Step 4. Connect an Additional AWS Account (Optional) - Transit Network VPC (Cisco CSR)

Step 4. Connect an Additional AWS Account (Optional)

As explained in the AWS CloudFormation Templates section, the transit-vpc-second-account template is used to launch the VGW Poller Lambda function in an additional AWS account, so that it can search for and add VPCs from that account to the transit network.

During the initial launch of the transit VPC in the primary account (Step 2), if you specified an additional AWS account to participate in the transit network, the solution will automatically configure permissions to the Amazon S3 bucket and AWS KMS customer master key. You then launch the template in that account and tag its spoke VPCs accordingly.


If you want to connect more than one additional account to the network, or if you did not enter an AWS account ID when you initially launched the stack, you will need to manually configure permissions for the Amazon S3 bucket and the AWS KMS customer master key. See Appendix C for detailed instructions.

  1. Log in to the AWS Management Console of the applicable account, and click the button below to launch the transit-vpc-second-account AWS CloudFormation template.

                                Launch button for the VGW Poller

    You can also download the template as a starting point for your own implementation.

  2. The template is launched in the US East (N. Virginia) Region by default. To launch the VGW Poller in a different AWS Region, use the region selector in the console navigation bar.

  3. On the Select Template page, keep the default settings for Stack and Template Source.

  4. On the Specify Details page, name the stack.

  5. Under Parameters, review the parameters for the template and modify them as necessary. They include the following default values.

    Parameter Default Description
    BucketName transit-vpc<xyz> Use the exact bucket name that was an output from the Transit VPC template you deployed in Step 2. All transit VPC configuration files are stored in the same S3 bucket.
    BucketPrefix vpnconfigs/ Use the exact string you entered for the Prefix for S3 Objects value when you launched the transit-vpc-primary-account template (Step 2).
  6. Choose Next.

  7. On the Options page, you can specify tags (key-value pairs) for resources in your stack and set additional options, and then choose Next.

  8. On the Review page, review and confirm the settings. Be sure to check the box acknowledging that the template will create IAM resources.

  9. Choose Create to deploy the stack.

    You can view the status of the stack in the AWS CloudFormation console in the Status column. You should see a status of CREATE_COMPLETE in roughly five (5) minutes.

  10. To see details for the stack resources, choose the Outputs tab. The following tables describes each of these outputs in more detail.

    Key Description
    PollerFunction The name of the Lambda poller function
    PollerFunctionARN The ARN for the new Lambda poller function
  11. The VGW Poller Lambda function is now running in this additional AWS account, and you can apply tags to the VGWs that you wish to add to the transit network (see Step 3. Tag the Spoke VPCs).