How would I route traffic to an instance set up for site-to-site VPN from a different VPC


We have a legacy system which has a site to site VPN set up. I want to get traffic from a new VPC in a different AWS account to utilize this.

In the following diagram, traffic flowing from in Legacy is working - I'm trying to create the connection from the new account

Enter image description here

I've tried to do this through VPC peering however it seems that may not be the right approach as I cant get the requests for to target the proxy on

asked 2 months ago121 views
1 Answer

VPC Peering is not transitive. Your best option is to use a Transit Gateway.

profile pictureAWS
answered 2 months ago
profile picture
reviewed 2 months ago
profile pictureAWS
reviewed 2 months ago
  • I've spent some time with this but struggling to make it work. What I've done is:

    • Created TransitGateway in Legacy

    • Shared TransitGateway via RAM

    • Created association for legacy VPC

    • Created association for New VPC

    • Added TransitGateway route -> legacy VPC attachment

    • Set Legacy VPC Routes: -> EIC -> TransitGateway

    • Set New VPC routes -> TransitGateway -> local -> TransitGateway

    Pings from to time out. Any further help would be greatly appreciated!

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions