- 최신
- 최다 투표
- 가장 많은 댓글
the TG will be able to route to any subnet, once you setup your routing tables.
The subnet association is simply the subnet WITHIN THE ENTIRE AZ that the TG uses to route traffic: It's likely setting up an Elastic Network Interface in that subnet..once it does that, it will be able to communicate to any subnet in that AZ, as long as your routing rules and security groups allow it.
Make sense?
The console really leads us to think that the transit gateway attachment will be restricted only to those subnets that are marked at the attachment creation time. What happens at the creation attachment moment moment, in fact, is the choice of in which subnet the elastic network interface related to that particular attachment will be created and not which subnet can be used by the attachment in question. ALL subnets in an Availability Zone are reached by an attachment created in that Availability Zone.
Also, due to this behavior, it is recommended that when using a transit gateway in your network architecture, you have specific subnets with a /28 range, for example, to be used only for the transit gateway attachments.
Design Best Practices Link - https://docs.aws.amazon.com/vpc/latest/tgw/tgw-best-design-practices.html
