Setting up AWS Transit Gateway for Cross-Account Communication

One Account to Another Account

Demo Environment Architecture

1] Transit gateway basically acts as a hub, and we can centrally control traffic flow.

2] Let me show you how simple routing works with transit Gateway. In the diagram, there are 3 VPCs but for simplicity, I have taken only 2 VPCs.

3] Let’s consider we have 2 VPCs. VPC 1 and VPC 2 with a subnet and corresponding subnet route table as you can see local side arranged for each VPC is pointing to its local route and the cider for our other VPC is pointing to the transit gateway which means all traffic destined from VPC 1 to VPC 2 will go to transit gateway which is a central hub and the transit gateway will have its own route table and each VPC is attached to the same route table which is the default route table that is called the association.

4] I have my 2 AWS consoles; one is shared (Main) and another is dev.

5] Create a transit gateway in a shared (Main) account and attach the TGW to VPC in the Shared account.

6] Next, we have to connect our TGW to the Dev account so in order to do that we need to create a resource share so that we can attach the VPC in the Dev account to our shared account.

7] Go to the shared account and open resource access manager *Create resource share. *Give it a name. *From the dropdown select transit gateway. *In principals add the Dev AWS account number. *Create a resource share.

8] Before using the share we need to accept it in our Dev account in which we want to connect.

9] In another account go to the resource access manager there and we will get an invitation link. We need to accept it.

10] Now if we go to the Dev account, we will be able to see the shared transit gateway ID. Now we need to attach it to our Dev VPC.

11] We will do a ping test to check if both VPCs are connected.

NOTE *Cross-account transit gateway supports only VPC attachments. *We won’t have any transit gateway-specific route table in the dev account because all transit gateway routes are managed by a shared (main) account where the transit gateway is created

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.