In the earlier deployment of our Transit Gateway, we allowed CloudFormation to deploy our Attachments to the VPCs. This time we will walk through the install manually.
In the AWS Management Console change to the region you are working in. This is in the upper right hand drop down menu.
In the AWS Management Console choose Services then select VPC.
From the menu on the left, Scroll down and select Transit Gateway Attachments.
You will see the VPC Attachments listed, but we want to add one to connect our Datacenter. Click the Create Transit Gateway Attachment button above the list.
Fill out the Create Transit Gateway Attachment form.
Still on the VPC Service console, from the menu on the left Scroll up and select Route Tables
You will see the Route Tables listed in the main pane. Select NP3-_stackname-Private route table, Check the box next to it. Let’s take a look toward the bottom of the panel and click the Routes tab. Currently, there is just one route, the local VPC route. Since the only way out is going to be the Transit Gateway, lets make our life simple and point a default route to the Transit Gateway Attachment. Click the Edit Routes in the Routes tab.
On the Edit routes page, Click the Add route button and enter a default route by setting the destination of 0.0.0.0/0. In the Target drop-down, select Transit Gateway and pick your Transit Gateway create for this project. Make sure its the one in the other account, not the account you are currently logged into.
From the Menu on the Left Select Transit Gateway Attachments to give the VCP attachment a name. Scan down the Resource type column for the Attachment with the Name blank. You can verify this Attachment is from the other Account by looking at the Details tab at the bottom of the main panel. The Resource owner account ID will be the other AWS account ID. *note: Back at the top, if you click the pencil that appears when you mouse over the Name column, you can enter a name that is different than the first VPN. Be sure to click the check mark to save the name.
From the Menu on the Left Select Transit Gateway Route Tables. From the table in the main panel select Red Route Table. Lets take a look toward the bottom, and click the Associations tab. Associations mean that traffic coming from the outside toward the Transit gateway will use this route table to know where the packet will go after routing through the TGW. note: An attachment can only be Associated with one route table. But a route table can have multiple associations. Here in the Red Route Table, click Create associations in the Associations tab. From the drop-down list, select the NP3 vpc . note:it should be the only one in the list without a Association route table . Click Create association.
While at the Transit Gateway Route Tables, take a look at the Propagations tab. These are the Resources that dynamically inform the route table. An attachment can propagate to multiple route tables. For the New Non-Production (NP3) VPC, we want to propagate to the Non-Prod(Red) route table and the Datacenter/Datacenter Services ROute table (Green) route table. Lets start with the Red Route Table. We can see all of the VPCs are propagating their CIDR to the route table.
Click in Create Propagation on the field “chose attachment to propagate” select the attachment with “Name Tag” NP3Attach and click in create propagation.
Repeat the above step on the propagations tab for the Green Route Table.