← Back to Labs
Advanced01:15:00

Peer VPC with Transit Gateway and its components

Task 1Task 2Task 3Task 4Task 5Task 6Task 7Task 8Task 9Task 10Task 11Task 12Task 13Task 14Task 15Task 16Task 17
Task 1

Task 1: Sign in to AWS Management Console

↑ Top
  1. Click on the Open Console button, and you will get redirected to AWS Console in a new browser tab.
  2. On the AWS sign-in page, Leave the Account ID as default. Never edit/remove the 12-digit Account ID present in the AWS Console. Otherwise, you cannot proceed with the lab. Now copy your User Name and Password in the Lab Console to the IAM Username and Password in AWS Console and click on the Sign in button.
  3. On the AWS sign-in page,
  4. Leave the Account ID as default. Never edit/remove the 12-digit Account ID present in the AWS Console. Otherwise, you cannot proceed with the lab.
  5. Now copy your User Name and Password in the Lab Console to the IAM Username and Password in AWS Console and click on the Sign in button.
  6. Once Signed In to the AWS Management Console, make the default AWS Region as US East (N. Virginia) us-east-1.
Task 2

Task 2: Create the first VPC

↑ Top
  1. In this task, we are going to create the first VPC (Virtual Private Cloud) in the specified AWS region. This VPC will serve as one of the VPCs that will be peered using the Transit Gateway.
  2. Make sure you are in the N.Virginia Region.
  3. Navigate to VPC by clicking on the Services menu in the top, then click on VPC in the Networking & Content Delivery section.
  4. Navigate to Your VPCs on the left panel and click on the Create VPC button. Select VPC only Name tag : Enter First_VPC IPv4 CIDR block : Enter 10.0.0.0/24
  5. Navigate to Your VPCs on the left panel and click on the Create VPC button.
  6. Select VPC only
  7. Name tag : Enter First_VPC
  8. IPv4 CIDR block : Enter 10.0.0.0/24
  9. Task 2: Create the first VPC
  10. Leave everything else as default and click on the Create VPC button.
  11. You have successfully created the VPC. Note the VPC ID for later use.
  12. Task 2: Create the first VPC
  13. Now select the First_VPC from the list and click on the Actions dropdown and select Edit VPC Settings
  14. Check the Enable DNS resolution and Enable DNS hostnames checkbox under DNS settings, and then click on the Save button.
  15. Task 2: Create the first VPC
Task 3

Task 3: Create a Public subnet in First VPC

↑ Top
  1. In this task, we are going to create a public subnet within the first VPC. The public subnet will be used for launching an EC2 instance that will be accessible over the internet.
  2. Navigate to Subnet from the left side menu and click on Create subnet button. VPC ID : Select the First_VPC VPC from the list. Subnet name : Enter Public_subnet_first_VPC Availability Zone : Leave as No Preference IPv4 CIDR block : Enter 10.0.0.0/25
  3. Navigate to Subnet from the left side menu and click on Create subnet button.
  4. VPC ID : Select the First_VPC VPC from the list.
  5. Subnet name : Enter Public_subnet_first_VPC
  6. Availability Zone : Leave as No Preference
  7. IPv4 CIDR block : Enter 10.0.0.0/25
  8. Now click on the Create subnet button.
Task 4

Task 4: Create and attach an Internet Gateway

↑ Top
  1. In this task, we are going to create an internet gateway and attach it to the first VPC. The internet gateway allows the EC2 instance in the public subnet to communicate with the internet.
  2. Navigate to the Internet gateways from the left side menu and click on the Create Internet gateway button. Name tag : Enter IGW
  3. Navigate to the Internet gateways from the left side menu and click on the Create Internet gateway button.
  4. Name tag : Enter IGW
  5. Click on the Create Internet gateway button
  6. Now click on the Actions dropdown and select Attach to VPC. Available VPCs : select First_VPC from the list.
  7. Now click on the Actions dropdown and select Attach to VPC.
  8. Available VPCs : select First_VPC from the list.
  9. Now click on the Attach Internet gateway.
  10. Task 4: Create and attach an Internet Gateway
Task 5

