Amazon Virtual Private Cloud
Transit Gateways

Transit Gateway Example: Centralized Router

You can configure your transit gateway as a centralized router that connects all of your VPCs, AWS Direct Connect, and AWS Site-to-Site VPN connections. In this scenario, all attachments are associated with the transit gateway default route table and propagate to the transit gateway default route table. Therefore, all attachments can route packets to each other, with the transit gateway serving as a simple layer 3 IP router.



The following diagram shows the key components of the configuration for this scenario. In this scenario, there are three VPC attachments and one Site-to-Site VPN attachment to the transit gateway. Packets from the subnets in VPC, A, VPC B, and VPC C that have the internet as a destination, route first through the transit gateway and then route to the VPN. Packets from one VPC that have a destination of a subnet in another VPC, for example from to, route through the transit gateway.

In this scenario, you create the following entities for this scenario::

When you create the VPC attachments, the CIDRs for each VPC propagate to the transit gateway route table. When the VPN is up, the BGP session is established and the Site-to-Site VPN CIDR propagates to the transit gateway route table and the VPC CIDRs are added to the gateway BGP table.


Each VPC has a route table and there is a route table for the transit gateway.

VPC Route Tables

Each VPC has a route table with 2 entries. The first entry is the default entry for local IPv4 routing in the VPC; this entry enables the instances in this VPC to communicate with each other. The second entry routes all other IPv4 subnet traffic to the transit gateway. The following table shows the VPC A routes.

Destination Target



Transit Gateway Route Table

The following is an example of a default route table for the attachments shown in the previous diagram, with route propagation enabled.

Destination Target Route type

Attachment for VPC A


Attachment for VPC B


Attachment for VPC C


Attachment for VPN connection


Customer Gateway BGP Table

The customer gateway BGP table contains the following VPC IP Addresses.




On this page: