Create a static route using Amazon VPC Transit Gateways

Create a static route for a VPC, VPN, or transit gateway peering attachment, or you can create a blackhole route that drops traffic that matches the route.

Static routes in a transit gateway route table that target a VPN attachment are not filtered by the Site-to-Site VPN. This might allow unintended outbound traffic flow when using a BGP-based VPN.

To create a static route using the console

Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
On the navigation pane, choose Transit Gateway Route Tables.
Select the route table for which to create a route.
Choose Actions, Create static route.
On the Create static route page, enter the CIDR block for which to create the route, and then choose Active.
Choose the attachment for the route.
Choose Create static route.

To create a blackhole route using the console

Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
On the navigation pane, choose Transit Gateway Route Tables.
Select the route table for which to create a route.
Choose Actions, Create static route.
On the Create static route page, enter the CIDR block for which to create the route, and then choose Blackhole.
Choose Create static route.

To create a static route or blackhole route using the AWS CLI

Use the create-transit-gateway-route command.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Disable route propagation

Delete a static route