how to enable route propagation in the routing tables
I hope all is well. I am working on a project to move our infrastructure to terraform and have the Infrastructure as Code. Route propagation is not working in our test account however I copied everything that we have in our main account. I know there is no limitation for routings and it should be a technical config issue. 3 VPCs (Prod, Dev, Stage) are going to route traffic to the internet through 1 VPC (DMZ) and 1 IGW in the DMZ. In the main account the routing is working fine but in the test account the propagation does not change to enabled ("yes").
If you are using VPC Peering between the 3 VPCs (prod, dev, stage) to connected to the DMZ VPC then what you are attempting is not possible because this becomes Transitive routing which is not supported.
See the Example: 'Edge to edge routing through an internet gateway' in the below link:
Centralized internet egress is however possible with TransitGateway.
This pattern is described in this link along with routing:
The flow would look like below, not detail but would give you an idea:
On-premises network <== VPN ==> TGW --> VPC (NAT gateway & IGW) --> Internet
Hope this helps.
Hi Tushar, Thanks for your answer. Yes, I added the static route but when I go to the VPC route table, the static routes that I added there have Propagate=No. In the current configuration on the main account that works well, all the routes connected to vgw have Propagate=Yes.
Yes, that is expected. You can propagate VGW routes into VPC route table but you can not propagate TGW routes into VPC route table, has to be Static. So there are 2 route tables - VPC RTB and TGW RTB, in VPC RTB you need to add Static route (if pointing towards a TGW) and in TGW RTB you can propagate VPC attachment in turn propagating the route for the VPC CIDR.
All I want is to route from VPCs without IGW to internet. I have 3 VPC (prod, dev, stage) which are connected to DMZ (with IGW). Routes from prod, dev, stage to DMZ or vice versa works fine. Also from DMZ I have internet access. But from prod, dev, stage I cannot go to internet. All I want is that prod, dev, stage VPCs rout to internet through DMZ with an attached IGW.
ok, please confirm how the 3 VPCs (prod, dev, stage) are connected to the DMZ VPC - by VPC Peering or via TGW (Transit Gateway) the answer would depend on that.
Honestly, I have tried both. In both the cases, I can see the connection between 3 VPCs (prod, dev, stage) and DMZ; but not 3 VPCs (prod, dev, stage) to internet. I am fine with 1 working solution either by VPC Peering or via TGW! Thanks in advance for your help!
How to implement propagation algorithms in Neptuneasked 2 months ago
Controling BGP Route Propagation in Transit GatewayAccepted Answerasked 2 years ago
Migrate VPN to Direct Connect+Transit GatewayAccepted Answerasked 3 years ago
VPC subnet routing.Accepted Answerasked 5 months ago
Transit Gateway/DX route propagation to VPC route tablesAccepted Answerasked 3 years ago
GoDaddy Domain Propagation from old AWS to new AWSasked 2 months ago
How can I route traffic depending on setting from parameter store.asked a month ago
how to enable route propagation in the routing tablesasked 11 days ago
cloud-init not setting default route to NAT Gatewayasked 2 years ago
How can I route OpenVPN trafficAccepted Answerasked 24 days ago