Task 5: Create a Public Route Table and associate it with the subnet

↑ Top
  1. In this task, we are going to create a public route table and associate it with the public subnet. The route table controls the traffic between the subnet and the internet gateway.
  2. Navigate to Route tables on the left side panel and click on the Create route table. Name : Enter PublicRT VPC* : Select the First_VPC from the list.
  3. Navigate to Route tables on the left side panel and click on the Create route table.
  4. Name : Enter PublicRT
  5. VPC* : Select the First_VPC from the list.
  6. Now click on the Create route table.
  7. Switch to the Subnet associations tab in below.
  8. Click on the Edit subnet associations.
  9. Now select the subnet with name Public_subnet_first_VPC and click on the Save associations button.
  10. Task 5: Create a Public Route Table and associate it with the subnet
Task 6

Task 6: Add public Route in the Route table

↑ Top
  1. In this task, we are going to add a public route in the route table to allow traffic from the public subnet to the internet. This enables the EC2 instance in the public subnet to communicate with resources outside the VPC.
  2. Navigate to Route tables on the left side panel and select the PublicRT from the list.
  3. Switch to the Routes tab in below and click on the Edit routes.
  4. Now click on the Add route Destination : Enter 0.0.0.0/0 Target : select Internet Gateway and then select the Internet Gateway id present.
  5. Now click on the Add route
  6. Destination : Enter 0.0.0.0/0
  7. Target : select Internet Gateway and then select the Internet Gateway id present.
  8. Click on the Save changes.
  9. Task 6: Add public Route in the Route table
Task 7

Task 7: Launch an EC2 instance in the First VPC

↑ Top
  1. In this task, we are going to launch an EC2 instance in the first VPC's public subnet. This EC2 instance will be used to test the connectivity between the VPCs after peering them using the Transit Gateway.
  2. Make sure you are in the N. Virginia(us-east-1) Region.
  3. Navigate to EC2 by clicking on the Services menu in the top left, then click on EC2 in the Compute section.
  4. Navigate to Instances from the left side menu and click on Launch Instances button.
  5. Task 7: Launch an EC2 instance in the First VPC
  6. Under the Name and tags section : Name : First_VPCs_EC2
  7. Under the Name and tags section :
  8. Name : First_VPCs_EC2
  9. Under the Application and OS Images (Amazon Machine Image) section :
  10. Select Quick Start tab and Amazon Linux 2023 kernel-6.1 AMI under it
  11. Under the Instance Type section :
  12. Instance Type : Select t2.micro
  13. Under the Key Pair (login) section :
  14. Click on Create new key pair hyperlink
  15. Key pair name: ec2_ssh_key
  16. Key pair type: RSA
  17. Private key file format: .pem
  18. Click on Create key pair and select the created key pair
  19. Under the Network Settings section :
  20. Click on Edit button
  21. VPC : Select First_VPC
  22. Subnet : leave as default
  23. Auto-assign public IP: select Enable
  24. Firewall (security groups) : Select Create a new security group
  25. Security group name : Enter Public_EC2_SG
  26. Description : Enter Security group for public EC2
  27. To add SSH: Choose Type: SSH Source: Anywhere (From ALL IP addresses accessible).
  28. To add SSH:
  29. Choose Type: SSH
  30. Source: Anywhere (From ALL IP addresses accessible).
  31. For HTTP, click on Add security group rule, Choose Type: HTTP Source: Anywhere (From ALL IP addresses accessible).
  32. For HTTP, click on Add security group rule,
  33. Choose Type: HTTP
  34. Source: Anywhere (From ALL IP addresses accessible).
  35. For HTTPS, click on Add security group rule, Choose Type: HTTPS Source: Anywhere (From ALL IP addresses accessible).
  36. For HTTPS, click on Add security group rule,
  37. Choose Type: HTTPS
  38. Source: Anywhere (From ALL IP addresses accessible).
  39. Under the Advanced details section : Under the IAM instance profile: Select task232_profile_... role. Under the User data: copy and paste the following script to create an HTML page served by an Apache httpd web server. Make sure you remove the extra space after pasting the comment.
  40. Under the Advanced details section :
  41. Under the IAM instance profile: Select task232_profile_... role.
  42. Under the User data: copy and paste the following script to create an HTML page served by an Apache httpd web server. Make sure you remove the extra space after pasting the comment.
  43. Keep everything else as default and click on the Launch instance button.
  44. Launch Status: Your instance is now launching, Navigate to Instances page from the left menu and wait until the status of the EC2 Instance changes to running.
  45. Task 7: Launch an EC2 instance in the First VPC
  46. Note down the sample IPv4 Public IP Address of the EC2 instance. A sample is shown in the screenshot below.
  47. Task 7: Launch an EC2 instance in the First VPC
  48. If you paste the IPv4 Public IP in your browser and hit [enter]. You will be able to the below webpage.
  49. Task 7: Launch an EC2 instance in the First VPC
Task 8

