Questions tagged with AWS Transit Gateway

Is it possible to send multicast communication on a Site-to-Site VPN between AWS VPCs ? If not, I want to try to setup a GRE tunnel for this purpose between two VPC and test the multicast traffic between the two VPC. Is this possible at the moment on AWS ?lg...

I am trying to enable the applicance mode with the following CLI command as per the online documentation: C:\Users\Pablo>aws ec2 modify-transit-gateway-vpc-attachment --transit-gateway-attachment-id tgw-attach-0b6cb80499a53XXXX --options ApplianceModeSupport=enable Parameter validation failed: Unknown parameter in Options: "ApplianceModeSupport", must be one of: DnsSupport, Ipv6Support I tried changing the DnsSupport option to make sure I'm in the right region and transit gateway attach and works: C:\Users\Pablo>aws ec2 modify-transit-gateway-vpc-attachment --transit-gateway-attachment-id tgw-attach-0b6cb80499a5383e9 --options DnsSupport=disable { "TransitGatewayVpcAttachment": { "TransitGatewayAttachmentId": "tgw-attach-0b6cb80499a53XXXX", "TransitGatewayId": "tgw-01e5ee317cd46YYY3", "VpcId": "vpc-02e3c21f4d7dacZZZ", "VpcOwnerId": "95107885XXXX", "State": "modifying", "SubnetIds": [ "subnet-0c24bb7aae4deeXXX", "subnet-064acc2ad5667aXXX", "subnet-03b6351363cd1cXXX" ], "CreationTime": "2022-09-27T18:09:59+00:00", "Options": { "DnsSupport": "disable", "Ipv6Support": "disable" } } } It looks like this transit gateway attachment does not have this option. What am I doing wrong?lg...

Is it possible to create [VPC Flow Logs for AWS Transit Gateway](https://aws.amazon.com/blogs/networking-and-content-delivery/introducing-vpc-flow-logs-for-aws-transit-gateway/) using CloudFormation? I have reviewed the [AWS::EC2::FlowLog](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-flowlog.html) resource documentation, and it appears to only support a network interface, subnet, or VPC. Thanks for your help!lg...

Can someone Please explain why does the Customer Gateway IP Address have to be assigned from the CIDR Block in the Transit GW. I think this is a typo in the document. https://aws.amazon.com/blogs/networking-and-content-delivery/introducing-aws-site-to-site-vpn-private-ip-vpns/ In Step 4: The IP address to configure in the Customer gateway should be from the Transit Gateway CIDR block we defined in Step 2, and the BGP ASN the one from your on-premises environment.lg...

Hi all, its' possible to manage overlapping subnet (different VPC) on same TGW? Below an example of network project.  Tnxlg...

I want to be able to use FQDN filtering on outbound traffic over the VPN. I can't get it to work. It looks like AWS Network Firewall doesn't support VPN Gateways. Is this correct and is there some way around it? A transit gateway perhaps?lg...

https://aws.amazon.com/blogs/networking-and-content-delivery/introducing-aws-site-to-site-vpn-private-ip-vpns/ 1) Going through the document, It tells to reserve a 10.0.0.0/24 cidr block on the transit gateway, what is the relevance of this block? where is it exactly used? It is not shown in the diagram in the document. 2) Do we need to carve out a separate cidr for The tunnel IPs, based on the number of tunnels. Is there any special consideration to be followed when assigning the tunnel outside IPs. 3) Any additional documents available on this topic would be helpful. What does that Cidr block do? are IPs from the block used anywhere ( tunnel headend or tailend IPs?). I understand the block is used for routing. How does one decide the Tunnel headend and tail end IPs? do the IPs subnets have anything to do with the CIDR block? If I have a 10G pipe, I am assuming I would be using 8 tunnels (1.25 cap), where do i know what the IPs would be? The IP Schema is dictated by what? Does the CIDR play a role here?lg...

I am implementing a new feature from AWS called Private IP VPN using Direct connect, My question is that how do i filter routes entering my P2P IPSec tunnel from the transit gateway towards onprem as i would like to receive all the routes that exist in the TG.lg...

Is it possible to have a private VIF and a Transit VIF on the same Direct connect circuit?lg...

Hi. I am trying to establish monitoring for our high transit gateway cost and I can't seem to get them to agree. It looks like either the CloudWatch metrics for Transit Gateway are incorrect, or I am being highly overcharged for Transit Gateway usage. After doing some analysis on an hour of flow logs, I am thinking that the metrics are incorrect, or I am not understanding how to interpret them. I have tried to go over everything publicly available. Please correct me if I am mistaken. It is my understanding that the transit gateway billing is based on the number of bytes that the gateway processes. This should be fully accountable by adding up all the TransitGateway/Per-TransitGateway Metrics/BytesIn metrics for all the transit gateways in my account. CloudWatch does not give units for this metric, so I am assuming that it reports the number of bytes in each minute sent to the TGW, since docs say that this metric is reported every minute. However, if I look at this number, taking an average value over weeks and extrapolate it out to a month, it is off by like a factor of 2000x from the number reported in my bill. Can I get an explanation of how I can accurately break down and monitor my Transit Gateway traffic bill?lg...

Hello, Since last few days I was unsuccessfully trying to setup a S2S VPN connection from AWS VPC subnet (10.0.10.0/24) to the on-prem host which address (10.0.50.1/32) is covered by the VPC CIDR (10.0.0.0/16). I've tried to use Virtual Private Gateway and Transit Gateway but there's a problem with VPC routing table which cannot contain any route that is equal or more specific than it's CIDR blocks. Any ideas about how to achieve this or whether it is possible at all without using NAT? Thanks in advancelg...

We are required to send an email containing PII and we wish to adhere to NHS data in transit standards of encryption. What would be the set up to enable this and are there 3rd party integrations that can be used.lg...