Attach an AWS Transit Gateway to an SDDC Group to enable SDDC Group members to facilitate network connections between SDDCs in the group and AWS services that run in any VPC in any region.
Attaching an AWS Transit Gateway (TGW) to an SDDC group is a multi-step process that requires you to use both the VMware Cloud Console and the AWS console. You use the VMware Cloud Console to request access to an existing TGW, then you use the AWS console to attach it to the SDDC Group's VTGW. Unlike a VTGW, which is an AWS resource managed by VMware, a TGW is a pure AWS resource that you can consume and manage on your own. See Getting started with transit gateways in the AWS documentation.
Procedure
- On the Inventory page of the VMware Cloud Console, click SDDC Groups, then click the Name of the group to which you want to attach the AWS TGW.
- On the External TGW tab for the group, click ADD TGW and provide the required parameter and value information.
Parameter |
Value |
AWS account ID |
The AWS account that owns the TGW. |
TGW ID |
The AWS ID of the TGW. You can use an existing TGW owned by the specified AWS account or create a new one in that account. |
TGW Location |
The AWS region where the TGW resides. |
VMC on AWS Region |
The AWS region where the SDDC group resides. |
Routes |
AWS resource destination prefixes reachable via this peering connection |
Click
ADD to add the TGW as a peer to the group's
VTGW. When
Status column changes to
PENDING_ACCEPTANCE, proceed to
Step 3
- Log in to the AWS console with administrator credentials for the AWS Account ID you specified in Step 2.
In the AWS console navigate to
Transit Gateway Attachments, select the TGW whose TGW ID matches the one you specified in
Step 2 and click
Accept Transit Gateway Attachment.
- In the VMware Cloud Console, return to the External TGW tab for the group and verify that the TGW State has changed to ASSOCIATED.
- (Optional) Associate an AWS route table with the attached TGW.
Peering sessions for the new TGW require the TGW attachment to be associated with an AWS a route table. In some environments, a route table won't be associated with the attachment by default, so you'll need use the AWS console and associate a routing table with the attachment. See "Add routes between the transit gateway and your VPCs" in
Getting started with transit gateways.
- Create CGW firewall rules to enable workload traffic through the TGW.
- Configure additional source and destination routes in the SDDC or AWS routing tables.
To create or modify routing from the group's VTGW to the external TGW, open the External TGW tab. Select the AWS Account ID that owns the TGW and expand the row. If no routes have been specified, the Routes column shows the first route and the number of additional routes. Click the pencil icon () to open the Edit Routes page so you can edit this list, or click ADD ROUTES in the Routes column to open the Edit Routes page. Add CIDR prefixes specifying routes to native AWS subnets via the external TGW. Each prefix defines a route from the group's VTGW to the external TGW listed in the TGW Peering Attachment ID column. Each prefix also appears as a Target on the group's Routing tab. You can specify up to 100 routes to each attached TGW.
As an alternative to manually editing the routes, consider creating a managed prefix list and adding it to the main route table associated with the TGW. See Use a Shared Prefix List to Simplify Routing For External VPC and TGW Objects.