Skip to main content

Configure Transit Gateway for a Multi-VPC Environment

Hands-On Lab

 

Photo of Tia  Williams

Tia Williams

AWS Training Architect II in Content

Length

00:30:00

Difficulty

Intermediate

In this hands-on lab we will create a Transit Gateway and attach two VPCs. We will review the propogated routes on the Transit Gateway, create the appropriate routes in our VPCs, and validate the connectivity.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Configure Transit Gateway for a Multi-VPC Environment

Introduction

In this hands-on lab we will create a Transit Gateway and attach two VPCs. We will review the propogated routes on the Transit Gateway, create the appropriate routes in our VPCs, and validate the connectivity.

Get logged in

Use the credentials and server IP in the hands-on lab overview page to log into AWS Console. Once we're in, let's make sure we're in the us-east-1 region, and then we can get moving.

Create the Transit Gateway

Navigate to the VPC dashboard, and click Transit Gateways in the sidebar. Click Create Transit Gateway, and fill out the next form with these values:

  • Name tag: MyTransitGW
  • Description: MyTransitGW
  • Amazon side ASN: 65065

We'll leave everything else alone, and click Create Transit Gateway, then Close. We need this running before we can do anything else, so now is a good time to grab a coffee or something. Once the Transit Gateway is showing available, we can continue.

Transit Gateway Attachments

Now, in the side menu, click on Transit Gateway Attachments, then click the Create Transit Gateway Attachment button. Use these values in the web form:

  • Transit Gateway ID: Choose the one we just built
  • Attachment name tag: VPC1
  • VPC ID: Pick our VPC1 from the list
    • There's a whole list of subnets that appears. In the us-east-1a line, pick PublicSubnet1

Click Create attachment, then Close to finish things up here.

We'll do this twice more, with the difference being their name tags; we'll use VPC2 and VPC3. And we'll pick the VPC ID that VPC Name corresponds with the current Transit Gateway Attachment's Attachment name tag.

Once these three are all in an available state, we can proceed.

Routes

We want to ping between all of our instances, and to do that we need to ensure that routing is set up correctly. Head way back up in the side menu to Route Tables, then get into Public1-RT. Down in the Routes tab, click Edit route. In here, click Add route. Use 10.2.0.0/16 as a Destination. As a Target, let's select Transit Gateway, then the one we created, MyTransitGW.

We need to repeat those steps for oPublic2-RT, but use 10.1.0.0/16 as a Destination instead. Public3-RT is already all set.

Testing

Now we're ready to see if all of this is working. Remember that all of our login credentials and IP (both public and private) details are sitting up on the hands-on lab overview page.

Log into INSTANCE1 with SSH, and try to ping the public IP of INSTANCE2:

[cloud_user@INSTANCE1]$ ping &ltINSTANCE2 PUBLIC IP>

Now, let's try pinging the private IP of that same instance:

[cloud_user@INSTANCE1]$ ping &ltINSTANCE2 PRIVATE IP>

It's working. We're sitting pretty now. Let's try this with INSTACE3:

[cloud_user@INSTANCE1]$ ping &ltINSTANCE3 PRIVATE IP>

How'd we do? It's not working, is it? This is fine. We didn't set it up, so everything (even though pings didn't go through) is actually working properly, as it was designed to do.

Conclusion

We made it. We've got instances in different subnets pinging each other to and from their private IP addresses with Transit Gateway. Congratulations!