Connecting your CMA with Transit Gateway - AMS Advanced Onboarding Guide

Connecting your CMA with Transit Gateway

AMS does not manage the network setup of customer-managed accounts (CMAs). You have the option of managing your own network using AWS APIs (see Networking Solutions) or connecting to the Multi-Account Landing Zone network managed by AMS, using the existing Transit Gateway (TGW) deployed in AMS Multi-Account Landing Zone.

Note

You can only have a VPC attached to the TGW if the CMA is in the same AWS Region. For more information see Transit gateways.

To add your CMA to Transit Gateway, request a new route (use Management | 0ther | Other | Create ct-1e1xtak34nx76) and include this information:

  • CMA account number

  • Transit Gateway ID

  • TGW attachment ID from CMA account (for example, tgw-attach-04eb40d1e14ec7272

  • CMA route table ID (for example, rtb-0ff4d759eb28b2a05

Create routes in the TGW route tables to connect to this VPC:

  1. By default this VPC will not be able to communicate with any of the other VPCs in your Multi-Account Landing Zone network.

  2. Decide with your solutions architect what VPCs you want this customer-managed VPC to communicate with. Submit a Management | Other | Other | Update RFC against the networking account to create the TGW routes you need. Include the CMA Account Number, Transit Gateway ID, TWG Attachment ID from the CMA account (e.g. tgw-attach-12345678901234567), and the CMA Route Table ID (e.g. rtb-12345678901234567).

Connecting a new customer-managed VPC to the AMS Multi-Account Landing Zone network (creating a TGW VPC attachment):

  1. In your Multi-Account Landing Zone Networking account, open the Amazon VPC console.

  2. On the navigation pane, choose Transit Gateways. Record the TGW ID of the transit gateway you see.

  3. Open the Amazon VPC console.

  4. In the navigation pane, choose Transit Gateway Attachments > Create Transit Gateway Attachment. Make these choices:

    1. For the Transit Gateway ID, choose the transit gateway ID you recorded in Step 2.

    2. For Attachment type, choose VPC.

    3. Under VPC Attachment, optionally type a name for Attachment name tag.

    4. Choose whether to enable DNS Support and IPv6 Support.

    5. For VPC ID, choose the VPC to attach to the transit gateway. This VPC must have at least one subnet associated with it.

    6. For Subnet IDs, select one subnet for each Availability Zone to be used by the transit gateway to route traffic. You must select at least one subnet. You can select only one subnet per Availability Zone.

  5. Choose Create attachment. Record the ID of the newly created TGW Attachment.

 

Associating the TGW attachment to a route table:

Decide which TGW route table you want to associate the VPC with. We recommend creating a new application route table for customer-managed VPCs. Submit a Management | Other | Other | Update RFC on the networking account to associate the VPC/TGW Attachment to the route table you select.

 

Create routes in the TGW route tables to connect to this VPC:

  1. By default this VPC will not be able to communicate with any of the other VPCs in your Multi-Account Landing Zone network.

  2. Decide with your solutions architect what VPCs you want this customer-managed VPC to communicate with. Submit a Management | Other | Other | Update RFC against the networking account to create the TGW routes you need.

 

Configuring your VPC Route tables to point at the AMS Multi-Account Landing Zone transit gateway:

Decide with your solutions architect what traffic you want to send to the AMS Multi-Account Landing Zone transit gateway. Submit a Management | Other | Other | Update RFC against the networking account to create the TGW routes you need.