h2> <h3> configuration diagram </h3> <ul> <li>Understanding made easyVersion</li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--M9H1hIbi--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/jodhr7js5dnabwvkho7x.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--M9H1hIbi--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/jodhr7js5dnabwvkho7x.png" alt="Image description" width="800" height="1115"></a><br> ↓</p> <ul> <li>It is designed to eliminate wasted space and to keep things in order.</li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--Tu66qA5B--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/hfzprcvkxosfks8ajuro.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--Tu66qA5B--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/hfzprcvkxosfks8ajuro.png" alt="Image description" width="383" height="1333"></a></p> <h3> procedure </h3> <h4> AccountA_1stRegion.yml </h4> <p>Run the following stack on account A ap-northeast-1<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">AWSTemplateFormatVersion</span><span class="pi">:</span> <span class="s">2010-09-09</span> <span class="na">Parameters</span><span class="pi">:</span> <span class="na">PJPrefix</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Environment</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">prd</span> <span class="c1"># for VPC1</span> <span class="na">VPC1CidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">10.1.0.0/16</span> <span class="na">VPC1PrivateSubnetForEC2CidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">10.1.0.0/24</span> <span class="na">VPC1PrivateSubnetForTransitGatewayAttachmentCidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">10.1.1.0/28</span> <span class="na">ImageId</span><span class="pi">:</span> <span class="c1"># EC2のImageId</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">ami-079a2a9ac6ed876fc</span> <span class="na">InstanceType</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">t2.micro</span> <span class="c1"># for 2ndAccount</span> <span class="na">2ndAccountVPC1CidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">10.2.0.0/16</span> <span class="na">Resources</span><span class="pi">:</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># TransitGateway</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="na">TransitGateway</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::TransitGateway</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">AmazonSideAsn</span><span class="pi">:</span> <span class="m">64512</span> <span class="c1"># default value</span> <span class="na">AutoAcceptSharedAttachments</span><span class="pi">:</span> <span class="s">enable</span> <span class="na">DefaultRouteTableAssociation</span><span class="pi">:</span> <span class="s">enable</span> <span class="na">DefaultRouteTablePropagation</span><span class="pi">:</span> <span class="s">enable</span> <span class="na">DnsSupport</span><span class="pi">:</span> <span class="s">enable</span> <span class="na">VpnEcmpSupport</span><span class="pi">:</span> <span class="s">enable</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-transitgateway</span> <span class="na">VPC1TransitGatewayAttachment</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::TransitGatewayAttachment</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">SubnetIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForTransitGatewayAttachment</span> <span class="na">TransitGatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TransitGateway</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-transitgatewayattachment-vpc1</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># VPC</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="na">VPC1</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPC</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1CidrBlock</span> <span class="na">InstanceTenancy</span><span class="pi">:</span> <span class="s">default</span> <span class="na">EnableDnsSupport</span><span class="pi">:</span> <span class="no">true</span> <span class="na">EnableDnsHostnames</span><span class="pi">:</span> <span class="no">true</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-vpc1</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># Subnet</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="na">VPC1PrivateSubnetForEC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Subnet</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2CidrBlock</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">AvailabilityZone</span><span class="pi">:</span> <span class="kt">!Select</span> <span class="pi">[</span> <span class="nv">0</span><span class="pi">,</span> <span class="kt">!GetAZs</span> <span class="pi">]</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-subnet-private-vpc1forec2</span> <span class="na">VPC1PrivateSubnetForTransitGatewayAttachment</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Subnet</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForTransitGatewayAttachmentCidrBlock</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">AvailabilityZone</span><span class="pi">:</span> <span class="kt">!Select</span> <span class="pi">[</span> <span class="nv">0</span><span class="pi">,</span> <span class="kt">!GetAZs</span> <span class="pi">]</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-subnet-private-vpc1forec2transitgatewayattachment</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># VPCEndpoint</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="na">VPC1VPCEndpointSSM</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCEndpoint</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">PrivateDnsEnabled</span><span class="pi">:</span> <span class="no">true</span> <span class="na">SecurityGroupIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1VPCEndpointSecurityGroup</span> <span class="na">ServiceName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">com.amazonaws.${AWS::Region}.ssm</span> <span class="na">SubnetIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2</span> <span class="na">VpcEndpointType</span><span class="pi">:</span> <span class="s">Interface</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">VPC1VPCEndpointSSMMessages</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCEndpoint</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">PrivateDnsEnabled</span><span class="pi">:</span> <span class="no">true</span> <span class="na">SecurityGroupIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1VPCEndpointSecurityGroup</span> <span class="na">ServiceName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">com.amazonaws.${AWS::Region}.ssmmessages</span> <span class="na">SubnetIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2</span> <span class="na">VpcEndpointType</span><span class="pi">:</span> <span class="s">Interface</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">VPC1VPCEndpointEC2Messages</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCEndpoint</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">PrivateDnsEnabled</span><span class="pi">:</span> <span class="no">true</span> <span class="na">SecurityGroupIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1VPCEndpointSecurityGroup</span> <span class="na">ServiceName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">com.amazonaws.${AWS::Region}.ec2messages</span> <span class="na">SubnetIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2</span> <span class="na">VpcEndpointType</span><span class="pi">:</span> <span class="s">Interface</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">VPC1VPCEndpointS3</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCEndpoint</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RouteTableIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2RouteTable</span> <span class="na">ServiceName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">com.amazonaws.${AWS::Region}.s3</span> <span class="na">VpcEndpointType</span><span class="pi">:</span> <span class="s">Gateway</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># RouteTable</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="c1"># PrivateSubnetForEC2</span> <span class="na">VPC1PrivateSubnetForEC2RouteTable</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::RouteTable</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-routetable-vpc1privatesubnetforec2</span> <span class="na">VPC1PrivateSubnetForEC2RouteTableAssociation</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SubnetRouteTableAssociation</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">SubnetId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2RouteTable</span> <span class="na">VPC1TransitGatewayRoute</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Route</span> <span class="na">DependsOn</span><span class="pi">:</span> <span class="s">VPC1TransitGatewayAttachment</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2RouteTable</span> <span class="na">DestinationCidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">2ndAccountVPC1CidrBlock</span> <span class="na">TransitGatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TransitGateway</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># EC2</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="na">VPC1EC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Instance</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">IamInstanceProfile</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">EC2InstanceProfile</span> <span class="na">ImageId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">ImageId</span> <span class="na">InstanceType</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">InstanceType</span> <span class="na">NetworkInterfaces</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">DeviceIndex</span><span class="pi">:</span> <span class="m">0</span> <span class="na">SubnetId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2</span> <span class="na">GroupSet</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1EC2SecurityGroup</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># IAM</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># Role</span> <span class="na">EC2Role</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::IAM::Role</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">AssumeRolePolicyDocument</span><span class="pi">:</span> <span class="na">Version</span><span class="pi">:</span> <span class="s">2012-10-17</span> <span class="na">Statement</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Effect</span><span class="pi">:</span> <span class="s">Allow</span> <span class="na">Action</span><span class="pi">:</span> <span class="s">sts:AssumeRole</span> <span class="na">Principal</span><span class="pi">:</span> <span class="na">Service</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">ec2.amazonaws.com</span> <span class="na">ManagedPolicyArns</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore</span> <span class="c1"># InstanceProfile</span> <span class="na">EC2InstanceProfile</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::IAM::InstanceProfile</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">Path</span><span class="pi">:</span> <span class="s">/</span> <span class="na">Roles</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">EC2Role</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># SecurityGroup</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="c1"># SecurityGroup</span> <span class="na">VPC1VPCEndpointSecurityGroup</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroup</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">GroupName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-securitygroup-vpcendpoint-vpc1</span> <span class="na">GroupDescription</span><span class="pi">:</span> <span class="s">for VPCE</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-securitygroup-vpcendpoint-vpc1</span> <span class="c1"># Ingress</span> <span class="na">VPC1VPCEndpointSecurityGroupIngressEC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroupIngress</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">FromPort</span><span class="pi">:</span> <span class="m">443</span> <span class="na">ToPort</span><span class="pi">:</span> <span class="m">443</span> <span class="na">IpProtocol</span><span class="pi">:</span> <span class="s">tcp</span> <span class="na">SourceSecurityGroupId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1EC2SecurityGroup</span> <span class="na">GroupId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">VPC1VPCEndpointSecurityGroup.GroupId</span> <span class="c1">#------------------------------------------------------------#</span> <span class="c1"># SecurityGroup</span> <span class="na">VPC1EC2SecurityGroup</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroup</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">GroupDescription</span><span class="pi">:</span> <span class="s">VPC1EC2SecurityGroup</span> <span class="na">GroupName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-securitygroup-vpc1ec2</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-securitygroup-vpc1ec2</span> <span class="c1"># Ingress</span> <span class="na">VPC1EC2SecurityGroupIngressFrom2ndAccountVPC1CidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroupIngress</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">FromPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">ToPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">IpProtocol</span><span class="pi">:</span> <span class="s">icmp</span> <span class="na">CidrIp</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">2ndAccountVPC1CidrBlock</span> <span class="na">GroupId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">VPC1EC2SecurityGroup.GroupId</span> <span class="na">Outputs</span><span class="pi">:</span> <span class="na">PeerRegion</span><span class="pi">:</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">AWS::Region</span> <span class="na">PeerTransitGatewayId</span><span class="pi">:</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TransitGateway</span> </code></pre> </div> <p>↓ </p> <h4> AccountA_2ndRegion.yml </h4> <p>Run the following stack on account A, us-east-1<br> *Please enter the ID of AccountB in the parameter value "AccountBId" and the same name output value of AccountA_1stRegion.yml in "PeerRegion" and "PeerTransitGatewayId".<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">AWSTemplateFormatVersion</span><span class="pi">:</span> <span class="s2">"</span><span class="s">2010-09-09"</span> <span class="na">Parameters</span><span class="pi">:</span> <span class="na">PJPrefix</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Environment</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">prd</span> <span class="na">AccountBId</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">PeerRegion</span><span class="pi">:</span> <span class="c1"># Input the same name output value of the 1st region's stack</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">PeerTransitGatewayId</span><span class="pi">:</span> <span class="c1"># Input the same name output value of the 1st region's stack</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Resources</span><span class="pi">:</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># RAM</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="na">ResourceShare</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::RAM::ResourceShare</span> <span class="na">DependsOn</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">TransitGateway</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">Name</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-ram</span> <span class="na">ResourceArns</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Sub</span> <span class="s">arn:aws:ec2:${AWS::Region}:${AWS::AccountId}:transit-gateway/${TransitGateway}</span> <span class="na">Principals</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">AccountBId</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-ram-for-account-b</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># TransitGateway</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="na">TransitGateway</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::TransitGateway</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">AmazonSideAsn</span><span class="pi">:</span> <span class="m">64512</span> <span class="c1"># default value</span> <span class="na">AutoAcceptSharedAttachments</span><span class="pi">:</span> <span class="s">enable</span> <span class="na">DefaultRouteTableAssociation</span><span class="pi">:</span> <span class="s">enable</span> <span class="na">DefaultRouteTablePropagation</span><span class="pi">:</span> <span class="s">enable</span> <span class="na">DnsSupport</span><span class="pi">:</span> <span class="s">enable</span> <span class="na">VpnEcmpSupport</span><span class="pi">:</span> <span class="s">enable</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-transitgateway-for-account-b</span> <span class="na">TransitGatewayPeeringAttachment</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::TransitGatewayPeeringAttachment</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">PeerAccountId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">AWS::AccountId</span> <span class="na">PeerRegion</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">PeerRegion</span> <span class="na">PeerTransitGatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">PeerTransitGatewayId</span> <span class="na">TransitGatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TransitGateway</span> <span class="na">Outputs</span><span class="pi">:</span> <span class="na">TransitGatewayId</span><span class="pi">:</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TransitGateway</span> </code></pre> </div> <p>↓<br> In the "Transit Gateway Attachment" of the "VPC" console of account A's ap-northeast1, select the Peering Attachment that is in the "Pending Acceptance" state under "Action" -&gt; "Transit Gateway Accept Attachment".<br> ↓<br> Go to the "RAM" console of account B us-east-1 and accept the resource sharing.<br> ↓</p> <h4> AccountB_2ndRegion.yml </h4> <p>Go to the "Cloudformation" console of account B's us-east-1 and execute the following template</p> <p>*Please copy and paste the "TransitGatewayId" parameter value from the AccountA_2ndRegion.yml stack with the same name output value.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">AWSTemplateFormatVersion</span><span class="pi">:</span> <span class="s">2010-09-09</span> <span class="na">Parameters</span><span class="pi">:</span> <span class="na">PJPrefix</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Environment</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">prd</span> <span class="c1"># for VPC1</span> <span class="na">VPC1CidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">10.2.0.0/16</span> <span class="na">VPC1PrivateSubnetForEC2CidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">10.2.0.0/24</span> <span class="na">VPC1PrivateSubnetForTransitGatewayAttachmentCidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">10.2.1.0/28</span> <span class="na">ImageId</span><span class="pi">:</span> <span class="c1"># EC2のImageId</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">ami-06e46074ae430fba6</span> <span class="na">InstanceType</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">t2.micro</span> <span class="c1"># for 1stAccount</span> <span class="na">1stAccountVPC1CidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">10.1.0.0/16</span> <span class="c1"># Input the same name output value in AccountB_2ndRegion.yml</span> <span class="na">TransitGatewayId</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Resources</span><span class="pi">:</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># TransitGateway</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="na">VPC1TransitGatewayAttachment</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::TransitGatewayAttachment</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">SubnetIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForTransitGatewayAttachment</span> <span class="na">TransitGatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TransitGatewayId</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-transitgatewayattachment-vpc1</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># VPC</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="na">VPC1</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPC</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1CidrBlock</span> <span class="na">InstanceTenancy</span><span class="pi">:</span> <span class="s">default</span> <span class="na">EnableDnsSupport</span><span class="pi">:</span> <span class="no">true</span> <span class="na">EnableDnsHostnames</span><span class="pi">:</span> <span class="no">true</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-vpc1</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># Subnet</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="na">VPC1PrivateSubnetForEC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Subnet</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2CidrBlock</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">AvailabilityZone</span><span class="pi">:</span> <span class="kt">!Select</span> <span class="pi">[</span> <span class="nv">0</span><span class="pi">,</span> <span class="kt">!GetAZs</span> <span class="pi">]</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-subnet-private-vpc1forec2</span> <span class="na">VPC1PrivateSubnetForTransitGatewayAttachment</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Subnet</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForTransitGatewayAttachmentCidrBlock</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">AvailabilityZone</span><span class="pi">:</span> <span class="kt">!Select</span> <span class="pi">[</span> <span class="nv">0</span><span class="pi">,</span> <span class="kt">!GetAZs</span> <span class="pi">]</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-subnet-private-vpc1forec2transitgatewayattachment</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># VPCEndpoint</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="na">VPC1VPCEndpointSSM</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCEndpoint</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">PrivateDnsEnabled</span><span class="pi">:</span> <span class="no">true</span> <span class="na">SecurityGroupIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1VPCEndpointSecurityGroup</span> <span class="na">ServiceName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">com.amazonaws.${AWS::Region}.ssm</span> <span class="na">SubnetIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2</span> <span class="na">VpcEndpointType</span><span class="pi">:</span> <span class="s">Interface</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">VPC1VPCEndpointSSMMessages</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCEndpoint</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">PrivateDnsEnabled</span><span class="pi">:</span> <span class="no">true</span> <span class="na">SecurityGroupIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1VPCEndpointSecurityGroup</span> <span class="na">ServiceName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">com.amazonaws.${AWS::Region}.ssmmessages</span> <span class="na">SubnetIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2</span> <span class="na">VpcEndpointType</span><span class="pi">:</span> <span class="s">Interface</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">VPC1VPCEndpointEC2Messages</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCEndpoint</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">PrivateDnsEnabled</span><span class="pi">:</span> <span class="no">true</span> <span class="na">SecurityGroupIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1VPCEndpointSecurityGroup</span> <span class="na">ServiceName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">com.amazonaws.${AWS::Region}.ec2messages</span> <span class="na">SubnetIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2</span> <span class="na">VpcEndpointType</span><span class="pi">:</span> <span class="s">Interface</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">VPC1VPCEndpointS3</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCEndpoint</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RouteTableIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2RouteTable</span> <span class="na">ServiceName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">com.amazonaws.${AWS::Region}.s3</span> <span class="na">VpcEndpointType</span><span class="pi">:</span> <span class="s">Gateway</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># RouteTable</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="c1"># PrivateSubnetForEC2</span> <span class="na">VPC1PrivateSubnetForEC2RouteTable</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::RouteTable</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-routetable-vpc1privatesubnetforec2</span> <span class="na">VPC1PrivateSubnetForEC2RouteTableAssociation</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SubnetRouteTableAssociation</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">SubnetId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2RouteTable</span> <span class="na">VPC1TransitGatewayRoute</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Route</span> <span class="na">DependsOn</span><span class="pi">:</span> <span class="s">VPC1TransitGatewayAttachment</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2RouteTable</span> <span class="na">DestinationCidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">1stAccountVPC1CidrBlock</span> <span class="na">TransitGatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TransitGatewayId</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># EC2</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="na">VPC1EC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Instance</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">IamInstanceProfile</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">EC2InstanceProfile</span> <span class="na">ImageId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">ImageId</span> <span class="na">InstanceType</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">InstanceType</span> <span class="na">NetworkInterfaces</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">DeviceIndex</span><span class="pi">:</span> <span class="m">0</span> <span class="na">SubnetId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2</span> <span class="na">GroupSet</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1EC2SecurityGroup</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># IAM</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># Role</span> <span class="na">EC2Role</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::IAM::Role</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">AssumeRolePolicyDocument</span><span class="pi">:</span> <span class="na">Version</span><span class="pi">:</span> <span class="s">2012-10-17</span> <span class="na">Statement</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Effect</span><span class="pi">:</span> <span class="s">Allow</span> <span class="na">Action</span><span class="pi">:</span> <span class="s">sts:AssumeRole</span> <span class="na">Principal</span><span class="pi">:</span> <span class="na">Service</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">ec2.amazonaws.com</span> <span class="na">ManagedPolicyArns</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore</span> <span class="c1"># InstanceProfile</span> <span class="na">EC2InstanceProfile</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::IAM::InstanceProfile</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">Path</span><span class="pi">:</span> <span class="s">/</span> <span class="na">Roles</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">EC2Role</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># SecurityGroup</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="c1"># SecurityGroup</span> <span class="na">VPC1VPCEndpointSecurityGroup</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroup</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">GroupName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-securitygroup-vpcendpoint-vpc1</span> <span class="na">GroupDescription</span><span class="pi">:</span> <span class="s">for VPCE</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-securitygroup-vpcendpoint-vpc1</span> <span class="c1"># Ingress</span> <span class="na">VPC1VPCEndpointSecurityGroupIngressEC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroupIngress</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">FromPort</span><span class="pi">:</span> <span class="m">443</span> <span class="na">ToPort</span><span class="pi">:</span> <span class="m">443</span> <span class="na">IpProtocol</span><span class="pi">:</span> <span class="s">tcp</span> <span class="na">SourceSecurityGroupId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1EC2SecurityGroup</span> <span class="na">GroupId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">VPC1VPCEndpointSecurityGroup.GroupId</span> <span class="c1">#------------------------------------------------------------#</span> <span class="c1"># SecurityGroup</span> <span class="na">VPC1EC2SecurityGroup</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroup</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">GroupDescription</span><span class="pi">:</span> <span class="s">VPC1EC2SecurityGroup</span> <span class="na">GroupName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-securitygroup-vpc1ec2</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-securitygroup-vpc1ec2</span> <span class="c1"># Ingress</span> <span class="na">VPC1EC2SecurityGroupIngressFrom1stAccountVPC1CidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroupIngress</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">FromPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">ToPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">IpProtocol</span><span class="pi">:</span> <span class="s">icmp</span> <span class="na">CidrIp</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">1stAccountVPC1CidrBlock</span> <span class="na">GroupId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">VPC1EC2SecurityGroup.GroupId</span> </code></pre> </div> <p>↓<br> Go to the "VPC" console of account A ap-northeast-1 and go to "Transit Gateway Route Table" -&gt; created TGW route table ID -&gt; "Create Static Route" and add a static route for Peering Attachment at [10.2.0.0/16]. Add a static route for Peering Attachment at [10.2.0.0.0/16].<br> ↓<br> Go to the "VPC" console of account A us-east-1 and add a static route for Peering Attachment at [10.1.0.0/16] under "Transit Gateway Route Table" -&gt; created TGW Route Table ID -&gt; "Create Static Route". Add a static route for Peering Attachment.</p> <h2> Execute ping on the EC2 instance to confirm communication </h2> <p>account A's ap-northeast-1 -&gt; account B's us-east-1<br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--tOFnXeXz--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/bldvyxm22i321nw22mw3.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--tOFnXeXz--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/bldvyxm22i321nw22mw3.png" alt="Image description" width="800" height="234"></a></p> <p>account B's us-east-1 -&gt; account A's ap-northeast-1</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--xrmqZZRE--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/c74ok6xv5hc5k90dx7cq.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--xrmqZZRE--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/c74ok6xv5hc5k90dx7cq.png" alt="Image description" width="800" height="207"></a></p> <p>I was able to confirm communication.</p> <h2> That was all. </h2> <p>Thank you for reading.</p> Creating AWS Transit Gateway with CloudFormation ~intra-region and inter-region yushi kato/mjxo Mon, 28 Aug 2023 05:45:27 +0000 https://dev.to/aws-builders/creating-aws-transit-gateway-with-cloudformation-intra-region-and-inter-region-1dj3 https://dev.to/aws-builders/creating-aws-transit-gateway-with-cloudformation-intra-region-and-inter-region-1dj3 <h2> The first thing I want to tell you </h2> <p>Some of the screenshots in this article are in my native language, Japanese.</p> <p>However, it is my opinion that if the order is followed, there will be no significant difference in the indications.</p> <p>I hope this article will be of help to you.</p> <h2> What is TransitGateway? </h2> <blockquote> <p>Transit Gateway is a network relay hub that can be used to interconnect virtual private clouds (VPC) and on-premise networks.</p> </blockquote> <p>For more information about TransitGateway, please refer to <a href="https://docs.aws.amazon.com/ja_jp/vpc/latest/tgw/what-is-transit-gateway.html">official documentation</a>.</p> <h2> Preface </h2> <p>This article does not go into setting up dynamic propagation and account crossing.</p> <h2> ① Between different VPCs in the same region </h2> <p>Ping is sent between two VPCs in the same region via TransitGateway to check the communication between the EC2s on the private side.</p> <h3> configuration diagram </h3> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--LILSTSuJ--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/v4ya1aus2bu0gjr847bh.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--LILSTSuJ--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/v4ya1aus2bu0gjr847bh.png" alt="Image description" width="744" height="495"></a></p> <h3> Template </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">AWSTemplateFormatVersion</span><span class="pi">:</span> <span class="s">2010-09-09</span> <span class="na">Parameters</span><span class="pi">:</span> <span class="na">PJPrefix</span><span class="pi">:</span> <span class="c1"># </span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Environment</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">prd</span> <span class="c1"># for VPC1</span> <span class="na">VPC1CidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">10.1.0.0/16</span> <span class="na">VPC1PrivateSubnetForEC2CidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">10.1.0.0/24</span> <span class="na">VPC1PrivateSubnetForTransitGatewayAttachmentCidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">10.1.1.0/28</span> <span class="c1"># for VPC2</span> <span class="na">VPC2CidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">10.2.0.0/16</span> <span class="na">VPC2PrivateSubnetForEC2CidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">10.2.0.0/24</span> <span class="na">VPC2PrivateSubnetForTransitGatewayAttachmentCidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">10.2.1.0/28</span> <span class="na">ImageId</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">ami-079a2a9ac6ed876fc</span> <span class="na">InstanceType</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">t2.micro</span> <span class="na">Resources</span><span class="pi">:</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># TransitGateway</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="na">TransitGateway</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::TransitGateway</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">AutoAcceptSharedAttachments</span><span class="pi">:</span> <span class="s">enable</span> <span class="na">DefaultRouteTableAssociation</span><span class="pi">:</span> <span class="s">enable</span> <span class="na">DefaultRouteTablePropagation</span><span class="pi">:</span> <span class="s">enable</span> <span class="na">VpnEcmpSupport</span><span class="pi">:</span> <span class="s">enable</span> <span class="na">DnsSupport</span><span class="pi">:</span> <span class="s">enable</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-transitgateway</span> <span class="c1"># for VPC1</span> <span class="na">VPC1TransitGatewayAttachment</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::TransitGatewayAttachment</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">SubnetIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForTransitGatewayAttachment</span> <span class="na">TransitGatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TransitGateway</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-transitgatewayattachment-vpc1</span> <span class="c1"># for VPC2</span> <span class="na">VPC2TransitGatewayAttachment</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::TransitGatewayAttachment</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">SubnetIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForTransitGatewayAttachment</span> <span class="na">TransitGatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TransitGateway</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-transitgatewayattachment-vpc2</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># VPC</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="na">VPC1</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPC</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1CidrBlock</span> <span class="na">InstanceTenancy</span><span class="pi">:</span> <span class="s">default</span> <span class="na">EnableDnsSupport</span><span class="pi">:</span> <span class="no">true</span> <span class="na">EnableDnsHostnames</span><span class="pi">:</span> <span class="no">true</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-vpc1</span> <span class="c1"># for VPC2</span> <span class="na">VPC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPC</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2CidrBlock</span> <span class="na">InstanceTenancy</span><span class="pi">:</span> <span class="s">default</span> <span class="na">EnableDnsSupport</span><span class="pi">:</span> <span class="no">true</span> <span class="na">EnableDnsHostnames</span><span class="pi">:</span> <span class="no">true</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-vpc2</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># Subnet</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="na">VPC1PrivateSubnetForEC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Subnet</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2CidrBlock</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">AvailabilityZone</span><span class="pi">:</span> <span class="kt">!Select</span> <span class="pi">[</span> <span class="nv">0</span><span class="pi">,</span> <span class="kt">!GetAZs</span> <span class="pi">]</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-subnet-private-vpc1forec2</span> <span class="na">VPC1PrivateSubnetForTransitGatewayAttachment</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Subnet</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForTransitGatewayAttachmentCidrBlock</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">AvailabilityZone</span><span class="pi">:</span> <span class="kt">!Select</span> <span class="pi">[</span> <span class="nv">0</span><span class="pi">,</span> <span class="kt">!GetAZs</span> <span class="pi">]</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-subnet-private-vpc1forec2transitgatewayattachment</span> <span class="c1"># for VPC2</span> <span class="na">VPC2PrivateSubnetForEC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Subnet</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForEC2CidrBlock</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2</span> <span class="na">AvailabilityZone</span><span class="pi">:</span> <span class="kt">!Select</span> <span class="pi">[</span> <span class="nv">0</span><span class="pi">,</span> <span class="kt">!GetAZs</span> <span class="pi">]</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-subnet-private-vpc2forec2</span> <span class="na">VPC2PrivateSubnetForTransitGatewayAttachment</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Subnet</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForTransitGatewayAttachmentCidrBlock</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2</span> <span class="na">AvailabilityZone</span><span class="pi">:</span> <span class="kt">!Select</span> <span class="pi">[</span> <span class="nv">0</span><span class="pi">,</span> <span class="kt">!GetAZs</span> <span class="pi">]</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-subnet-private-vpc2forec2transitgatewayattachment</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># VPCEndpoint</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="na">VPC1VPCEndpointSSM</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCEndpoint</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">PrivateDnsEnabled</span><span class="pi">:</span> <span class="no">true</span> <span class="na">SecurityGroupIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1VPCEndpointSecurityGroup</span> <span class="na">ServiceName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">com.amazonaws.${AWS::Region}.ssm</span> <span class="na">SubnetIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2</span> <span class="na">VpcEndpointType</span><span class="pi">:</span> <span class="s">Interface</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">VPC1VPCEndpointSSMMessages</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCEndpoint</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">PrivateDnsEnabled</span><span class="pi">:</span> <span class="no">true</span> <span class="na">SecurityGroupIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1VPCEndpointSecurityGroup</span> <span class="na">ServiceName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">com.amazonaws.${AWS::Region}.ssmmessages</span> <span class="na">SubnetIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2</span> <span class="na">VpcEndpointType</span><span class="pi">:</span> <span class="s">Interface</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">VPC1VPCEndpointEC2Messages</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCEndpoint</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">PrivateDnsEnabled</span><span class="pi">:</span> <span class="no">true</span> <span class="na">SecurityGroupIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1VPCEndpointSecurityGroup</span> <span class="na">ServiceName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">com.amazonaws.${AWS::Region}.ec2messages</span> <span class="na">SubnetIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2</span> <span class="na">VpcEndpointType</span><span class="pi">:</span> <span class="s">Interface</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">VPC1VPCEndpointS3</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCEndpoint</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RouteTableIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2RouteTable</span> <span class="na">ServiceName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">com.amazonaws.${AWS::Region}.s3</span> <span class="na">VpcEndpointType</span><span class="pi">:</span> <span class="s">Gateway</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="c1"># for VPC2</span> <span class="na">VPC2VPCEndpointSSM</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCEndpoint</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">PrivateDnsEnabled</span><span class="pi">:</span> <span class="no">true</span> <span class="na">SecurityGroupIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC2VPCEndpointSecurityGroup</span> <span class="na">ServiceName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">com.amazonaws.${AWS::Region}.ssm</span> <span class="na">SubnetIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForEC2</span> <span class="na">VpcEndpointType</span><span class="pi">:</span> <span class="s">Interface</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2</span> <span class="na">VPC2VPCEndpointSSMMessages</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCEndpoint</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">PrivateDnsEnabled</span><span class="pi">:</span> <span class="no">true</span> <span class="na">SecurityGroupIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC2VPCEndpointSecurityGroup</span> <span class="na">ServiceName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">com.amazonaws.${AWS::Region}.ssmmessages</span> <span class="na">SubnetIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForEC2</span> <span class="na">VpcEndpointType</span><span class="pi">:</span> <span class="s">Interface</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2</span> <span class="na">VPC2VPCEndpointEC2Messages</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCEndpoint</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">PrivateDnsEnabled</span><span class="pi">:</span> <span class="no">true</span> <span class="na">SecurityGroupIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC2VPCEndpointSecurityGroup</span> <span class="na">ServiceName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">com.amazonaws.${AWS::Region}.ec2messages</span> <span class="na">SubnetIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForEC2</span> <span class="na">VpcEndpointType</span><span class="pi">:</span> <span class="s">Interface</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2</span> <span class="na">VPC2VPCEndpointS3</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCEndpoint</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RouteTableIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForEC2RouteTable</span> <span class="na">ServiceName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">com.amazonaws.${AWS::Region}.s3</span> <span class="na">VpcEndpointType</span><span class="pi">:</span> <span class="s">Gateway</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># RouteTable</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="c1"># PrivateSubnetForEC2</span> <span class="na">VPC1PrivateSubnetForEC2RouteTable</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::RouteTable</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-routetable-vpc1privatesubnetforec2</span> <span class="na">VPC1PrivateSubnetForEC2RouteTableAssociation</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SubnetRouteTableAssociation</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">SubnetId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2RouteTable</span> <span class="na">VPC1TransitGatewayRoute</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Route</span> <span class="na">DependsOn</span><span class="pi">:</span> <span class="s">VPC1TransitGatewayAttachment</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2RouteTable</span> <span class="na">DestinationCidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2CidrBlock</span> <span class="na">TransitGatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TransitGateway</span> <span class="c1"># for VPC2</span> <span class="c1"># PrivateSubnetForEC2</span> <span class="na">VPC2PrivateSubnetForEC2RouteTable</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::RouteTable</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-routetable--vpc2privatesubnetforec2</span> <span class="na">VPC2PrivateSubnetForEC2RouteTableAssociation</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SubnetRouteTableAssociation</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">SubnetId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForEC2</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForEC2RouteTable</span> <span class="na">VPC2TransitGatewayRoute</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Route</span> <span class="na">DependsOn</span><span class="pi">:</span> <span class="s">VPC2TransitGatewayAttachment</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForEC2RouteTable</span> <span class="na">DestinationCidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1CidrBlock</span> <span class="na">TransitGatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TransitGateway</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># EC2</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="na">VPC1EC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Instance</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">IamInstanceProfile</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">EC2InstanceProfile</span> <span class="na">ImageId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">ImageId</span> <span class="na">InstanceType</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">InstanceType</span> <span class="na">NetworkInterfaces</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">DeviceIndex</span><span class="pi">:</span> <span class="m">0</span> <span class="na">SubnetId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2</span> <span class="na">GroupSet</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1EC2SecurityGroup</span> <span class="c1"># for VPC2</span> <span class="na">VPC2EC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Instance</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">IamInstanceProfile</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">EC2InstanceProfile</span> <span class="na">ImageId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">ImageId</span> <span class="na">InstanceType</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">InstanceType</span> <span class="na">NetworkInterfaces</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">DeviceIndex</span><span class="pi">:</span> <span class="m">0</span> <span class="na">SubnetId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForEC2</span> <span class="na">GroupSet</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC2EC2SecurityGroup</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># IAM</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># Role</span> <span class="na">EC2Role</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::IAM::Role</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">AssumeRolePolicyDocument</span><span class="pi">:</span> <span class="na">Version</span><span class="pi">:</span> <span class="s">2012-10-17</span> <span class="na">Statement</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Effect</span><span class="pi">:</span> <span class="s">Allow</span> <span class="na">Action</span><span class="pi">:</span> <span class="s">sts:AssumeRole</span> <span class="na">Principal</span><span class="pi">:</span> <span class="na">Service</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">ec2.amazonaws.com</span> <span class="na">ManagedPolicyArns</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore</span> <span class="c1"># InstanceProfile</span> <span class="na">EC2InstanceProfile</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::IAM::InstanceProfile</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">Path</span><span class="pi">:</span> <span class="s">/</span> <span class="na">Roles</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">EC2Role</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># SecurityGroup</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="c1"># SecurityGroup</span> <span class="na">VPC1VPCEndpointSecurityGroup</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroup</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">GroupName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-securitygroup-vpcendpoint-vpc1</span> <span class="na">GroupDescription</span><span class="pi">:</span> <span class="s">for VPCE</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-securitygroup-vpcendpoint-vpc1</span> <span class="c1"># Ingress</span> <span class="na">VPC1VPCEndpointSecurityGroupIngressEC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroupIngress</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">FromPort</span><span class="pi">:</span> <span class="m">443</span> <span class="na">ToPort</span><span class="pi">:</span> <span class="m">443</span> <span class="na">IpProtocol</span><span class="pi">:</span> <span class="s">tcp</span> <span class="na">SourceSecurityGroupId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1EC2SecurityGroup</span> <span class="na">GroupId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">VPC1VPCEndpointSecurityGroup.GroupId</span> <span class="c1"># SecurityGroup</span> <span class="na">VPC1EC2SecurityGroup</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroup</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">GroupDescription</span><span class="pi">:</span> <span class="s">VPC1EC2SecurityGroup</span> <span class="na">GroupName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-securitygroup-vpc1ec2</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-securitygroup-vpc1ec2</span> <span class="c1"># Ingress</span> <span class="na">VPC1EC2SecurityGroupIngressforPing</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroupIngress</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">FromPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">ToPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">IpProtocol</span><span class="pi">:</span> <span class="s">icmp</span> <span class="na">CidrIp</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2CidrBlock</span> <span class="na">GroupId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">VPC1EC2SecurityGroup.GroupId</span> <span class="c1"># for VPC2</span> <span class="c1"># SecurityGroup</span> <span class="na">VPC2VPCEndpointSecurityGroup</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroup</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2</span> <span class="na">GroupName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-securitygroup-vpcendpoint-vpc2</span> <span class="na">GroupDescription</span><span class="pi">:</span> <span class="s">for VPCE</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-securitygroup-vpcendpoint-vpc2</span> <span class="c1"># Ingress</span> <span class="na">VPC2VPCEndpointSecurityGroupIngressEC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroupIngress</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">FromPort</span><span class="pi">:</span> <span class="m">443</span> <span class="na">ToPort</span><span class="pi">:</span> <span class="m">443</span> <span class="na">IpProtocol</span><span class="pi">:</span> <span class="s">tcp</span> <span class="na">SourceSecurityGroupId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2EC2SecurityGroup</span> <span class="na">GroupId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">VPC2VPCEndpointSecurityGroup.GroupId</span> <span class="c1"># SecurityGroup</span> <span class="na">VPC2EC2SecurityGroup</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroup</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">GroupDescription</span><span class="pi">:</span> <span class="s">VPC2EC2SecurityGroup</span> <span class="na">GroupName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-securitygroup-vpc2ec2</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-securitygroup-vpc2ec2</span> <span class="c1"># Ingress</span> <span class="na">VPC2EC2SecurityGroupIngressforPing</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroupIngress</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">FromPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">ToPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">IpProtocol</span><span class="pi">:</span> <span class="s">icmp</span> <span class="na">CidrIp</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1CidrBlock</span> <span class="na">GroupId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">VPC2EC2SecurityGroup.GroupId</span> </code></pre> </div> <h3> Check the management console </h3> <p>Check the results.</p> <h4> TransitGateway (VPC) Console </h4> <p>TransitGateway<br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--yPHFSeSS--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/vqsf2oygxwqqifc0amtw.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--yPHFSeSS--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/vqsf2oygxwqqifc0amtw.png" alt="Image description" width="800" height="228"></a><br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--ySxRUvLw--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/qdwvbm3x4vvnncvukeu5.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--ySxRUvLw--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/qdwvbm3x4vvnncvukeu5.png" alt="Image description" width="800" height="209"></a></p> <p>TransitGateway Attachment</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--hl3iiHB6--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/itqd6vtlbojq4945vzzh.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--hl3iiHB6--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/itqd6vtlbojq4945vzzh.png" alt="Image description" width="800" height="79"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--ZwbZ0tyA--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/qjt5ejuza6vk8bwoj9d9.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--ZwbZ0tyA--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/qjt5ejuza6vk8bwoj9d9.png" alt="Image description" width="800" height="195"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--10s9fxQy--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/rnvpb6uzb84bmiz3977q.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--10s9fxQy--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/rnvpb6uzb84bmiz3977q.png" alt="Image description" width="800" height="193"></a></p> <p>TransitGateway Route Table</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--arYfmOsU--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/qsvmrufc6loppgtva26a.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--arYfmOsU--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/qsvmrufc6loppgtva26a.png" alt="Image description" width="800" height="95"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--PF5n8zmw--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/xs1gnpcepejmaltdw2en.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--PF5n8zmw--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/xs1gnpcepejmaltdw2en.png" alt="Image description" width="800" height="131"></a></p> <ul> <li><p>association<br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--b4m79QMH--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/wqxf5qrajx2lq8f43sdh.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--b4m79QMH--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/wqxf5qrajx2lq8f43sdh.png" alt="Image description" width="800" height="246"></a></p></li> <li><p>attachment<br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--NkXy-t9i--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/hhdyeq0j1qyljwtpo5nz.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--NkXy-t9i--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/hhdyeq0j1qyljwtpo5nz.png" alt="Image description" width="800" height="254"></a></p></li> <li><p>Route<br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--oV2Pfgyf--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/9f0h2elsw2176uflbz7w.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--oV2Pfgyf--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/9f0h2elsw2176uflbz7w.png" alt="Image description" width="800" height="110"></a></p></li> </ul> <h4> Ping between EC2 </h4> <p>Ping from each instance.</p> <p>VPC1 to VPC2</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--JrgjDJXt--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/hfz022plgy91e432tyyw.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--JrgjDJXt--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/hfz022plgy91e432tyyw.png" alt="Image description" width="800" height="232"></a></p> <p>VPC2 to VPC1<br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--4oSsy_Ph--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/8eqv1kq4yhx10cmgiqmi.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--4oSsy_Ph--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/8eqv1kq4yhx10cmgiqmi.png" alt="Image description" width="800" height="241"></a></p> <p>I was able to confirm the communication successfully.</p> <h2> ②Inter-Region Peering </h2> <p>Next, let's check the EC2 communication between the Tokyo region and the Northern Virginia region.</p> <p>Although it would be fine to use one VPC for each, this time we will create the environment in ① in each of the four EC2s in the respective regions to ensure communication between the four EC2s.</p> <h3> configuration diagram </h3> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--aBcYExb_--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/hjr4vzu302vltjdhg3uy.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--aBcYExb_--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/hjr4vzu302vltjdhg3uy.png" alt="Image description" width="744" height="889"></a></p> <h4> 1stRegion.yml </h4> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">AWSTemplateFormatVersion</span><span class="pi">:</span> <span class="s">2010-09-09</span> <span class="na">Parameters</span><span class="pi">:</span> <span class="na">PJPrefix</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Environment</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">prd</span> <span class="c1"># for VPC1</span> <span class="na">VPC1CidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">10.1.0.0/16</span> <span class="na">VPC1PrivateSubnetForEC2CidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">10.1.0.0/24</span> <span class="na">VPC1PrivateSubnetForTransitGatewayAttachmentCidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">10.1.1.0/28</span> <span class="c1"># for VPC2</span> <span class="na">VPC2CidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">10.2.0.0/16</span> <span class="na">VPC2PrivateSubnetForEC2CidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">10.2.0.0/24</span> <span class="na">VPC2PrivateSubnetForTransitGatewayAttachmentCidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">10.2.1.0/28</span> <span class="c1"># for Both EC2</span> <span class="na">ImageId</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">ami-079a2a9ac6ed876fc</span> <span class="na">InstanceType</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">t2.micro</span> <span class="c1"># for 2ndRegion</span> <span class="c1"># for VPC1</span> <span class="na">2ndRegionVPC1CidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">10.3.0.0/16</span> <span class="c1"># for VPC2</span> <span class="na">2ndRegionVPC2CidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">10.4.0.0/16</span> <span class="na">Resources</span><span class="pi">:</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># TransitGateway</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="na">TransitGateway</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::TransitGateway</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">AutoAcceptSharedAttachments</span><span class="pi">:</span> <span class="s">enable</span> <span class="na">DefaultRouteTableAssociation</span><span class="pi">:</span> <span class="s">enable</span> <span class="na">DefaultRouteTablePropagation</span><span class="pi">:</span> <span class="s">enable</span> <span class="na">VpnEcmpSupport</span><span class="pi">:</span> <span class="s">enable</span> <span class="na">DnsSupport</span><span class="pi">:</span> <span class="s">enable</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-transitgateway</span> <span class="c1"># for VPC1</span> <span class="na">VPC1TransitGatewayAttachment</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::TransitGatewayAttachment</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">SubnetIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForTransitGatewayAttachment</span> <span class="na">TransitGatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TransitGateway</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-transitgatewayattachment-vpc1</span> <span class="c1"># for VPC2</span> <span class="na">VPC2TransitGatewayAttachment</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::TransitGatewayAttachment</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">SubnetIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForTransitGatewayAttachment</span> <span class="na">TransitGatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TransitGateway</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-transitgatewayattachment-vpc2</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># VPC</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="na">VPC1</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPC</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1CidrBlock</span> <span class="na">InstanceTenancy</span><span class="pi">:</span> <span class="s">default</span> <span class="na">EnableDnsSupport</span><span class="pi">:</span> <span class="no">true</span> <span class="na">EnableDnsHostnames</span><span class="pi">:</span> <span class="no">true</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-vpc1</span> <span class="c1"># for VPC2</span> <span class="na">VPC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPC</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2CidrBlock</span> <span class="na">InstanceTenancy</span><span class="pi">:</span> <span class="s">default</span> <span class="na">EnableDnsSupport</span><span class="pi">:</span> <span class="no">true</span> <span class="na">EnableDnsHostnames</span><span class="pi">:</span> <span class="no">true</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-vpc2</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># Subnet</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="na">VPC1PrivateSubnetForEC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Subnet</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2CidrBlock</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">AvailabilityZone</span><span class="pi">:</span> <span class="kt">!Select</span> <span class="pi">[</span> <span class="nv">0</span><span class="pi">,</span> <span class="kt">!GetAZs</span> <span class="pi">]</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-subnet-private-vpc1forec2</span> <span class="na">VPC1PrivateSubnetForTransitGatewayAttachment</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Subnet</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForTransitGatewayAttachmentCidrBlock</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">AvailabilityZone</span><span class="pi">:</span> <span class="kt">!Select</span> <span class="pi">[</span> <span class="nv">0</span><span class="pi">,</span> <span class="kt">!GetAZs</span> <span class="pi">]</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-subnet-private-vpc1forec2transitgatewayattachment</span> <span class="c1"># for VPC2</span> <span class="na">VPC2PrivateSubnetForEC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Subnet</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForEC2CidrBlock</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2</span> <span class="na">AvailabilityZone</span><span class="pi">:</span> <span class="kt">!Select</span> <span class="pi">[</span> <span class="nv">0</span><span class="pi">,</span> <span class="kt">!GetAZs</span> <span class="pi">]</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-subnet-private-vpc2forec2</span> <span class="na">VPC2PrivateSubnetForTransitGatewayAttachment</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Subnet</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForTransitGatewayAttachmentCidrBlock</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2</span> <span class="na">AvailabilityZone</span><span class="pi">:</span> <span class="kt">!Select</span> <span class="pi">[</span> <span class="nv">0</span><span class="pi">,</span> <span class="kt">!GetAZs</span> <span class="pi">]</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-subnet-private-vpc2forec2transitgatewayattachment</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># VPCEndpoint</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="na">VPC1VPCEndpointSSM</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCEndpoint</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">PrivateDnsEnabled</span><span class="pi">:</span> <span class="no">true</span> <span class="na">SecurityGroupIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1VPCEndpointSecurityGroup</span> <span class="na">ServiceName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">com.amazonaws.${AWS::Region}.ssm</span> <span class="na">SubnetIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2</span> <span class="na">VpcEndpointType</span><span class="pi">:</span> <span class="s">Interface</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">VPC1VPCEndpointSSMMessages</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCEndpoint</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">PrivateDnsEnabled</span><span class="pi">:</span> <span class="no">true</span> <span class="na">SecurityGroupIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1VPCEndpointSecurityGroup</span> <span class="na">ServiceName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">com.amazonaws.${AWS::Region}.ssmmessages</span> <span class="na">SubnetIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2</span> <span class="na">VpcEndpointType</span><span class="pi">:</span> <span class="s">Interface</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">VPC1VPCEndpointEC2Messages</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCEndpoint</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">PrivateDnsEnabled</span><span class="pi">:</span> <span class="no">true</span> <span class="na">SecurityGroupIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1VPCEndpointSecurityGroup</span> <span class="na">ServiceName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">com.amazonaws.${AWS::Region}.ec2messages</span> <span class="na">SubnetIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2</span> <span class="na">VpcEndpointType</span><span class="pi">:</span> <span class="s">Interface</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">VPC1VPCEndpointS3</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCEndpoint</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RouteTableIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2RouteTable</span> <span class="na">ServiceName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">com.amazonaws.${AWS::Region}.s3</span> <span class="na">VpcEndpointType</span><span class="pi">:</span> <span class="s">Gateway</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="c1"># for VPC2</span> <span class="na">VPC2VPCEndpointSSM</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCEndpoint</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">PrivateDnsEnabled</span><span class="pi">:</span> <span class="no">true</span> <span class="na">SecurityGroupIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC2VPCEndpointSecurityGroup</span> <span class="na">ServiceName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">com.amazonaws.${AWS::Region}.ssm</span> <span class="na">SubnetIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForEC2</span> <span class="na">VpcEndpointType</span><span class="pi">:</span> <span class="s">Interface</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2</span> <span class="na">VPC2VPCEndpointSSMMessages</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCEndpoint</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">PrivateDnsEnabled</span><span class="pi">:</span> <span class="no">true</span> <span class="na">SecurityGroupIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC2VPCEndpointSecurityGroup</span> <span class="na">ServiceName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">com.amazonaws.${AWS::Region}.ssmmessages</span> <span class="na">SubnetIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForEC2</span> <span class="na">VpcEndpointType</span><span class="pi">:</span> <span class="s">Interface</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2</span> <span class="na">VPC2VPCEndpointEC2Messages</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCEndpoint</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">PrivateDnsEnabled</span><span class="pi">:</span> <span class="no">true</span> <span class="na">SecurityGroupIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC2VPCEndpointSecurityGroup</span> <span class="na">ServiceName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">com.amazonaws.${AWS::Region}.ec2messages</span> <span class="na">SubnetIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForEC2</span> <span class="na">VpcEndpointType</span><span class="pi">:</span> <span class="s">Interface</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2</span> <span class="na">VPC2VPCEndpointS3</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCEndpoint</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RouteTableIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForEC2RouteTable</span> <span class="na">ServiceName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">com.amazonaws.${AWS::Region}.s3</span> <span class="na">VpcEndpointType</span><span class="pi">:</span> <span class="s">Gateway</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># RouteTable</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="c1"># PrivateSubnetForEC2</span> <span class="na">VPC1PrivateSubnetForEC2RouteTable</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::RouteTable</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-routetable-vpc1privatesubnetforec2</span> <span class="na">VPC1PrivateSubnetForEC2RouteTableAssociation</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SubnetRouteTableAssociation</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">SubnetId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2RouteTable</span> <span class="na">VPC1TransitGatewayRoute</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Route</span> <span class="na">DependsOn</span><span class="pi">:</span> <span class="s">VPC1TransitGatewayAttachment</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2RouteTable</span> <span class="na">DestinationCidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2CidrBlock</span> <span class="na">TransitGatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TransitGateway</span> <span class="na">VPC1TransitGatewayRoutefor2ndRegionVPC1</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Route</span> <span class="na">DependsOn</span><span class="pi">:</span> <span class="s">VPC1TransitGatewayAttachment</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2RouteTable</span> <span class="na">DestinationCidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">2ndRegionVPC1CidrBlock</span> <span class="na">TransitGatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TransitGateway</span> <span class="na">VPC1TransitGatewayRoutefor2ndRegionVPC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Route</span> <span class="na">DependsOn</span><span class="pi">:</span> <span class="s">VPC1TransitGatewayAttachment</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2RouteTable</span> <span class="na">DestinationCidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">2ndRegionVPC2CidrBlock</span> <span class="na">TransitGatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TransitGateway</span> <span class="c1"># for VPC2</span> <span class="c1"># PrivateSubnetForEC2</span> <span class="na">VPC2PrivateSubnetForEC2RouteTable</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::RouteTable</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-routetable-vpc2privatesubnetforec2</span> <span class="na">VPC2PrivateSubnetForEC2RouteTableAssociation</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SubnetRouteTableAssociation</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">SubnetId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForEC2</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForEC2RouteTable</span> <span class="na">VPC2TransitGatewayRoute</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Route</span> <span class="na">DependsOn</span><span class="pi">:</span> <span class="s">VPC2TransitGatewayAttachment</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForEC2RouteTable</span> <span class="na">DestinationCidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1CidrBlock</span> <span class="na">TransitGatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TransitGateway</span> <span class="na">VPC2TransitGatewayRoutefor2ndRegionVPC1</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Route</span> <span class="na">DependsOn</span><span class="pi">:</span> <span class="s">VPC1TransitGatewayAttachment</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForEC2RouteTable</span> <span class="na">DestinationCidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">2ndRegionVPC1CidrBlock</span> <span class="na">TransitGatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TransitGateway</span> <span class="na">VPC2TransitGatewayRoutefor2ndRegionVPC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Route</span> <span class="na">DependsOn</span><span class="pi">:</span> <span class="s">VPC1TransitGatewayAttachment</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForEC2RouteTable</span> <span class="na">DestinationCidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">2ndRegionVPC2CidrBlock</span> <span class="na">TransitGatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TransitGateway</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># EC2</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="na">VPC1EC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Instance</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">IamInstanceProfile</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">EC2InstanceProfile</span> <span class="na">ImageId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">ImageId</span> <span class="na">InstanceType</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">InstanceType</span> <span class="na">NetworkInterfaces</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">DeviceIndex</span><span class="pi">:</span> <span class="m">0</span> <span class="na">SubnetId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2</span> <span class="na">GroupSet</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1EC2SecurityGroup</span> <span class="c1"># for VPC2</span> <span class="na">VPC2EC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Instance</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">IamInstanceProfile</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">EC2InstanceProfile</span> <span class="na">ImageId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">ImageId</span> <span class="na">InstanceType</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">InstanceType</span> <span class="na">NetworkInterfaces</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">DeviceIndex</span><span class="pi">:</span> <span class="m">0</span> <span class="na">SubnetId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForEC2</span> <span class="na">GroupSet</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC2EC2SecurityGroup</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># IAM</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># Role</span> <span class="na">EC2Role</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::IAM::Role</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">AssumeRolePolicyDocument</span><span class="pi">:</span> <span class="na">Version</span><span class="pi">:</span> <span class="s">2012-10-17</span> <span class="na">Statement</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Effect</span><span class="pi">:</span> <span class="s">Allow</span> <span class="na">Action</span><span class="pi">:</span> <span class="s">sts:AssumeRole</span> <span class="na">Principal</span><span class="pi">:</span> <span class="na">Service</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">ec2.amazonaws.com</span> <span class="na">ManagedPolicyArns</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore</span> <span class="c1"># InstanceProfile</span> <span class="na">EC2InstanceProfile</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::IAM::InstanceProfile</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">Path</span><span class="pi">:</span> <span class="s">/</span> <span class="na">Roles</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">EC2Role</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># SecurityGroup</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="c1"># SecurityGroup</span> <span class="na">VPC1VPCEndpointSecurityGroup</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroup</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">GroupName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-securitygroup-vpcendpoint-vpc1</span> <span class="na">GroupDescription</span><span class="pi">:</span> <span class="s">for VPCE</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-securitygroup-vpcendpoint-vpc1</span> <span class="c1"># Ingress</span> <span class="na">VPC1VPCEndpointSecurityGroupIngressEC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroupIngress</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">FromPort</span><span class="pi">:</span> <span class="m">443</span> <span class="na">ToPort</span><span class="pi">:</span> <span class="m">443</span> <span class="na">IpProtocol</span><span class="pi">:</span> <span class="s">tcp</span> <span class="na">SourceSecurityGroupId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1EC2SecurityGroup</span> <span class="na">GroupId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">VPC1VPCEndpointSecurityGroup.GroupId</span> <span class="c1">#------------------------------------------------------------#</span> <span class="c1"># SecurityGroup</span> <span class="na">VPC1EC2SecurityGroup</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroup</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">GroupDescription</span><span class="pi">:</span> <span class="s">VPC1EC2SecurityGroup</span> <span class="na">GroupName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-securitygroup-vpc1ec2</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-securitygroup-vpc1ec2</span> <span class="c1"># Ingress</span> <span class="na">VPC1EC2SecurityGroupIngressFromSameRegionVPC2EC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroupIngress</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">FromPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">ToPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">IpProtocol</span><span class="pi">:</span> <span class="s">icmp</span> <span class="na">CidrIp</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2CidrBlock</span> <span class="na">GroupId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">VPC1EC2SecurityGroup.GroupId</span> <span class="na">VPC1EC2SecurityGroupIngressFrom2ndRegionVPC1EC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroupIngress</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">FromPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">ToPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">IpProtocol</span><span class="pi">:</span> <span class="s">icmp</span> <span class="na">CidrIp</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">2ndRegionVPC1CidrBlock</span> <span class="na">GroupId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">VPC1EC2SecurityGroup.GroupId</span> <span class="na">VPC1EC2SecurityGroupIngressFrom2ndRegionVPC2EC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroupIngress</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">FromPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">ToPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">IpProtocol</span><span class="pi">:</span> <span class="s">icmp</span> <span