Add a VPC attachment
You can add a VPC attachment using either the Network Manager console or using the AWS CLI. Once you add a Connect attachment to your core network you can create a Connect peer. For more information about adding VPC attachments in Cloud WAN, see VPC attachments.
Note
When you attach a VPC to a core network edge in Cloud WAN you must specify one subnet from each Availability Zone to be used by the core network edge to route traffic. Specifying one subnet from an Availability Zone enables traffic to reach resources in every subnet in that Availability Zone. For more information about limits to core network VPC attachments, see Transit Gateway attachment to a VPC in the Transit Gateway User Guide.
Topics
Add a VPC attachment using the console
The following steps add a VPC attachment using the console.
To add a VPC attachment
Access the Network Manager console at https://console.aws.amazon.com/networkmanager/home/
. -
Under Connectivity, choose Global Networks.
-
On the Global networks page, choose the global network link for the core network you want to add an attachment to.
-
In the navigation pane under he name of the global network, choose Attachments.
-
Choose Create attachment.
-
Enter a Name identifying the attachment.
-
From the Edge location dropdown list, choose the location where the attachment is located.
-
Choose VPC.
-
In the VPC attachment section, choose Appliance mode support appliance mode is supported.
-
Choose IPv6 support if the attachment supports IPv6.
-
From the VPC IP dropdown list, choose the VPC ID to attach to the core network.
-
After choosing the VPC ID, you're prompted to choose the Availability Zone and Subnet Id in which to create the core network VPC attachment. The Availability Zones that are listed are those edge locations that you chose when you created your core network. You must choose at least one Availability Zone and subnet ID.
-
(Optional) In the Tags section, add Key and Value pairs to further help identify this resource. You can add multiple tags by choosing Add tag, or remove any tag by choosing Remove tag.
-
Choose Create attachment.
Add a VPC attachment using the command line or API
Use the command line or API to create an AWS Cloud WAN VPC attachment
To create a VPC attachment using the command line or API
-
Use
create-vpc-attachment. See create-vpc-attachment.
To enable appliance mode, add --options ApplianceModeSupport=true to the command.
Shared subnets
A VPC owner can create VPC attachments in a shared VPC subnet. Participants cannot. The Cloud WAN or core network owner must first share their core network with the VPC owner via AWS RAM for the VPC owner to be able to create VPC attachments.
For more information, see Share your VPC with other accounts in the Amazon VPC User Guide.
Troubleshoot VPC attachment creation
The following information might help you troubleshoot an issue where a VPC attachment shows a
Failed state upon creation.
Problem
A VPC attachment shows a Failed state after creating the attachment.
Cause
One or more of the following issues might be the cause for the failed attachment.
-
One or both of the following required services-linked roles don't exist in your account:
-
AWSServiceRoleForVPCTransitGateway
-
AWSServiceRoleForNetworkManager
-
VPC or subnet IDs might not be valid or are not available.
Solution
Depending on the cause, try the following:
-
Add the missing service-linked roles:
-
If the AWSServiceRoleForVPCTransitGateway service-linked role doesn't exist in your account, run the following to create it:
aws iam create-service-linked-role --aws-service-name transitgateway.amazonaws.com -
If the AWSServiceRoleForNetworkManager service-linked role doesn't exist in your account, run the following to create it:
aws iam create-service-linked-role --aws-service-name networkmanager.aws.internal
For more information about these service-linked roles, see AWS Cloud WAN service-linked roles.
-
-
Verify that any VPC or subnet IDs used for the attachment are valid and are available.
