Create Connection Between VPC (Different Region) using AWS Transit Gateway

5 min readFeb 17, 2022

What is AWS Transit Gateway?

AWS Transit gateway is services that allow customers to interconnect many of Amazon VPCs, AWS accounts, and on-premises networks to a single gateway. This simplifies network and puts an end to complex peering relationships. This can reduce the complexity for connecting VPC peering if there are thousand of VPC that will be connected.

Demo Labs: Connecting 2 VPC in Region California (US West) and Virginia (US East)

Architecture System

Pre-requites:

VPC A on each region have to access publicly (can SSH and Ping)
Create VM on each VPC

Step by step:

Prepare the VPC from California and Virginia

I use IP 10.30.0.0/16 from California

From Virginia use the default VPC, you can custome by your own VPC

2. Create Transit Gateway on Virginia

I already have Transit Gateway in California (see https://medium.com/@arisukarno/create-connection-between-vpc-one-region-using-aws-transit-gateway-bad650dafd3e). Define the name of Transit Gateway and uncheck the option (Default route table association and Default route table propagation), cause it will be define custom by ourself

3. Create Transit Gateway Attachment on Virginia

In here we create 2 Transit Gateway: for Peering Transit Gateway and for VPC in Virginia.

Create the transit gateway attachment for VPC A in Virginia and choose the default VPC and one subnet.

Create Transit Gateway Peering

Define the name, transit gateway ID and choose the attachment type as Peering Connection.

Configure the peering attachment, so you can use by same account or different account. Select the region you want, in this case in California and fill the transit gateway (accepeter) by Transit Gateway ID in California.

After create the Peering Connection from Virginia, you can see in California Transit Gateway attachment will appear for requesting, and you can Accept transit gateway attachment from Virginia. You can request the peering anywhere from California or Virginia.

After you accept peering is success, it need more time for peering you can wait 3–5 minutes until the state is available.

4. Create Transit Gateway Route Tables

Transit Gateway Route Tables in Virginia

I have already create the transit gateway route table, you can create by click the orang button in bellow.

For association choose the transit gateway attachment of VPC A.

So in here we don’t configure the propagation cause it have different region so it just to configure the route manually through the peering. Cause this is different region so we have to add route static manually and attach the peering without propagation.

The static route use the CIDR is IP from VPC A in California and the attachment is the Transit Gateway Peering that was created before. Why the attachment is peering? So basicly it like we configure routing in Cisco/Mikrotik if you know, it targeted to the IP in California trough the transit gateway peering.

After that for Route tables peering, choose the associtation as Transit Gateway Peering it self.

In this route table of peering, we can configure the propagation, basicly the propagation is what is the things that we attach to the route table, in here peering will attach the VPC A as a source. Cause it’s a route tables for Peering, so it can be propagated by the VPC A. Why it propagated from VPC A? cause the VPC A is connected to the IP 172.31.0.0/16 so by propagated the VPC A, the route will automatically direct to the VPC A.

Transit Gateway Route Tables in California

Same with the VPC A in Virginia, cause this is already configure for transit gateway route table we just add manually the static route to the VPC A in Virginia through the Transit Gateway Peering.