class="na">CidrIp</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">2ndRegionVPC2CidrBlock</span> <span class="na">GroupId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">VPC1EC2SecurityGroup.GroupId</span> <span class="c1">#------------------------------------------------------------#</span> <span class="c1"># for VPC2</span> <span class="c1"># SecurityGroup</span> <span class="na">VPC2VPCEndpointSecurityGroup</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroup</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2</span> <span class="na">GroupName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-securitygroup-vpcendpoint-vpc2</span> <span class="na">GroupDescription</span><span class="pi">:</span> <span class="s">for VPCE</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-securitygroup-vpcendpoint-vpc2</span> <span class="c1"># Ingress</span> <span class="na">VPC2VPCEndpointSecurityGroupIngressEC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroupIngress</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">FromPort</span><span class="pi">:</span> <span class="m">443</span> <span class="na">ToPort</span><span class="pi">:</span> <span class="m">443</span> <span class="na">IpProtocol</span><span class="pi">:</span> <span class="s">tcp</span> <span class="na">SourceSecurityGroupId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2EC2SecurityGroup</span> <span class="na">GroupId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">VPC2VPCEndpointSecurityGroup.GroupId</span> <span class="c1">#------------------------------------------------------------#</span> <span class="c1"># SecurityGroup</span> <span class="na">VPC2EC2SecurityGroup</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroup</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">GroupDescription</span><span class="pi">:</span> <span class="s">VPC2EC2SecurityGroup</span> <span class="na">GroupName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-securitygroup-vpc2ec2</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-securitygroup-vpc2ec2</span> <span class="c1"># Ingress</span> <span class="na">VPC2EC2SecurityGroupIngressFromSameRegionVPC1EC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroupIngress</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">FromPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">ToPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">IpProtocol</span><span class="pi">:</span> <span class="s">icmp</span> <span class="na">CidrIp</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1CidrBlock</span> <span class="na">GroupId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">VPC2EC2SecurityGroup.GroupId</span> <span class="na">VPC2EC2SecurityGroupIngressFrom2ndRegionVPC1EC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroupIngress</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">FromPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">ToPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">IpProtocol</span><span class="pi">:</span> <span class="s">icmp</span> <span class="na">CidrIp</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">2ndRegionVPC1CidrBlock</span> <span class="na">GroupId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">VPC2EC2SecurityGroup.GroupId</span> <span class="na">VPC2EC2SecurityGroupIngressFrom2ndRegionVPC2EC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroupIngress</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">FromPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">ToPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">IpProtocol</span><span class="pi">:</span> <span class="s">icmp</span> <span class="na">CidrIp</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">2ndRegionVPC2CidrBlock</span> <span class="na">GroupId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">VPC2EC2SecurityGroup.GroupId</span> <span class="na">Outputs</span><span class="pi">:</span> <span class="na">PeerRegion</span><span class="pi">:</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">AWS::Region</span> <span class="na">PeerTransitGatewayId</span><span class="pi">:</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TransitGateway</span> </code></pre> </div> <p>↓</p> <h4> 2ndRegion.yml </h4> <p>*Please use the same name output value x 2 in the 1stRegion.yml stack in the Parameter input screen.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">AWSTemplateFormatVersion</span><span class="pi">:</span> <span class="s">2010-09-09</span> <span class="na">Parameters</span><span class="pi">:</span> <span class="na">PJPrefix</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Environment</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">prd</span> <span class="c1"># for VPC1</span> <span class="na">VPC1CidrBlock</span><span class="pi">:</span> <span class="c1"># VPC1のCIDRブロック</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">10.3.0.0/16</span> <span class="na">VPC1PrivateSubnetForEC2CidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">10.3.0.0/24</span> <span class="na">VPC1PrivateSubnetForTransitGatewayAttachmentCidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">10.3.1.0/28</span> <span class="c1"># for VPC2</span> <span class="na">VPC2CidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">10.4.0.0/16</span> <span class="na">VPC2PrivateSubnetForEC2CidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">10.4.0.0/24</span> <span class="na">VPC2PrivateSubnetForTransitGatewayAttachmentCidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">10.4.1.0/28</span> <span class="c1"># for Both EC2</span> <span class="na">ImageId</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">ami-06e46074ae430fba6</span> <span class="na">InstanceType</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">t2.micro</span> <span class="c1"># for 1stRegion</span> <span class="c1"># for VPC1</span> <span class="na">1stRegionVPC1CidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">10.1.0.0/16</span> <span class="c1"># for VPC2</span> <span class="na">1stRegionVPC2CidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">10.2.0.0/16</span> <span class="na">PeerRegion</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">PeerTransitGatewayId</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Resources</span><span class="pi">:</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># TransitGateway</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="na">TransitGateway</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::TransitGateway</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">AutoAcceptSharedAttachments</span><span class="pi">:</span> <span class="s">enable</span> <span class="na">DefaultRouteTableAssociation</span><span class="pi">:</span> <span class="s">enable</span> <span class="na">DefaultRouteTablePropagation</span><span class="pi">:</span> <span class="s">enable</span> <span class="na">VpnEcmpSupport</span><span class="pi">:</span> <span class="s">enable</span> <span class="na">DnsSupport</span><span class="pi">:</span> <span class="s">enable</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-transitgateway</span> <span class="c1"># for VPC1</span> <span class="na">VPC1TransitGatewayAttachment</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::TransitGatewayAttachment</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">SubnetIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForTransitGatewayAttachment</span> <span class="na">TransitGatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TransitGateway</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-transitgatewayattachment-vpc1</span> <span class="c1"># for VPC2</span> <span class="na">VPC2TransitGatewayAttachment</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::TransitGatewayAttachment</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">SubnetIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForTransitGatewayAttachment</span> <span class="na">TransitGatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TransitGateway</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-transitgatewayattachment-vpc2</span> <span class="na">TransitGatewayPeeringAttachment</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::TransitGatewayPeeringAttachment</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">PeerAccountId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">AWS::AccountId</span> <span class="na">PeerRegion</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">PeerRegion</span> <span class="na">PeerTransitGatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">PeerTransitGatewayId</span> <span class="na">TransitGatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TransitGateway</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># VPC</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="na">VPC1</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPC</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1CidrBlock</span> <span class="na">InstanceTenancy</span><span class="pi">:</span> <span class="s">default</span> <span class="na">EnableDnsSupport</span><span class="pi">:</span> <span class="no">true</span> <span class="na">EnableDnsHostnames</span><span class="pi">:</span> <span class="no">true</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-vpc1</span> <span class="c1"># for VPC2</span> <span class="na">VPC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPC</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2CidrBlock</span> <span class="na">InstanceTenancy</span><span class="pi">:</span> <span class="s">default</span> <span class="na">EnableDnsSupport</span><span class="pi">:</span> <span class="no">true</span> <span class="na">EnableDnsHostnames</span><span class="pi">:</span> <span class="no">true</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-vpc2</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># Subnet</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="na">VPC1PrivateSubnetForEC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Subnet</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2CidrBlock</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">AvailabilityZone</span><span class="pi">:</span> <span class="kt">!Select</span> <span class="pi">[</span> <span class="nv">0</span><span class="pi">,</span> <span class="kt">!GetAZs</span> <span class="pi">]</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-subnet-private-vpc1forec2</span> <span class="na">VPC1PrivateSubnetForTransitGatewayAttachment</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Subnet</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForTransitGatewayAttachmentCidrBlock</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">AvailabilityZone</span><span class="pi">:</span> <span class="kt">!Select</span> <span class="pi">[</span> <span class="nv">0</span><span class="pi">,</span> <span class="kt">!GetAZs</span> <span class="pi">]</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-subnet-private-vpc1forec2transitgatewayattachment</span> <span class="c1"># for VPC2</span> <span class="na">VPC2PrivateSubnetForEC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Subnet</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForEC2CidrBlock</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2</span> <span class="na">AvailabilityZone</span><span class="pi">:</span> <span class="kt">!Select</span> <span class="pi">[</span> <span class="nv">0</span><span class="pi">,</span> <span class="kt">!GetAZs</span> <span class="pi">]</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-subnet-private-vpc2forec2</span> <span class="na">VPC2PrivateSubnetForTransitGatewayAttachment</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Subnet</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForTransitGatewayAttachmentCidrBlock</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2</span> <span class="na">AvailabilityZone</span><span class="pi">:</span> <span class="kt">!Select</span> <span class="pi">[</span> <span class="nv">0</span><span class="pi">,</span> <span class="kt">!GetAZs</span> <span class="pi">]</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-subnet-private-vpc2forec2transitgatewayattachment</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># VPCEndpoint</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="na">VPC1VPCEndpointSSM</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCEndpoint</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">PrivateDnsEnabled</span><span class="pi">:</span> <span class="no">true</span> <span class="na">SecurityGroupIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1VPCEndpointSecurityGroup</span> <span class="na">ServiceName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">com.amazonaws.${AWS::Region}.ssm</span> <span class="na">SubnetIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2</span> <span class="na">VpcEndpointType</span><span class="pi">:</span> <span class="s">Interface</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">VPC1VPCEndpointSSMMessages</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCEndpoint</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">PrivateDnsEnabled</span><span class="pi">:</span> <span class="no">true</span> <span class="na">SecurityGroupIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1VPCEndpointSecurityGroup</span> <span class="na">ServiceName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">com.amazonaws.${AWS::Region}.ssmmessages</span> <span class="na">SubnetIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2</span> <span class="na">VpcEndpointType</span><span class="pi">:</span> <span class="s">Interface</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">VPC1VPCEndpointEC2Messages</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCEndpoint</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">PrivateDnsEnabled</span><span class="pi">:</span> <span class="no">true</span> <span class="na">SecurityGroupIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1VPCEndpointSecurityGroup</span> <span class="na">ServiceName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">com.amazonaws.${AWS::Region}.ec2messages</span> <span class="na">SubnetIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2</span> <span class="na">VpcEndpointType</span><span class="pi">:</span> <span class="s">Interface</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">VPC1VPCEndpointS3</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCEndpoint</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RouteTableIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2RouteTable</span> <span class="na">ServiceName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">com.amazonaws.${AWS::Region}.s3</span> <span class="na">VpcEndpointType</span><span class="pi">:</span> <span class="s">Gateway</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="c1"># for VPC2</span> <span class="na">VPC2VPCEndpointSSM</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCEndpoint</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">PrivateDnsEnabled</span><span class="pi">:</span> <span class="no">true</span> <span class="na">SecurityGroupIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC2VPCEndpointSecurityGroup</span> <span class="na">ServiceName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">com.amazonaws.${AWS::Region}.ssm</span> <span class="na">SubnetIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForEC2</span> <span class="na">VpcEndpointType</span><span class="pi">:</span> <span class="s">Interface</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2</span> <span class="na">VPC2VPCEndpointSSMMessages</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCEndpoint</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">PrivateDnsEnabled</span><span class="pi">:</span> <span class="no">true</span> <span class="na">SecurityGroupIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC2VPCEndpointSecurityGroup</span> <span class="na">ServiceName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">com.amazonaws.${AWS::Region}.ssmmessages</span> <span class="na">SubnetIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForEC2</span> <span class="na">VpcEndpointType</span><span class="pi">:</span> <span class="s">Interface</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2</span> <span class="na">VPC2VPCEndpointEC2Messages</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCEndpoint</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">PrivateDnsEnabled</span><span class="pi">:</span> <span class="no">true</span> <span class="na">SecurityGroupIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC2VPCEndpointSecurityGroup</span> <span class="na">ServiceName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">com.amazonaws.${AWS::Region}.ec2messages</span> <span class="na">SubnetIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForEC2</span> <span class="na">VpcEndpointType</span><span class="pi">:</span> <span class="s">Interface</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2</span> <span class="na">VPC2VPCEndpointS3</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCEndpoint</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RouteTableIds</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForEC2RouteTable</span> <span class="na">ServiceName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">com.amazonaws.${AWS::Region}.s3</span> <span class="na">VpcEndpointType</span><span class="pi">:</span> <span class="s">Gateway</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># RouteTable</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="c1"># PrivateSubnetForEC2</span> <span class="na">VPC1PrivateSubnetForEC2RouteTable</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::RouteTable</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-routetable-vpc1privatesubnetforec2</span> <span class="na">VPC1PrivateSubnetForEC2RouteTableAssociation</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SubnetRouteTableAssociation</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">SubnetId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2RouteTable</span> <span class="na">VPC1TransitGatewayRouteforSameRegionVPC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Route</span> <span class="na">DependsOn</span><span class="pi">:</span> <span class="s">VPC1TransitGatewayAttachment</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2RouteTable</span> <span class="na">DestinationCidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2CidrBlock</span> <span class="na">TransitGatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TransitGateway</span> <span class="na">VPC1TransitGatewayRoutefor1stRegionVPC1</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Route</span> <span class="na">DependsOn</span><span class="pi">:</span> <span class="s">VPC1TransitGatewayAttachment</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2RouteTable</span> <span class="na">DestinationCidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">1stRegionVPC1CidrBlock</span> <span class="na">TransitGatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TransitGateway</span> <span class="na">VPC1TransitGatewayRoutefor1stRegionVPC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Route</span> <span class="na">DependsOn</span><span class="pi">:</span> <span class="s">VPC1TransitGatewayAttachment</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2RouteTable</span> <span class="na">DestinationCidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">1stRegionVPC2CidrBlock</span> <span class="na">TransitGatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TransitGateway</span> <span class="c1"># for VPC2</span> <span class="c1"># PrivateSubnetForEC2</span> <span class="na">VPC2PrivateSubnetForEC2RouteTable</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::RouteTable</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-routetable-vpc2privatesubnetforec2</span> <span class="na">VPC2PrivateSubnetForEC2RouteTableAssociation</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SubnetRouteTableAssociation</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">SubnetId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForEC2</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForEC2RouteTable</span> <span class="na">VPC2TransitGatewayRouteforSameRegionVPC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Route</span> <span class="na">DependsOn</span><span class="pi">:</span> <span class="s">VPC2TransitGatewayAttachment</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForEC2RouteTable</span> <span class="na">DestinationCidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1CidrBlock</span> <span class="na">TransitGatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TransitGateway</span> <span class="na">VPC2TransitGatewayRoutefor1stRegionVPC1</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Route</span> <span class="na">DependsOn</span><span