Configure Transit Gateway Route Table for VPN
In this section, you’ll create the first of two transit gateway route tables in the network-prod
AWS account so that you have control over which of your VPCs can access the site-to-site VPN connection and the infrastructure shared services VPC that you’ll set up in a later section.
1. Create Transit Gateway Route Table
Create a transit gateway route table for the site-to-site VPN connection and the infrastructure shared services VPC that you’ll be creating in another section:
- As a Cloud Administrator, use your personal user to log into AWS SSO.
- Select the
network-prod
AWS account
- Select
Management console
associated with the AWSAdministratorAccess
role.
- Select the appropriate AWS region.
- Navigate to
VPC
- Select
Transit Gateway Route Tables
- Select
Create Transit Gateway Route Table
- Provide the Transit Gateway Route Table details:
Field |
Recommendation |
Name |
vpn-infra-shared-services-vpc |
Transit Gateway ID |
Select your transit gateway from the list |
- Select
Create Transit Gateway Route Table
2. Associate Route Table with VPN Attachment
- Once the state of the Transit Gateway Route Table transitions to
available
, select the Associations
table at the bottom of the screen. You might have to refresh the page to see the state change.
- Select
Create association
- Select the attachment to associate:
Field |
Recommendation |
Choose attachment to associate |
Choose the transit gateway attachment id for the VPN attachment. (Later, after you create the infrastructure shared services VPC, you will also associate the VPC attachment for that VPC with this route table). |
- Select
Create association
3. Create Propagation
- Once the state of the Association transitions to
associated
, select on the Propagations
tab. You might have to refresh the page to see the state change.
- Select
Create propagation
- Select the attachment to propagate
Field |
Recommendation |
Choose attachment to propogate |
Select the transit gateway attachment id for the VPN attachment |
- Select
Create propagation
- Select the
Routes
tab.
- If you configured your site-to-site VPN connection to use BGP, then you should see the routing information for your on-premises network listed in the
Routes
section.