How do I migrate my transit VPC to a transit gateway?

  1. Create a transit gateway.
  2. Create the Amazon VPC attachments for the spoke VPCs. If the spoke VPCs:
    • Are in different accounts, share the transit gateway to the second account. Then, create attachments in the second account.
    • Are in different Regions, create a new transit gateway in the second Region. Then, create a peering attachment between the two transit gateways.
  3. Create transit gateway virtual private network (VPN) connections to the on-premises networks, if applicable.
    Note: After the VPN tunnels are UP, you can change the on-premises gateway to prefer the transit gateway VPN tunnels over the virtual gateway tunnels.
  4. Configure the transit gateway route tables.
  5. In the spoke VPC route tables, change the target from the virtual private gateway to the transit gateway. Be sure to modify the spoke VPC route tables only during a schedule maintenance window.
  6. After communication is established on the transit gateway, remove each of the spoke VPC tags individually. Then, delete any VPNs connected to on-premises networks, if applicable. These actions remove the VPN connection between the spoke VPC and the transit network VPC.
    Note: The default tag for the spoke VPCs is configured with key: transitvpc:spoke and value: true.
  7. After all spokes are migrated to the transit gateway, delete the transit network VPC AWS CloudFormation stack.