class="pi">:</span> <span class="s">VPC1TransitGatewayAttachment</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForEC2RouteTable</span> <span class="na">DestinationCidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">1stRegionVPC1CidrBlock</span> <span class="na">TransitGatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TransitGateway</span> <span class="na">VPC2TransitGatewayRoutefor1stRegionVPC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Route</span> <span class="na">DependsOn</span><span class="pi">:</span> <span class="s">VPC1TransitGatewayAttachment</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForEC2RouteTable</span> <span class="na">DestinationCidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">1stRegionVPC2CidrBlock</span> <span class="na">TransitGatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TransitGateway</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># EC2</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="na">VPC1EC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Instance</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">IamInstanceProfile</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">EC2InstanceProfile</span> <span class="na">ImageId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">ImageId</span> <span class="na">InstanceType</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">InstanceType</span> <span class="na">NetworkInterfaces</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">DeviceIndex</span><span class="pi">:</span> <span class="m">0</span> <span class="na">SubnetId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1PrivateSubnetForEC2</span> <span class="na">GroupSet</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC1EC2SecurityGroup</span> <span class="c1"># for VPC2</span> <span class="na">VPC2EC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Instance</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">IamInstanceProfile</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">EC2InstanceProfile</span> <span class="na">ImageId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">ImageId</span> <span class="na">InstanceType</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">InstanceType</span> <span class="na">NetworkInterfaces</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">DeviceIndex</span><span class="pi">:</span> <span class="m">0</span> <span class="na">SubnetId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2PrivateSubnetForEC2</span> <span class="na">GroupSet</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">VPC2EC2SecurityGroup</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># IAM</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># Role</span> <span class="na">EC2Role</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::IAM::Role</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">AssumeRolePolicyDocument</span><span class="pi">:</span> <span class="na">Version</span><span class="pi">:</span> <span class="s">2012-10-17</span> <span class="na">Statement</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Effect</span><span class="pi">:</span> <span class="s">Allow</span> <span class="na">Action</span><span class="pi">:</span> <span class="s">sts:AssumeRole</span> <span class="na">Principal</span><span class="pi">:</span> <span class="na">Service</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">ec2.amazonaws.com</span> <span class="na">ManagedPolicyArns</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore</span> <span class="c1"># InstanceProfile</span> <span class="na">EC2InstanceProfile</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::IAM::InstanceProfile</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">Path</span><span class="pi">:</span> <span class="s">/</span> <span class="na">Roles</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">EC2Role</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># SecurityGroup</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># for VPC1</span> <span class="c1"># SecurityGroup</span> <span class="na">VPC1VPCEndpointSecurityGroup</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroup</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">GroupName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-securitygroup-vpcendpoint-vpc1</span> <span class="na">GroupDescription</span><span class="pi">:</span> <span class="s">for VPCE</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-securitygroup-vpcendpoint-vpc1</span> <span class="c1"># Ingress</span> <span class="na">VPC1VPCEndpointSecurityGroupIngressEC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroupIngress</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">FromPort</span><span class="pi">:</span> <span class="m">443</span> <span class="na">ToPort</span><span class="pi">:</span> <span class="m">443</span> <span class="na">IpProtocol</span><span class="pi">:</span> <span class="s">tcp</span> <span class="na">SourceSecurityGroupId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1EC2SecurityGroup</span> <span class="na">GroupId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">VPC1VPCEndpointSecurityGroup.GroupId</span> <span class="c1">#------------------------------------------------------------#</span> <span class="c1"># SecurityGroup</span> <span class="na">VPC1EC2SecurityGroup</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroup</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">GroupDescription</span><span class="pi">:</span> <span class="s">VPC1EC2SecurityGroup</span> <span class="na">GroupName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-securitygroup-vpc1ec2</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-securitygroup-vpc1ec2</span> <span class="c1"># Ingress</span> <span class="na">VPC1EC2SecurityGroupIngressFromSameRegionVPC2EC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroupIngress</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">FromPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">ToPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">IpProtocol</span><span class="pi">:</span> <span class="s">icmp</span> <span class="na">CidrIp</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2CidrBlock</span> <span class="na">GroupId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">VPC1EC2SecurityGroup.GroupId</span> <span class="na">VPC1EC2SecurityGroupIngressFrom1atRegionVPC1EC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroupIngress</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">FromPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">ToPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">IpProtocol</span><span class="pi">:</span> <span class="s">icmp</span> <span class="na">CidrIp</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">1stRegionVPC1CidrBlock</span> <span class="na">GroupId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">VPC1EC2SecurityGroup.GroupId</span> <span class="na">VPC1EC2SecurityGroupIngressFrom1stRegionVPC2EC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroupIngress</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">FromPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">ToPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">IpProtocol</span><span class="pi">:</span> <span class="s">icmp</span> <span class="na">CidrIp</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">1stRegionVPC2CidrBlock</span> <span class="na">GroupId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">VPC1EC2SecurityGroup.GroupId</span> <span class="c1">#------------------------------------------------------------#</span> <span class="c1"># for VPC2</span> <span class="c1"># SecurityGroup</span> <span class="na">VPC2VPCEndpointSecurityGroup</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroup</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2</span> <span class="na">GroupName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-securitygroup-vpcendpoint-vpc2</span> <span class="na">GroupDescription</span><span class="pi">:</span> <span class="s">for VPCE</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-securitygroup-vpcendpoint-vpc2</span> <span class="c1"># Ingress</span> <span class="na">VPC2VPCEndpointSecurityGroupIngressEC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroupIngress</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">FromPort</span><span class="pi">:</span> <span class="m">443</span> <span class="na">ToPort</span><span class="pi">:</span> <span class="m">443</span> <span class="na">IpProtocol</span><span class="pi">:</span> <span class="s">tcp</span> <span class="na">SourceSecurityGroupId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2EC2SecurityGroup</span> <span class="na">GroupId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">VPC2VPCEndpointSecurityGroup.GroupId</span> <span class="c1">#------------------------------------------------------------#</span> <span class="c1"># SecurityGroup</span> <span class="na">VPC2EC2SecurityGroup</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroup</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">GroupDescription</span><span class="pi">:</span> <span class="s">VPC2EC2SecurityGroup</span> <span class="na">GroupName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-securitygroup-vpc2ec2</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC2</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${PJPrefix}-${Environment}-securitygroup-vpc2ec2</span> <span class="c1"># Ingress</span> <span class="na">VPC2EC2SecurityGroupIngressFromSameRegionVPC1EC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroupIngress</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">FromPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">ToPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">IpProtocol</span><span class="pi">:</span> <span class="s">icmp</span> <span class="na">CidrIp</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC1CidrBlock</span> <span class="na">GroupId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">VPC2EC2SecurityGroup.GroupId</span> <span class="na">VPC2EC2SecurityGroupIngressFrom1atRegionVPC1EC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroupIngress</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">FromPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">ToPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">IpProtocol</span><span class="pi">:</span> <span class="s">icmp</span> <span class="na">CidrIp</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">1stRegionVPC1CidrBlock</span> <span class="na">GroupId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">VPC2EC2SecurityGroup.GroupId</span> <span class="na">VPC2EC2SecurityGroupIngressFrom1stRegionVPC2EC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroupIngress</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">FromPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">ToPort</span><span class="pi">:</span> <span class="s">-1</span> <span class="na">IpProtocol</span><span class="pi">:</span> <span class="s">icmp</span> <span class="na">CidrIp</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">1stRegionVPC2CidrBlock</span> <span class="na">GroupId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">VPC2EC2SecurityGroup.GroupId</span> <span class="na">Outputs</span><span class="pi">:</span> <span class="na">TransitGatewayPeeringAttachment</span><span class="pi">:</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TransitGatewayPeeringAttachment</span> <span class="na">Export</span><span class="pi">:</span> <span class="na">Name</span><span class="pi">:</span> <span class="s">TransitGatewayPeeringAttachment</span> </code></pre> </div> <p>↓</p> <h4> Accept peering from the console </h4> <p>Check the Transit Gateway Attachment,<br> Transit Gateway Attachment", you can see the resource with the status: Pending Acceptance.</p> <ul> <li>us-east-1</li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--WYPT7I-i--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/6pavnjv3re5au81wy2mx.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--WYPT7I-i--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/6pavnjv3re5au81wy2mx.png" alt="Image description" width="800" height="82"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--CEt_xQ6q--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/oymsfcq3hmx7kty9cc6t.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--CEt_xQ6q--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/oymsfcq3hmx7kty9cc6t.png" alt="Image description" width="800" height="172"></a></p> <ul> <li>ap-northeast-1</li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--3T_3Gxri--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/pq8l8b4za17rkbfnccrj.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--3T_3Gxri--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/pq8l8b4za17rkbfnccrj.png" alt="Image description" width="800" height="71"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--Y8bBopgC--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/jy3ej26fq17fdnv6egmn.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--Y8bBopgC--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/jy3ej26fq17fdnv6egmn.png" alt="Image description" width="800" height="172"></a></p> <p>We can confirm that the requestor and acceptor are each in the region of the setting.<br> ↓<br> Click "Accept TransitGateway Attachment" from "Action" of the relevant attachment in the acceptor region, ap-northeast-1.</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--hMB7hQ4r--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/be5qr4a1lfr0wrj888fo.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--hMB7hQ4r--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/be5qr4a1lfr0wrj888fo.png" alt="Image description" width="434" height="296"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--KafkZsbE--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/sg90109tlw72rkt08hjr.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--KafkZsbE--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/sg90109tlw72rkt08hjr.png" alt="Image description" width="800" height="127"></a><br> ↓<br> Each of them changes to Status:Pending, wait for a few minutes, and then<br> ↓</p> <ul> <li><p>us-east-1<br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--S9BrX8UD--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/owq57eozx4pjvgya3150.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--S9BrX8UD--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/owq57eozx4pjvgya3150.png" alt="Image description" width="800" height="81"></a></p></li> <li><p>ap-northeast-1<br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--aaMRFHad--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/m1m37htnppbo4kkn08h7.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--aaMRFHad--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/m1m37htnppbo4kkn08h7.png" alt="Image description" width="800" height="94"></a></p></li> </ul> <p>Status:Available</p> <p>↓</p> <h3> Additional Templates </h3> <h4> 1stRegionTransitRoute.yml </h4> <p>In the Parameter entry screen, for AutoCreatedTransitGatewayRouteTableId, enter the unnamed (*Name: "-") Transit Gateway Route Table ID that was automatically created in the 1stRegion, and for Transi TransitGatewayPeeringAttachment should be the output value of the same name from the 2ndRegion.yml stack.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">AWSTemplateFormatVersion</span><span class="pi">:</span> <span class="s">2010-09-09</span> <span class="na">Parameters</span><span class="pi">:</span> <span class="na">2ndRegionVPC1CidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">10.3.0.0/16</span> <span class="na">2ndRegionVPC2CidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">10.4.0.0/16</span> <span class="na">TransitGatewayPeeringAttachment</span><span class="pi">:</span> <span class="c1"># Refer to the homonymous output value of the 2nd region stack</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">AutoCreatedTransitGatewayRouteTableId</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Resources</span><span class="pi">:</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># TransitGateway</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="na">TransitGatewayRouteFor2ndRegionVPC1</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::TransitGatewayRoute</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">Blackhole</span><span class="pi">:</span> <span class="no">false</span> <span class="na">DestinationCidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">2ndRegionVPC1CidrBlock</span> <span class="na">TransitGatewayAttachmentId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TransitGatewayPeeringAttachment</span> <span class="na">TransitGatewayRouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">AutoCreatedTransitGatewayRouteTableId</span> <span class="na">TransitGatewayRouteFor2ndRegionVPC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::TransitGatewayRoute</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">Blackhole</span><span class="pi">:</span> <span class="no">false</span> <span class="na">DestinationCidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">2ndRegionVPC2CidrBlock</span> <span class="na">TransitGatewayAttachmentId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">TransitGatewayPeeringAttachment</span> <span class="na">TransitGatewayRouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">AutoCreatedTransitGatewayRouteTableId</span> </code></pre> </div> <p>↓</p> <h4> 2ndRegionTransitRoute.yml </h4> <p>In the Parameter entry screen, enter an unnamed (*Name: "-") Transit Gateway route table ID automatically created in the 2ndRegion in the AutoCreatedTransitGatewayRouteTableId field.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">AWSTemplateFormatVersion</span><span class="pi">:</span> <span class="s">2010-09-09</span> <span class="na">Parameters</span><span class="pi">:</span> <span class="na">1stResionVPC1CidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">10.1.0.0/16</span> <span class="na">1stResionVPC2CidrBlock</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">10.2.0.0/16</span> <span class="na">AutoCreatedTransitGatewayRouteTableId</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Resources</span><span class="pi">:</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># TransitGateway</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="na">TransitGatewayRouteFor1stResionVPC1</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::TransitGatewayRoute</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">Blackhole</span><span class="pi">:</span> <span class="no">false</span> <span class="na">DestinationCidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">1stResionVPC1CidrBlock</span> <span class="na">TransitGatewayAttachmentId</span><span class="pi">:</span> <span class="kt">!ImportValue</span> <span class="s">TransitGatewayPeeringAttachment</span> <span class="na">TransitGatewayRouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">AutoCreatedTransitGatewayRouteTableId</span> <span class="na">TransitGatewayRouteFor1stResionVPC2</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::TransitGatewayRoute</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">Blackhole</span><span class="pi">:</span> <span class="no">false</span> <span class="na">DestinationCidrBlock</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">1stResionVPC2CidrBlock</span> <span class="na">TransitGatewayAttachmentId</span><span class="pi">:</span> <span class="kt">!ImportValue</span> <span class="s">TransitGatewayPeeringAttachment</span> <span class="na">TransitGatewayRouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">AutoCreatedTransitGatewayRouteTableId</span> </code></pre> </div> <h3> Ping between EC2 </h3> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--7sePi0QW--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/b9439ffffiid64g11hni.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--7sePi0QW--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/b9439ffffiid64g11hni.png" alt="Image description" width="800" height="954"></a><br> Although only one image is shown, we were able to confirm communication in all instances.</p> <h2> extra </h2> <p>While searching for the reason why the ping did not go through in the Inter-Region example, I made the common mistake of mistaking one letter in the logical ID that I had used in the SecurityGroupIngress! During the process, I came across the TGW Route Analyzer.</p> <p><a href="https://docs.aws.amazon.com/network-manager/latest/tgwnm/route-analyzer.html">TGW Route Analyzer</a></p> <p>Thanks to this feature, I realized, "If there is no problem here, it may be a mistake in the SecurityGroup setting.</p> <h3> How to use TGW Route Analyzer </h3> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--V8__uYfT--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/oekj676gvq15adncizwt.