Task 8: Create a Second VPC

↑ Top
  1. In this task, we are going to create the second VPC, which will be the other VPC that is peered with the first VPC using the Transit Gateway.
  2. Navigate to VPC by clicking on the Services menu at the top, then click on VPC in the Networking & Content Delivery section.
  3. Navigate to Your VPCs on the left panel and click on the Create VPC button. Select VPC only Name tag : Enter Second_VPC IPv4 CIDR block : Enter 20.0.0.0/24
  4. Navigate to Your VPCs on the left panel and click on the Create VPC button.
  5. Select VPC only
  6. Name tag : Enter Second_VPC
  7. IPv4 CIDR block : Enter 20.0.0.0/24
  8. Task 8: Create a Second VPC
  9. Leave everything else as default and click on the Create VPC button.
  10. You have successfully created the VPC. Note the VPC ID for later use.
  11. Task 8: Create a Second VPC
  12. Now select the Second_VPC from the list and click on the Actions and select Edit VPC settings
  13. Check the Enable DNS resolution and Enable DNS hostnames checkbox under DNS settings and then click on the Save button
Task 9

Task 9: Create a Private subnet in Second VPC

↑ Top
  1. In this task, we are going to create a private subnet within the second VPC. The private subnet will be used for launching an EC2 instance that will not have direct internet connectivity.
  2. Navigate to Subnets from the left side menu and click on Create Subnet button.
  3. VPC ID : Select the Second_VPC VPC from the list.
  4. Subnet name : Enter Private_subnet_second_VPC
  5. Availability Zone : Leave as No Preference
  6. IPv4 CIDR block : Enter 20.0.0.0/25
  7. Now click on the Create subnet button
Task 10

Task 10: Launch an EC2 instance in Second VPC

↑ Top
  1. In this task, we are going to launch an EC2 instance in the second VPC's private subnet. This EC2 instance will be used to test the connectivity between the VPCs after peering them using the Transit Gateway.
  2. Now again click on Launch Instances button.
  3. Under the Name and tags section :
  4. Name : Second_VPCs_EC2
  5. Under the Application and OS Images (Amazon Machine Image) section :
  6. Select Quick Start tab and Amazon Linux 2023 kernel-6.1 AMI under it
  7. Under the Instance Type section : Instance Type : Select t2.micro
  8. Under the Instance Type section :
  9. Instance Type : Select t2.micro
  10. Under the Key Pair (login) section :
  11. Select ec2_ssh_key from the list.
  12. Under the Network Settings section :
  13. Click on Edit button
  14. VPC : Select Second_VPC
  15. Subnet : leave as default
  16. Auto-assign public IP: select Disable
  17. Firewall (security groups) : Select Create a new security group
  18. Security group name : Enter Private_EC2_SG
  19. Description : Enter Security group for private EC2
  20. To add SSH: Choose Type: SSH Source: Anywhere (From ALL IP addresses accessible).
  21. To add SSH:
  22. Choose Type: SSH
  23. Source: Anywhere (From ALL IP addresses accessible).
  24. Keep everything else as default and then click on the Launch Instance button.
  25. Your instances are now launching. Navigate to the EC2 instance page and wait until the status changes to the Running. It will usually take 1-2 minutes.
  26. Task 10: Launch an EC2 instance in Second VPC
  27. Since this EC2 is created in a private subnet, the machine will only have Private IP so, note down the sample IPv4 Private IP Address of the EC2 instance. A sample is shown in the screenshot below.
  28. Task 10: Launch an EC2 instance in Second VPC
Task 11

Task 11: Create a Transit gateway

↑ Top
  1. In this task, we are going to create a Transit Gateway, which acts as a central hub for connecting multiple VPCs and on-premises networks. The Transit Gateway simplifies the network architecture and facilitates the peering between VPCs.
  2. Navigate to VPC by clicking on the Services menu at the top, then click on VPC in the Networking & Content Delivery section.
  3. Click on the Transit Gateways present under Transit Gateways section on the left sidebar.
  4. Click on the Create Transit gateway button to create a Transit gateway.
  5. Task 11: Create a Transit gateway
  6. Name tag: Enter DemoTG
  7. Description: Enter TG for peering two VPCs
  8. Keep all the options as default and click on Create transit gateway button.
  9. Currently, the status of the Transit gateway is in a pending state. It takes up to 5 minutes for it to become available.
  10. Task 11: Create a Transit gateway
Task 12

