In this section, you will share your transit gateway with other AWS accounts in your AWS organization so that VPCs in those accounts can be attached to the transit gateway. This is a one-time operation.
Attaching team development VPC: The team development VPC is created and managed in the same network-prod
AWS account in which your transit gateway was created. Consequently, you do not need to share the transit gateway resource in order to attach the common team development VPC to your transit gateway. However, since your other VPCs will reside in separate AWS accounts, you will need to enable resource sharing and share the transit gateway in order to attach those VPCs.
You will need to enable sharing resources within your AWS Organizations from your management account. This will allow you to access your transit gateway from the other AWS accounts that are part of your AWS organization.
Resource sharing may already be enabled: If you already set up a common team development VPC, then you’ve already enabled resource sharing and can skip this step.
management
AWS accountManagement console
associated with the AWSAdministratorAccess
role.Resource Access Manager
Settings
in the left navigation panelEnable sharing within your AWS Organizations
checkbox, then click the Save settings
buttonFind your Organization ID: Navigate to AWS Organizations and click on any of the accounts to open the information panel on the right. Within the ARN
, after the word account, you will see your Organization ID (starts with o-
). Note this down for the next set of steps.
You will use AWS Resource Access Manager (RAM) to share your transit gateway for VPC attachments across your accounts and/or your organizations in AWS Organizations.
network-prod
AWS accountManagement console
associated with the AWSAdministratorAccess
role.Resource Access Manager
Create a resource share
Field | Recommendation |
---|---|
Name |
infra-main |
Select resource type |
Transit Gateways (and select your transit gateway) |
Allow external accounts |
Deselect this option so that you disallow access from AWS accounts outside your AWS organization |
Create resource share