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--V8__uYfT--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/oekj676gvq15adncizwt.png" alt="Image description" width="800" height="104"></a><br> ↓<br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--ANnx2uv0--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/scwvxsekan1bjtvfq0v0.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--ANnx2uv0--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/scwvxsekan1bjtvfq0v0.png" alt="Image description" width="800" height="471"></a><br> ↓<br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--E_dejxd9--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/na627ifdfzqsoyg4e614.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--E_dejxd9--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/na627ifdfzqsoyg4e614.png" alt="Image description" width="800" height="309"></a><br> ↓<br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--XDm8Pvty--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/xj9ptk1nysaxv6lnvxv1.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--XDm8Pvty--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/xj9ptk1nysaxv6lnvxv1.png" alt="Image description" width="800" height="442"></a><br> ↓<br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--jQ3iTQ-E--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/glngp5ptdmgxyt317ugj.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--jQ3iTQ-E--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/glngp5ptdmgxyt317ugj.png" alt="Image description" width="800" height="127"></a><br> ↓<br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--QefwJ1JA--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/qyfwegq4p80sxub3vdy8.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--QefwJ1JA--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/qyfwegq4p80sxub3vdy8.png" alt="Image description" width="800" height="193"></a><br> ↓<br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--LaYsn6g6--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/fo5x7q6rkt6iw3sia3ci.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--LaYsn6g6--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/fo5x7q6rkt6iw3sia3ci.png" alt="Image description" width="800" height="202"></a><br> ↓<br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--51JUtiTl--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/vvt9zh9bj7llqebsvrez.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--51JUtiTl--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/vvt9zh9bj7llqebsvrez.png" alt="Image description" width="476" height="86"></a><br> ↓<br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--r6XTiv-j--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/sxyju2c7dz25cvwxdz7x.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--r6XTiv-j--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/sxyju2c7dz25cvwxdz7x.png" alt="Image description" width="800" height="166"></a><br> ↓<br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--Ci1ebfKI--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/9763papxgdqo3y03tc6d.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--Ci1ebfKI--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/9763papxgdqo3y03tc6d.png" alt="Image description" width="800" height="280"></a><br> ↓<br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--MnXREwGa--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/6m6g1fdj6dvi9k4i84te.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--MnXREwGa--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/6m6g1fdj6dvi9k4i84te.png" alt="Image description" width="800" height="405"></a></p> <h3> If you want to create it with a template </h3> <p>As shown below, "TransitGatewayRegistration" must be run on a stack in each region or an error will occur.</p> <h4> 1stRegion_GlobalNetwork_and_TransitGatewayRegistration.yml </h4> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">AWSTemplateFormatVersion</span><span class="pi">:</span> <span class="s2">"</span><span class="s">2010-09-09"</span> <span class="na">Parameters</span><span class="pi">:</span> <span class="na">TransitGatewayId</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Resources</span><span class="pi">:</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># NetworkManager</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># GlobalNetwork</span> <span class="na">GlobalNetwork</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::NetworkManager::GlobalNetwork</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">this is test.</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="s">test-globalnetwork</span> <span class="c1"># TransitGatewayRegistration</span> <span class="na">TransitGatewayRegistration</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::NetworkManager::TransitGatewayRegistration</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">GlobalNetworkId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">GlobalNetwork</span> <span class="na">TransitGatewayArn</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">arn:aws:ec2:${AWS::Region}:${AWS::AccountId}:transit-gateway/${TransitGatewayId}</span> <span class="na">Outputs</span><span class="pi">:</span> <span class="na">GlobalNetworkId</span><span class="pi">:</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">GlobalNetwork</span> </code></pre> </div> <p>↓</p> <h4> 2ndRegion_TransitGatewayRegistration.yml </h4> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">AWSTemplateFormatVersion</span><span class="pi">:</span> <span class="s2">"</span><span class="s">2010-09-09"</span> <span class="na">Parameters</span><span class="pi">:</span> <span class="na">TransitGatewayId</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">GlobalNetworkId</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Resources</span><span class="pi">:</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># NetworkManager</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># TransitGatewayRegistration</span> <span class="na">TransitGatewayRegistration</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::NetworkManager::TransitGatewayRegistration</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">GlobalNetworkId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">GlobalNetworkId</span> <span class="na">TransitGatewayArn</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">arn:aws:ec2:${AWS::Region}:${AWS::AccountId}:transit-gateway/${TransitGatewayId}</span> </code></pre> </div> <h2> That was all. </h2> <p>Thank you for reading.</p> Template for creating a 3-layer subnet VPC using CloudFormation's intrinsic function Fn::ForEach yushi kato/mjxo Sun, 27 Aug 2023 06:42:33 +0000 https://dev.to/aws-builders/template-for-creating-a-3-layer-subnet-vpc-using-cloudformations-intrinsic-function-fnforeach-3fim https://dev.to/aws-builders/template-for-creating-a-3-layer-subnet-vpc-using-cloudformations-intrinsic-function-fnforeach-3fim <h2> In the beginning </h2> <p>Hello everyone,</p> <p>In Japan, where I live, and abroad, I have seen articles presenting examples of templates that use Fn::ForEach to deploy as many resources of a single resource type as exist in an array (Collection).</p> <p>On the other hand, we cannot judge whether it is practical if we cannot set up a reference relationship (!Ref) or dependency relationship (DependsOn) between resource A created with Fn::ForEach and resource B created with Fn::ForEach without problems.</p> <p>I cannot completely deny the possibility that I may have missed something, but I could not find any articles or documents, either in Japanese or English, that strongly mention this or include an anti-pattern.</p> <p>Therefore, I decided to verify what happens when I actually use Fn::ForEach on multiple resources and refer to them by their properties.</p> <h2> What I'm creating this time </h2> <p>The following is a configuration diagram. Although not shown in the diagram, RouteTable, Route, ElasticIP, etc. are also created.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxgtep2r5g55nrbml9pij.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxgtep2r5g55nrbml9pij.png" alt="Image description"></a></p> <h2> First, the template form I arrived at </h2> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code> <span class="na">AWSTemplateFormatVersion</span><span class="pi">:</span> <span class="s">2010-09-09</span> <span class="na">Transform</span><span class="pi">:</span> <span class="s">AWS::LanguageExtensions</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># Parameters:</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="na">Parameters</span><span class="pi">:</span> <span class="na">ZoneList</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">List&lt;String&gt;</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">a,c</span> <span class="na">SubnetList</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">List&lt;String&gt;</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">PublicSubnet,ProtectedSubnet,PrivateSubnet</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># Mappings:</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="na">Mappings</span><span class="pi">:</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># ZoneMappings</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="na">ZoneMappings</span><span class="pi">:</span> <span class="na">a</span><span class="pi">:</span> <span class="na">AvailabilityZone</span><span class="pi">:</span> <span class="s">a</span> <span class="na">c</span><span class="pi">:</span> <span class="na">AvailabilityZone</span><span class="pi">:</span> <span class="s">c</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># SubnetMappings</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="na">SubnetMappings</span><span class="pi">:</span> <span class="na">PublicSubnet</span><span class="pi">:</span> <span class="na">Mapping</span><span class="pi">:</span> <span class="s">PublicSubnetMappings</span> <span class="na">ProtectedSubnet</span><span class="pi">:</span> <span class="na">Mapping</span><span class="pi">:</span> <span class="s">ProtectedSubnetMappings</span> <span class="na">PrivateSubnet</span><span class="pi">:</span> <span class="na">Mapping</span><span class="pi">:</span> <span class="s">PrivateSubnetMappings</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># PublicSubnetMappings</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="na">PublicSubnetMappings</span><span class="pi">:</span> <span class="na">a</span><span class="pi">:</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="s">10.0.0.0/24</span> <span class="na">c</span><span class="pi">:</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="s">10.0.1.0/24</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># ProtectedSubnetMappings</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="na">ProtectedSubnetMappings</span><span class="pi">:</span> <span class="na">a</span><span class="pi">:</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="s">10.0.2.0/24</span> <span class="na">c</span><span class="pi">:</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="s">10.0.3.0/24</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># PrivateSubnetMappings</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="na">PrivateSubnetMappings</span><span class="pi">:</span> <span class="na">a</span><span class="pi">:</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="s">10.0.4.0/24</span> <span class="na">c</span><span class="pi">:</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="s">10.0.5.0/24</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># Resources</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="na">Resources</span><span class="pi">:</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># VPC</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="na">VPC</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPC</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="s">10.0.0.0/16</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="s">VPC</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># InternetGateway</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="na">InternetGateway</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::InternetGateway</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="s">InternetGateway</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># VPCGatewayAttachment</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="na">VPCGatewayAttachment</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCGatewayAttachment</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">InternetGatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">InternetGateway</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># ZoneLoop</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="na">Fn::ForEach::ZoneLoop</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">ZoneItem</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">ZoneList</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># NatGateway</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="pi">-</span> <span class="s">PublicSubnet1${ZoneItem}NatGateway</span><span class="err">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::NatGateway</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">AllocationId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="pi">[</span><span class="kt">!Sub</span> <span class="s1">'</span><span class="s">PublicSubnet1${ZoneItem}EIPforNatGateway'</span><span class="pi">,</span> <span class="nv">AllocationId</span><span class="pi">]</span> <span class="na">SubnetId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="pi">[</span><span class="kt">!Sub</span> <span class="s1">'</span><span class="s">PublicSubnet1${ZoneItem}'</span><span class="pi">,</span> <span class="nv">SubnetId</span><span class="pi">]</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">PublicSubnet1${ZoneItem}NatGateway</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># EIP</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="s">PublicSubnet1${ZoneItem}EIPforNatGateway</span><span class="err">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::EIP</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">Domain</span><span class="pi">:</span> <span class="s">vpc</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">PublicSubnet1${ZoneItem}EIPforNatGateway</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># Route</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="s">PublicSubnet1${ZoneItem}Route</span><span class="err">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Route</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">DestinationCidrBlock</span><span class="pi">:</span> <span class="s">0.0.0.0/0</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="pi">[</span><span class="kt">!Sub</span> <span class="s1">'</span><span class="s">PublicSubnet1${ZoneItem}RouteTable'</span><span class="pi">,</span> <span class="nv">RouteTableId</span><span class="pi">]</span> <span class="na">GatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">InternetGateway</span> <span class="s">ProtectedSubnet1${ZoneItem}Route</span><span class="err">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Route</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">DestinationCidrBlock</span><span class="pi">:</span> <span class="s">0.0.0.0/0</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="pi">[</span><span class="kt">!Sub</span> <span class="s1">'</span><span class="s">ProtectedSubnet1${ZoneItem}RouteTable'</span><span class="pi">,</span> <span class="nv">RouteTableId</span><span class="pi">]</span> <span class="na">NatGatewayId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="pi">[</span><span class="kt">!Sub</span> <span class="s1">'</span><span class="s">PublicSubnet1${ZoneItem}NatGateway'</span><span class="pi">,</span> <span class="nv">NatGatewayId</span><span class="pi">]</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># SubnetLoop</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="err"> </span><span class="na">Fn::ForEach::SubnetLoop</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">SubnetItem</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">SubnetList</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># Subnet</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="pi">-</span> <span class="s">${SubnetItem}1${ZoneItem}</span><span class="err">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Subnet</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="kt">!FindInMap</span> <span class="pi">[</span><span class="kt">!FindInMap</span> <span class="pi">[</span><span class="nv">SubnetMappings</span><span class="pi">,</span><span class="kt">!Ref</span> <span class="nv">SubnetItem</span><span class="pi">,</span><span class="nv">Mapping</span><span class="pi">],</span><span class="kt">!Ref</span> <span class="nv">ZoneItem</span><span class="pi">,</span><span class="nv">CidrBlock</span><span class="pi">]</span> <span class="na">AvailabilityZone</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">ap-northeast-1${ZoneItem}</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${SubnetItem}1${ZoneItem}</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># RouteTable</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="s">${SubnetItem}1${ZoneItem}RouteTable</span><span class="err">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::RouteTable</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${SubnetItem}1${ZoneItem}RouteTable</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># SubnetRouteTableAssociation</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="s">${SubnetItem}1${ZoneItem}RouteTableAssociation</span><span class="err">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SubnetRouteTableAssociation</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">SubnetId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="pi">[</span><span class="kt">!Sub</span> <span class="s1">'</span><span class="s">${SubnetItem}1${ZoneItem}'</span><span class="pi">,</span> <span class="nv">SubnetId</span><span class="pi">]</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="pi">[</span><span class="kt">!Sub</span> <span class="s1">'</span><span class="s">${SubnetItem}1${ZoneItem}RouteTable'</span><span class="pi">,</span> <span class="nv">RouteTableId</span><span class="pi">]</span> </code></pre> </div> <h2> I want to express my gratitude for archiving this Youtube video </h2> <p>I found the video "AWS On Air ft. Accelerate your CloudFormation authoring experience with Fn::ForEach looping function" on the "AWS Events" channel.<br> First of all, I would like to thank the person who archived this video.</p> <p>The part I want to focus on is the screen switching (scrolling) at 22:54.</p> <p><a href="https://www.youtube.com/watch?v=YSsWbHmLGTs" rel="noopener noreferrer">https://www.youtube.com/watch?v=YSsWbHmLGTs</a></p> <p>In this video he declares multiple Types (DynamoDB::Table and IAM::Policy) in a single Fn::ForEach.</p> <p>I was initially under the mistaken impression that Fn::ForEach could only be used for each resource type (*1:1).</p> <p>In fact, it was possible to create (1:n) resources for Fn::ForEach.<br> (This may be an oversight in the documentation text due to my assumption.)</p> <p>Because of the above assumption, I spent several days setting up ForEach for NatGateway and EIP respectively,<br> string references.</p> <p>So, I sometimes wished that "LanguageExtention" could solve the problem of placing only strings or "!Ref" in "DependsOn",</p> <p>Sometimes I encountered too many errors and wondered if it was an Issue.<br> I thought about submitting it to "cfn-language-discussion" several times.</p> <p>I even searched for blogs, both national and international, that verified how many layers of built-in function nesting "LanguageExtention" actually allows.</p> <p>This video solved all those things too.<br> Thank you so much.</p> <p>This may be a bit complicated to explain, but please bear with me.</p> <h2> Detailed Description </h2> <h3> Parameters </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># Parameters:</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="na">Parameters</span><span class="pi">:</span> <span class="na">ZoneList</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">List&lt;String&gt;</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">a,c</span> <span class="na">SubnetList</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">List&lt;String&gt;</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">PublicSubnet,ProtectedSubnet,PrivateSubnet</span> </code></pre> </div> <p>I have two parameters of type List.<br> One is to separate Zones. The other is to separate Subnet.</p> <p>By using (nesting) these later in Fn::ForEach, I assume that I can create up to 6 resources, 2 x 3 for each resource type.