How to Enable Peering Between Multiple (Inter-Region) VPCs via Transit Gateway?

Enabling peering between multiple VPCs can be challenging in AWS. If they are in different regions it can be much more challenging.

I will walk you through the process of enabling peering between multiple VPCs.

Photo by Truman Adrian Lobato De Faria on Unsplash

I have 2 VPCs. One is in Frankfurt (eu-central-1), another one is in Sydney (ap-southeast-2).

Let me share my VPC configurations:

This screenshot is from Frankfurt
This screenshot is from Sydney

The subnet configurations:

This screenshot is from Frankfurt
This screenshot is from Sydney

I attached an internet gateway to each VPC.

0.0.0.0/24 is redirected to the internet gateway.

I created two different EC2 servers. One of them is in Frankfurt, and the other one is in Sydney.

I tried to ping 8.8.8.8. It works.

I tried to ping each other through their private IP addresses, and they can’t ping each other through the private IP addresses as expected:

The basic VPC configurations are set.

Let’s get started

Open the VPC Management Console. Find the Transit Gateways on the sidebar:

I will create the transit gateways (Transit Gateways>Create Transit Gateway):

This screenshot is from Frankfurt
This screenshot is from Sydney

I will wait until the state of the transit gateway is Available:

This screenshot is from Frankfurt
This screenshot is from Sydney

I will create a transit gateway attachment in Frankfurt and another one in Sydney.

Thus, I will enable communication between these transit gateways:

This screenshot is from Frankfurt

I will wait until the state of the transit gateway is Pending Acceptance:

This screenshot is from Frankfurt

Now, I will go to the Sydney region, and I will accept the peering request in the Transit gateway attachments page:

This screenshot is from Sydney

(Actions -> Accept transit gateway attachment -> Accept)

I will wait until the state of the transit gateway is Available:

This screenshot is from Frankfurt

I will create a gateway attachment for VPC-01 in Frankfurt and another gateway attachment for VPC-02 in Sydney:

This screenshot is from Frankfurt
This screenshot is from Sydney

I will wait until the state of the transit gateway attachment is Available:

I will create a route table for each transit gateway:

This screenshot is from Frankfurt
This screenshot is from Sydney

Waiting until they are available:

This screenshot is from Frankfurt
This screenshot is from Sydney

I will create an association for peering for each route table:

This screenshot is from Frankfurt
This screenshot is from Frankfurt
This screenshot is from Sydney

I will also create an association for VPC for each route table:

This screenshot is from Frankfurt
This screenshot is from Sydney

Waiting until they are associated:

This screenshot is from Frankfurt
This screenshot is from Sydney

I will create static routes for each transit gateway:

This screenshot is from Frankfurt

I’d like to remind you that we have the 10.0.0.0/24 IP range in Frankfurt. It should be redirected to VPC-01 itself.

This screenshot is from Frankfurt

I’d like to remind you that we have the 192.168.0.0/24 IP range in Sydney. It should be redirected to VPC-02 itself.

This screenshot is from Sydney

In Frankfurt, I will redirect the 192.168.0.0/24 IP Range to the peering attachment gateway. Thus, the requests that are being sent to 192.168.0.0/24 will be redirected to Sydney:

This screenshot is from Frankfurt

In Sydney, I will redirect the 10.0.0.0/24 IP Range to the peering attachment gateway. Thus, the requests that are being sent to 10.0.0.0/24 will be redirected to Frankfurt:

This screenshot is from Sydney

Is that all? Nope

In Frankfurt, I will create a routing rule in the route table of the VPC itself. The VPC has been attached to the EC2 server. The requests that are being sent to 192.168.0.0/24 will be forwarded to the transit gateway, which will redirect the requests to Sydney.

This screenshot is from Frankfurt

In Sydney, I will create a routing rule in the route table of the VPC itself. The VPC has been attached to the EC2 server. The requests that are being sent to 10.0.0.0/24 will be forwarded to the transit gateway, which will redirect the requests to Frankfurt.

This screenshot is from Sydney

Let’s try to ping each other through the private IP addresses: