Transit Gateway shared with AWS Resource Access Manager (AWS RAM) identify all accounts as external
Customer has an AWS Landing Zone (ALZ) implementation where they are sharing a Transit Gateway (TGW) between accounts. Sharing a TGW results in error unless
Allow external accounts is checked, even though the account is in the same organization.
The account that they are trying to share the TGW with, is under the same root Organization by ALZ and AWS Control Tower configuration Why these accounts are considered externals?. Once allow external accounts is checked the TGW can be shared and the principal type shows "Account (External)"
AWS RAM must be integrated with AWS Organizations. Once this is done from the management account, RAM will have permissions to access AWS Organizations and enable sharing with Organization IDs and OUs. It will also properly identify accounts within the Organization and no longer require you to enable External sharing if the account is within the same Org. Enable sharing with AWS Organizations docs cover how to enable from the management account.
Transit Gateway shared with AWS Resource Access Manager (AWS RAM) identify all accounts as externalAccepted Answerasked 3 years ago
Transit Gateway - number of prefixes from TGW->CGWAccepted Answerasked 3 years ago
AWS Transit Gateway Routing FeaturesAccepted Answerasked 3 years ago
Transit Gateway - Propagated route limit per Routing TableAccepted Answerasked 3 years ago
Transit Gateway to Direct Connect Gateway to Transit GatewayAccepted Answer
AWS Transit Gateway attachment pricingAccepted Answerasked 2 years ago
Modify Transit Gateway Properties After CreationAccepted Answerasked 3 years ago
AWS Transit Gateway ASN visibilityAccepted Answerasked 2 years ago
Transit Gateway Peering - Cross Accounts Not Sharing Payer IDAccepted Answerasked 2 years ago
Transit Gateway attachment cost to VPC and subnetsAccepted Answer