By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

VPC Attachments/Subnets via TGW

0

In my scenario, the customer's VPS (Virtual Private Server) consists of 6 subnets, divided into 3 private and 3 public subnets across different Availability Zones (AZs) like 1a, 1b, and 1c. When creating Transit Gateway (TGW) VPC attachments, there is a limitation where you can only select 3 subnets at a time.

Will this achieve the desired connectivity for all 6 subnets? or I would need to create separate TGW VPC attachments for the remaining subnets that were not included in the first attachment.

Please advise! Thank you

  • Luis
    3 months ago

    Should I assign a specific route table for the subnet for transit gateway attachment? or the route table is irrelevant for the transit gateway attachment.

Topics
Networking & Content Delivery
Tags
Amazon VPCAWS Transit Gateway
Language
English
Ali Md
asked 9 months ago479 views
4 Answers
0
Accepted Answer

Yes, you can only select one subnet per AZ, but all subnets in that Availability Zone can send traffic to the transit gateway

profile pictureAWS
Matt_E
answered 9 months ago
profile picture
EXPERT
Gary Mclean
reviewed 9 months ago
  • Ali Md
    9 months ago

    Thanks Matt! Please correct me if I understand this right. Since I have 6 subnets, I should create two separate attachments for both Private and Public to send traffic to the transit gateway?

  • Matt_E
    9 months ago

    No, you only need one attachment and in that attachment you're selecting one subnet per AZ (either private or public), the connectivity to that single subnet will establish a connectivity to both the private and the public subnet in the same AZ.

    For instance, if you had all 6 subnets in the same AZ (say 1a), then you will only be able to select one subnet out of the 6, and you will be establishing a connectivity to all 6 subnets.

  • Ali Md
    9 months ago

    In the given instance, there are 3 private subnets located in different Availability Zones (AZs) - specifically AZ 1a, AZ 1b, and AZ 1c. Additionally, there are 3 public subnets also spread across different AZs - AZ 1a, AZ 1b, and AZ 1c.

    The question is whether connectivity can be established by creating only one attachment.

  • Matt_E
    9 months ago

    Yes, all you going to need is one attachment. The three subnets you're choosing in the three different AZs is what's going to establish the connectivity.

0

Best practice is to create a dedicated subnet in each AZ with a /28 cidr range.

Attach TGW in each of the subnet. You then configure the routes in your subnets/VPC to route traffic for other CIDRs to the TGW connection.

As the TGW is attached to 3 private subnets the traffic arriving via TGW will then route accordingly via the subnets route table.

profile picture
EXPERT
Gary Mclean
answered 9 months ago
0

See below from the TGW best practices guidance. It is recommended to create /28 dedicated subnets (1 per AZ) for TGW attachment. In your case if you are using 3 AZ VPC then you would create 3 x /28 subnets for TGW attachments, this will then allow connectivity to all the rest of the subnets within that VPC.

  • Use a separate subnet for each transit gateway VPC attachment. For each subnet, use a small CIDR, for example /28, so that you have more addresses for EC2 resources. When you use a separate subnet, you can configure the following:

    • Keep the inbound and outbound network ACLs associated with the transit gateway subnets open.

    • Depending on your traffic flow, you can apply network ACLs to your workload subnets.
profile pictureAWS
EXPERT
Tushar_J
answered 9 months ago
0

Should I assign a specific route table for the subnet for transit gateway attachment? or the route table is irrelevant for the transit gateway attachment?

Luis
answered 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content