</p> <h3> Mappings </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># Mappings:</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="na">Mappings</span><span class="pi">:</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># ZoneMappings</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="na">ZoneMappings</span><span class="pi">:</span> <span class="na">a</span><span class="pi">:</span> <span class="na">AvailabilityZone</span><span class="pi">:</span> <span class="s">a</span> <span class="na">c</span><span class="pi">:</span> <span class="na">AvailabilityZone</span><span class="pi">:</span> <span class="s">c</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># SubnetMappings</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="na">SubnetMappings</span><span class="pi">:</span> <span class="na">PublicSubnet</span><span class="pi">:</span> <span class="na">Mapping</span><span class="pi">:</span> <span class="s">PublicSubnetMappings</span> <span class="na">ProtectedSubnet</span><span class="pi">:</span> <span class="na">Mapping</span><span class="pi">:</span> <span class="s">ProtectedSubnetMappings</span> <span class="na">PrivateSubnet</span><span class="pi">:</span> <span class="na">Mapping</span><span class="pi">:</span> <span class="s">PrivateSubnetMappings</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># PublicSubnetMappings</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="na">PublicSubnetMappings</span><span class="pi">:</span> <span class="na">a</span><span class="pi">:</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="s">10.0.0.0/24</span> <span class="na">c</span><span class="pi">:</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="s">10.0.1.0/24</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># ProtectedSubnetMappings</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="na">ProtectedSubnetMappings</span><span class="pi">:</span> <span class="na">a</span><span class="pi">:</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="s">10.0.2.0/24</span> <span class="na">c</span><span class="pi">:</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="s">10.0.3.0/24</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># PrivateSubnetMappings</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="na">PrivateSubnetMappings</span><span class="pi">:</span> <span class="na">a</span><span class="pi">:</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="s">10.0.4.0/24</span> <span class="na">c</span><span class="pi">:</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="s">10.0.5.0/24</span> </code></pre> </div> <p>You may be wondering a bit about Mappings.<br> This is where you will catch a glimpse of my struggles when I look back later.</p> <p>I will explain this in more detail later.</p> <h3> Resources that do not require Fn::ForEach </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># Resources</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="na">Resources</span><span class="pi">:</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># VPC</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="na">VPC</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPC</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="s">10.0.0.0/16</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="s">VPC</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># InternetGateway</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="na">InternetGateway</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::InternetGateway</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="s">InternetGateway</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># VPCGatewayAttachment</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="na">VPCGatewayAttachment</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCGatewayAttachment</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">InternetGatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">InternetGateway</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC</span> </code></pre> </div> <p>These are determined to be created on their own, so there is no change from the usual.<br> They are located further outside of Fn::ForEach at the top level.</p> <h3> Resources required, one per Zone </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># ZoneLoop</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="na">Fn::ForEach::ZoneLoop</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">ZoneItem</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">ZoneList</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># NatGateway</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="pi">-</span> <span class="s">PublicSubnet1${ZoneItem}NatGateway</span><span class="err">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::NatGateway</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">AllocationId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="pi">[</span><span class="kt">!Sub</span> <span class="s1">'</span><span class="s">PublicSubnet1${ZoneItem}EIPforNatGateway'</span><span class="pi">,</span> <span class="nv">AllocationId</span><span class="pi">]</span> <span class="na">SubnetId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="pi">[</span><span class="kt">!Sub</span> <span class="s1">'</span><span class="s">PublicSubnet1${ZoneItem}'</span><span class="pi">,</span> <span class="nv">SubnetId</span><span class="pi">]</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">PublicSubnet1${ZoneItem}NatGateway</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># EIP</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="s">PublicSubnet1${ZoneItem}EIPforNatGateway</span><span class="err">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::EIP</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">Domain</span><span class="pi">:</span> <span class="s">vpc</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">PublicSubnet1${ZoneItem}EIPforNatGateway</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># Route</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="s">PublicSubnet1${ZoneItem}Route</span><span class="err">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Route</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">DestinationCidrBlock</span><span class="pi">:</span> <span class="s">0.0.0.0/0</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="pi">[</span><span class="kt">!Sub</span> <span class="s1">'</span><span class="s">PublicSubnet1${ZoneItem}RouteTable'</span><span class="pi">,</span> <span class="nv">RouteTableId</span><span class="pi">]</span> <span class="na">GatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">InternetGateway</span> <span class="s">ProtectedSubnet1${ZoneItem}Route</span><span class="err">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Route</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">DestinationCidrBlock</span><span class="pi">:</span> <span class="s">0.0.0.0/0</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="pi">[</span><span class="kt">!Sub</span> <span class="s1">'</span><span class="s">ProtectedSubnet1${ZoneItem}RouteTable'</span><span class="pi">,</span> <span class="nv">RouteTableId</span><span class="pi">]</span> <span class="na">NatGatewayId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="pi">[</span><span class="kt">!Sub</span> <span class="s1">'</span><span class="s">PublicSubnet1${ZoneItem}NatGateway'</span><span class="pi">,</span> <span class="nv">NatGatewayId</span><span class="pi">]</span> </code></pre> </div> <p>Here are the resources directly under the first Fn::ForEach.<br> I hope you can get an idea of how the resources are created one by one for the two zones a and c.</p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code> <span class="na">Parameters</span><span class="pi">:</span> <span class="na">ZoneList</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">List&lt;String&gt;</span> <span class="na">Default</span><span class="pi">:</span> <span class="s">a,c</span> </code></pre> </div> <p>For example, here NatGateway is a resource needed only for PublicSubnet.</p> <p>It is important not to think of them as two out of six subnets, but as two for two zones.</p> <p>They can be considered as needed for a Zone within a VPC.</p> <h3> Resources required, one per Subnet </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># SubnetLoop</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="na">Fn::ForEach::SubnetLoop</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">SubnetItem</span> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s">SubnetList</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># Subnet</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="pi">-</span> <span class="s">${SubnetItem}1${ZoneItem}</span><span class="err">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Subnet</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="kt">!FindInMap</span> <span class="pi">[</span><span class="kt">!FindInMap</span> <span class="pi">[</span><span class="nv">SubnetMappings</span><span class="pi">,</span><span class="kt">!Ref</span> <span class="nv">SubnetItem</span><span class="pi">,</span><span class="nv">Mapping</span><span class="pi">],</span><span class="kt">!Ref</span> <span class="nv">ZoneItem</span><span class="pi">,</span><span class="nv">CidrBlock</span><span class="pi">]</span> <span class="na">AvailabilityZone</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">ap-northeast-1${ZoneItem}</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${SubnetItem}1${ZoneItem}</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># RouteTable</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="s">${SubnetItem}1${ZoneItem}RouteTable</span><span class="err">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::RouteTable</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">${SubnetItem}1${ZoneItem}RouteTable</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># SubnetRouteTableAssociation</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="s">${SubnetItem}1${ZoneItem}RouteTableAssociation</span><span class="err">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SubnetRouteTableAssociation</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">SubnetId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="pi">[</span><span class="kt">!Sub</span> <span class="s1">'</span><span class="s">${SubnetItem}1${ZoneItem}'</span><span class="pi">,</span> <span class="nv">SubnetId</span><span class="pi">]</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="pi">[</span><span class="kt">!Sub</span> <span class="s1">'</span><span class="s">${SubnetItem}1${ZoneItem}RouteTable'</span><span class="pi">,</span> <span class="nv">RouteTableId</span><span class="pi">]</span> </code></pre> </div> <p>I have a further nested Fn::ForEach within the previous Fn::ForEach.<br> In total, six resources should be created.</p> <p>As I mentioned at the beginning of this article, this is realized by ZoneList × SubnetList.</p> <h2> Further areas worth mentioning </h2> <h3> EC2::Route is split in two. </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># Route</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="s">PublicSubnet1${ZoneItem}Route</span><span class="err">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Route</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">DestinationCidrBlock</span><span class="pi">:</span> <span class="s">0.0.0.0/0</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="pi">[</span><span class="kt">!Sub</span> <span class="s1">'</span><span class="s">PublicSubnet1${ZoneItem}RouteTable'</span><span class="pi">,</span> <span class="nv">RouteTableId</span><span class="pi">]</span> <span class="na">GatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">InternetGateway</span> <span class="s">ProtectedSubnet1${ZoneItem}Route</span><span class="err">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Route</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">DestinationCidrBlock</span><span class="pi">:</span> <span class="s">0.0.0.0/0</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="pi">[</span><span class="kt">!Sub</span> <span class="s1">'</span><span class="s">ProtectedSubnet1${ZoneItem}RouteTable'</span><span class="pi">,</span> <span class="nv">RouteTableId</span><span class="pi">]</span> <span class="na">NatGatewayId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="pi">[</span><span class="kt">!Sub</span> <span class="s1">'</span><span class="s">PublicSubnet1${ZoneItem}NatGateway'</span><span class="pi">,</span> <span class="nv">NatGatewayId</span><span class="pi">]</span> </code></pre> </div> <p>The reason these are divided into two is in the properties.</p> <p>GatewayId:" is required for Routes that are needed for public subnets, and "NatGatewayId:" is required for Routes that are needed for protected subnets.</p> <p>Can we find a way to use "Condition" in resources in combination with "Conditions" and "If" as a way of branching these?</p> <p>For example, as a value to be referenced in Conditions<br> Can we connect the logical ID of AWS::EC2::Route and RouteTableId with a dot to refer to the value?<br> I think the answer is no.</p> <p>AWS::EC2::Route only returns CidrBlock in GetAtt and Ref.</p> <p>This does not achieve branching.</p> <p>In the first place, we often see things in Conditions that judging what the Value of a parameter is, but it is also impossible to ask CloudFormation to judging "what is being written to be referenced" for the Value of a Resource property! </p> <p>And, Condition does not branch property units.</p> <p>Even if all of these were fine, two Type: AWS::EC2::Route resource types would still need to be created. Compared to the previous example, the number of lines involved in Condition would just increase meaninglessly.</p> <p>That is why this is a ZonalLoop.</p> <p>Another reason is that private subnets do not require a route.</p> <h3> RouteTable for each public subnet exists </h3> <p>There is a RouteTable for each public subnet with a 0.0.0.0/0 route to the same InternetGateway.</p> <p>Although this should only be one RouteTable, it is unavoidable when using Fn::ForEach to create a RouteTable.</p> <p>It is possible to put the public one outside the top-level Fn::ForEach, with only the protected and private ones, or the protected subnets, in the scope of the ZonalLoop, but this is not my preference. I feel this is not consistent with the policy of applying Fn::ForEach as much as possible, which was decided when the template was first created.</p> <h3> Fn::FindInMap is nested inside Fn::FindInMap </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># Subnet</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="pi">-</span> <span class="s">${SubnetItem}1${ZoneItem}</span><span class="err">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Subnet</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">VPC</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="kt">!FindInMap</span> <span class="pi">[</span><span class="kt">!FindInMap</span> <span class="pi">[</span><span class="nv">SubnetMappings</span><span class="pi">,</span><span class="kt">!Ref</span> <span class="nv">SubnetItem</span><span class="pi">,</span><span class="nv">Mapping</span><span class="pi">],</span><span class="kt">!Ref</span> <span class="nv">ZoneItem</span><span class="pi">,</span><span class="nv">CidrBlock</span><span class="pi">]</span> </code></pre> </div> <p>I expressed earlier about the Mappings part that there was "distress",</p> <p>I would not have done this if I could have used Sub within the!FindInMap.<br> SubnetItem and ZoneItem because they can be string concatenated.</p> <p>FindInMap inside to see if it is public, protected or private.<br> Then you can find the Key in the following part.</p> <p>The corresponding Value has the name of the following Mapping.</p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code> <span class="na">Mappings</span><span class="pi">:</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="c1"># SubnetMappings</span> <span class="c1"># ------------------------------------------------------------#</span> <span class="na">SubnetMappings</span><span class="pi">:</span> <span class="na">PublicSubnet</span><span class="pi">:</span> <span class="na">Mapping</span><span class="pi">:</span> <span class="s">PublicSubnetMappings</span> <span class="na">ProtectedSubnet</span><span class="pi">:</span> <span class="na">Mapping</span><span class="pi">:</span> <span class="s">ProtectedSubnetMappings</span> <span class="na">PrivateSubnet</span><span class="pi">:</span> <span class="na">Mapping</span><span class="pi">:</span> <span class="s">PrivateSubnetMappings</span> </code></pre> </div> <p>This Value is converted to a Key in the first argument of the outer FindInMap.</p> <p>From the Key of each of the following Mappings, a single letter (a or c) of the Zone specified in the second argument is referenced to Cidr as the Key.</p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code> <p><span class="c1"># ------------------------------------------------------------#</span><br> <span class="c1"># PublicSubnetMappings</span><br> <span class="c1"># ------------------------------------------------------------#</span><br> <span class="na">PublicSubnetMappings</span><span class="pi">:</span> <br> <span class="na">a</span><span class="pi">:</span> <br> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="s">10.0.0.0/24</span></p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&lt;span class="na"&gt;c&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="na"&gt;CidrBlock&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="s"&gt;10.0.1.0/24&lt;/span&gt; </code></pre> </div> <p><span class="c1"># ------------------------------------------------------------#</span><br> <span class="c1"># ProtectedSubnetMappings</span><br> <span class="c1"># ------------------------------------------------------------#</span><br> <span class="na">ProtectedSubnetMappings</span><span class="pi">:</span> <br> <span class="na">a</span><span class="pi">:</span> <br> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="s">10.0.2.0/24</span></p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&lt;span class="na"&gt;c&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="na"&gt;CidrBlock&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="s"&gt;10.0.3.0/24&lt;/span&gt; </code></pre> </div> <p><span class="c1"># ------------------------------------------------------------#</span><br> <span class="c1"># PrivateSubnetMappings</span><br> <span class="c1"># ------------------------------------------------------------#</span><br> <span class="na">PrivateSubnetMappings</span><span class="pi">:</span><br> <span class="na">a</span><span class="pi">:</span> <br> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="s">10.0.4.0/24</span></p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&lt;span class="na"&gt;c&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="na"&gt;CidrBlock&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="s"&gt;10.0.5.0/24&lt;/span&gt; </code></pre> </div> </code></pre> </div> <h2> <br> <br> <br> How many rows have been reduced?<br> </h2> <p>Below is a comparison of the results with all extra lines removed.<br> Without Fn::ForEach: 190 lines<br> Created with Fn::ForEach: 110 lines</p> <p>It can be said that the number of lines has been reduced by about one-half.</p> <h2> How these are displayed in the CloudFormation designer </h2> <p>When read without using Fn::ForEach<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fs80994g0qkvf4g1dn95u.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fs80994g0qkvf4g1dn95u.png" alt="Image description"></a></p> <p>When Fn::ForEach is used to read<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fog7nua88utdzj6kpzv08.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fog7nua88utdzj6kpzv08.png" alt="Image description"></a></p> <p>The CloudFormation designer expresses the presence of CustomResouce about Fn::ForEach.<br> I am curious about this difference and wanted to consider the reason at a later date.</p> <h2> That is all </h2> <p>Some of the difficulties involved in this endeavor may seem quite comical to those who use the CDK.</p> <p>I myself would like to leave aside for the moment whether the introduction of Fn::ForEach is great or not, or whether this template is beautiful in its own right.</p> <p>I feel that the appearance of this built-in function is not just an addition of functionality, but rather an attempt to destroy some of the concepts that CFn had retained and to find a way to change its form.</p> <p>Since this is too long an article, I have decided to summarize my pattern of failure in another blog.<br> I will be happy if there is something useful for anyone in the world.</p> <p>Finally, not everything is certain even in my mind. If there is any lack of understanding or mistakes in the article, I would like to correct them immediately. I want to let you know that I am always grateful for the words generated by the experience of experts from all over the world.</p> <p>Thank you for reading.</p>