Task 12: Create two Transit gateway attachment for the VPCs created

↑ Top
  1. In this task, we are going to create two Transit Gateway attachments, one for each of the VPCs created. These attachments establish the peering between the VPCs and the Transit Gateway.
  2. Navigate to the Transit gateways attachments present under Transit Gateways section on the left side bar.
  3. Click on the Create transit gateway attachment button Name tag : First_VPC_TGA Transit Gateway ID: Select transit gateway present with Name tag DemoTG. Attachment type: Select VPC DNS support: Checked (default) IPv6 support: Unchecked VPC ID: Select VPC with the Name First_VPC Subnet IDs: Default
  4. Click on the Create transit gateway attachment button
  5. Name tag : First_VPC_TGA
  6. Transit Gateway ID: Select transit gateway present with Name tag DemoTG.
  7. Attachment type: Select VPC
  8. DNS support: Checked (default)
  9. IPv6 support: Unchecked
  10. VPC ID: Select VPC with the Name First_VPC
  11. Subnet IDs: Default
  12. Click on the Create transit gateway attachment.
  13. Creation will be in-progress for the Transit gateway attachment.
  14. It takes upto 5 minutes for it to come in available state.
  15. To create the Transit gateway attachment for the second VPC, Click on the Create transit gateway attachment Name tag: Second_VPCs_TGA Transit Gateway ID: Select transit gateway present with Name tag DemoTG. Attachment type: Select VPC DNS support: Checked (default) IPv6 support: Unchecked VPC ID: Select VPC with the Name Second_VPC Subnet IDs: Default
  16. To create the Transit gateway attachment for the second VPC, Click on the Create transit gateway attachment
  17. Name tag: Second_VPCs_TGA
  18. Transit Gateway ID: Select transit gateway present with Name tag DemoTG.
  19. Attachment type: Select VPC
  20. DNS support: Checked (default)
  21. IPv6 support: Unchecked
  22. VPC ID: Select VPC with the Name Second_VPC
  23. Subnet IDs: Default
  24. Creation will be in-progress for the Transit gateway attachment.
  25. Once created both the Transit gateway attachment will be present.
  26. Task 12: Create two Transit gateway attachment for the VPCs created
Task 13

Task 13: Add the routes in the First VPC’s route table

↑ Top
  1. In this task, we are going to add a route in the first VPC's route table that directs traffic destined for the second VPC's CIDR range to the Transit Gateway. This enables communication between the VPCs through the Transit Gateway.
  2. Navigate to Route tables on the left side panel.
  3. There will be 4 route tables present, and to avoid confusion put the entry in the correct route table. Let's filter the route table present using the VPC filter.
  4. For the First VPC you created, you also have created a Route table with the name PublicRT which has a subnet association. Here the PublicRT route table is also called a custom or non-default route table.
  5. Click on the Route table ID to see the routes present.
  6. Click on the Routes tab below and click on the Edit routes.
  7. For this Route table, there are two entries present, First the local entry i.e. CIDR block of the First VPC, the second entry is about the route to the internet with Destination as 0.0.0.0/0 having target as the Internet gateway.
  8. Let’s add the third route which has destination as 20.0.0.0/24 i.e. CIDR range of second VPC and Target as Transit gateway.
  9. To add the third route, Click on the Add route. Destination: Enter 20.0.0.0/24 Target: Enter Transit Gateway
  10. To add the third route, Click on the Add route.
  11. Destination: Enter 20.0.0.0/24
  12. Target: Enter Transit Gateway
  13. Click on the Save changes button.
  14. Make sure Routes have Destination as 20.0.0.0/24
  15. Note: Sometimes it does not show the destination as 20.0.0.0/24, in that case, please add the following from Step 6 of this task.
Task 14

Task 14: Add the routes in the Second VPC’s route table

↑ Top
  1. In this task, we are going to add a route in the second VPC's route table that directs traffic destined for the first VPC's CIDR range to the Transit Gateway. This allows communication between the VPCs through the Transit Gateway.
  2. Navigate to Route tables on the left side panel.
  3. Filter the VPC’s by using the ID of the second VPC.
  4. In the second VPC, we have not created any extra route table, so there will be only one route table present which was created during the creation of VPC itself and it’s called a default route table or main route table.
  5. Let's filter the route table present using the VPC filter.
  6. To get the filter using the VPC option, simply click on the search bar and it will show the different options for the filter. Select VPC from that list and choose the ID of Second VPC.
  7. Click on the Route table ID to see the routes present.
  8. Click on the Routes tab in below and click on the Edit routes.
  9. There will be only one entry to local, as we have not created an internet gateway because this is a private route table.
  10. Task 14: Add the routes in the Second VPC’s route table
  11. Let’s add the entry to 10.0.0.0/24 i.e. CIDR of the first VPC as a destination and Transit gateway as a target.
  12. To get the Transit gateway ID, click on the search button and select Transit Gateway from the list of options present.
  13. Click on the Save changes button.
  14. Make sure Routes have Destination as 10.0.0.0/24
  15. Note: Sometimes it does not show the destination as 10.0.0.0/24, in that case, please add the following from Step 5 of this task.
Task 15

Task 15: Test the connectivity between two VPCs

↑ Top
  1. In this task, we are going to test the connectivity between the EC2 instances in both VPCs. This step confirms that the VPCs have been successfully peered using the Transit Gateway, and the EC2 instances can communicate with each other.
  2. You have copied the IPv4 Public IP of the EC2 instance created in the First VPC.
  3. Please follow the steps for the Session Manager to connect to First_VPCs_EC2Select First_VPCs_EC2 and click on the Connect button.Go to SSM Session Manager and click Connect
  4. Please follow the steps for the Session Manager to connect to First_VPCs_EC2
  5. Select First_VPCs_EC2 and click on the Connect button.
  6. Go to SSM Session Manager and click Connect
  7. Once you have successfully connected in to EC2, run the following commands :
  8. Switch to root user :sudo su
  9. Switch to root user :
  10. Update server repository :sudo dnf update -y
  11. Update server repository :
  12. Now we need to copy the .pem key of the EC2 instance created.
  13. Create a file :nano ec2_ssh_key.pem
  14. Create a file :
  15. Task 15: Test the connectivity between two VPCs
  16. Open the .pem key of EC2 ec2_ssh_key in your local editor and paste it in the terminal file.
  17. Press [ctrl] + x / [control] + x
  18. Press y key in your keyboard.
  19. File Name : No changes, press [Enter] key in your keyboard
  20. Change the .pem key permissionchmod 400 ec2_ssh_key.pem
  21. Change the .pem key permission
  22. SSH into the Private EC2 ec2_ssh_keyssh ec2-user@<IPv4 private Ip> -i ec2_ssh_key.pem
  23. SSH into the Private EC2 ec2_ssh_key
  24. Copy the Private IP of Second_VPCs_EC2
  25. Example : ssh [email protected] -i ec2_ssh_key.pem
  26. If the connection prompts a message to confirm connect enter yes
  27. Task 15: Test the connectivity between two VPCs
  28. As you can see the IP address is changed to private ec2 private IP 30.0.1.154
  29. Task 15: Test the connectivity between two VPCs
  30. Now you have connected two VPCs using the Transit gateway.
  31. With Transit Gateway, you can easily add or remove VPC connections as your network grows or changes, without impacting existing connections. It provides a flexible and scalable solution for interconnecting VPCs and simplifies network administration, routing, and security.
Task 16

Task 16: Validation Test

↑ Top
  1. Once the lab steps are completed, please click on the Validation button on the left side panel.
  2. This will validate the resources in the AWS account and displays whether you have completed this lab successfully or not.
  3. Sample output :
  4. Task 16: Validation Test
Task 17

Task 17: Delete AWS Resources

↑ Top
  1. Make sure you are in the US East (N. Virginia) Region.
  2. Navigate to EC2 by clicking on the Services menu in the top left, then click on EC2 in the Compute section.
  3. Now select both the EC2 instances that you have created, click on Instance State and click on the Terminate instance option.
  4. Task 17: Delete AWS Resources
  5. Click on the Terminate button and your EC2 will start terminating.
  6. You have successfully created a VPC with a public subnet & internet gateway and Launched an EC2 instance.
  7. You have successfully created a VPC with a private subnet and Launched an EC2 instance.
  8. You have successfully created the Transit gateway.
  9. You have successfully created the Transit gateway attachments for both the VPC’s.
  10. You have successfully tested the connectivity of VPC after peering using the Transit gateway.
  11. Sign out of AWS Account.
  12. You have successfully completed the lab.
  13. Once you have completed the steps, click on End Lab from the lab console.
← Back to Labs