How to Enable Peering Between Multiple (Inter-Region) VPCs via Transit Gateway?

Enabling peering between multiple VPCs on AWS can be difficult. It can be much more difficult if they are in different regions.

I will walk you through the process of enabling peering between multiple VPCs.

Photo by Truman Adrian Lobato De Faria on Unsplash

I have 2 VPCs. One is in Frankfurt (eu-central-1), the other one is in Sydney (ap-southeast-2).

Let me share my VPC configurations:

This screenshot is from Frankfurt
This screenshot is from Sydney

The subnet configurations:

This screenshot is from Frankfurt
This screenshot is from Sydney

I attached an internet gateway to each VPC.

0.0.0.0/24 is forwarded to the internet gateway.

I created two different EC2 servers. One is in Frankfurt, and the other in Sydney.

I tried to ping 8.8.8.8. It works.

I tried to ping each other via private IP addresses and they can’t ping each other via private IP addresses as expected:

The basic VPC configurations are set.

Let’s get started

Open the VPC Management Console. Find the Transit Gateways in the sidebar:

I will create the transit gateways (Transit Gateways>Create Transit Gateway):

This screenshot is from Frankfurt
This screenshot is from Sydney

I will wait until the state of the transit gateway is Available:

This screenshot is from Frankfurt
This screenshot is from Sydney

I will create a transit gateway attachment in Frankfurt and in Sydney.

Thus, I will enable communication between these transit gateways:

This screenshot is from Frankfurt

I will wait until the state of the transit gateway is Pending Acceptance:

This screenshot is from Frankfurt

I will now go to the Sydney region accept the peering request on the Transit gateway attachments page:

This screenshot is from Sydney

(Actions -> Accept transit gateway attachment -> Accept)

I will wait until the state of the transit gateway is Available:

This screenshot is from Frankfurt

I will create a gateway attachment for VPC-01 in Frankfurt and another gateway attachment for VPC-02 in Sydney:

This screenshot is from Frankfurt
This screenshot is from Sydney

I will wait until the state of the transit gateway attachment is Available:

I will create a route table for each transit gateway:

This screenshot is from Frankfurt
This screenshot is from Sydney

Waiting until they are available:

This screenshot is from Frankfurt
This screenshot is from Sydney

For each route table, I will create an association for peering

This screenshot is from Frankfurt
This screenshot is from Frankfurt
This screenshot is from Sydney

I will also create an association for each route table:

This screenshot is from Frankfurt
This screenshot is from Sydney

Waiting until they are associated:

This screenshot is from Frankfurt
This screenshot is from Sydney

I will create static routes for each transit gateway:

This screenshot is from Frankfurt

I’d like to remind you that we have the 10.0.0.0/24 IP range in Frankfurt. It should be forwarded to VPC-01 itself.

This screenshot is from Frankfurt

I’d like to remind you that we have the 192.168.0.0/24 IP range in Sydney. It should be forwareded to VPC-02 itself.

This screenshot is from Sydney

In Frankfurt, I will forward the 192.168.0.0/24 IP Range to the peering attachment gateway. So the requests sent to 192.168.0.0/24 will be forwarded to Sydney:

This screenshot is from Frankfurt

In Sydney, I will forward the 10.0.0.0/24 IP Range to the peering attachment gateway. So the requests sent to 10.0.0.0/24 will be forwarded to Frankfurt:

This screenshot is from Sydney

Is that all? Nope

In Frankfurt, I will create a routing rule in the VPC’s own route table. The VPC is attached to the EC2 server. The requests sent to 192.168.0.0/24 will be forwarded to the transit gateway, which will forward the requests to Sydney.

This screenshot is from Frankfurt

In Sydney, I will create a routing rule in the VPC’s own route table. The VPC is attached to the EC2 server. The requests sent to 10.0.0.0/24 will be forwarded to the transit gateway, which will forward the requests to Frankfurt.

This screenshot is from Sydney

Let’s try to ping each other over private IP addresses:

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store