Guide to AWS Transit Gateway Setup

Welcome back and in this session we are going to demo on how to set up a transit gateway so that multiple VPCs present inside our AWS account can communicate with each other. Let's have a quick look on to the setup. So here we are having an AWS account and in this AWS account we are going to set up multiple VPCs. So we are going to set up three VPCs which starts from test VPC 1, 2 and 3 and each VPC we will have a subnet and inside the subnet we will spin an EC2 instance. So once we're done with the VPC setup then we are going to set up a transit gateway and then this transit gateway we are going to attach with each VPC. After attaching the VPC we are going to perform a test where we are going to access one of the EC2 in one VPC and try to access the another EC2 instance running into another VPC so that we know our transit gateway is working. This is my AWS console and let's start setting up the VPC one. So this is the home page of my AWS console and here in the search box type VPC. click on the vpc and here click on this create vpc and here choose the option for a vpc one and here you can enter the name so i'm just gonna put test vpc one over here ip range so i'm just gonna go with 12.000 and after that i'm just gonna put 16 over here so i will have around 65 000 possible ip addresses Tendency I'm just gonna stick with default and tag and key value name I'm just gonna go with the default one and after that click on create VPC. Go to the VPC home page and check so here you can see our test VPC1 has been created. After creating the VPC, let's take a look onto the diagram once again. So just to make things simple, I have just removed all the components which we are not going to create at the moment. So if you compare this diagram previously, so this is our ideal diagram, but right now I am working on the VPC one. So now we have created the VPC one. The next thing which we need to create is the internet gateway. So again, go back to your AWS console and in the left navigation menu, you will find an option for internet gateway. So click on it and here click on create internet gateway. So here I will put put Internet Gateway abbreviation and type test VPC1. So I'm just putting the suffix VPC1 so that I will be able to identify that this Internet Gateway belongs to VPC1. So that's the reason I am attaching a perfect suffix with the VPC1. And after that click on create Internet Gateway. And here you can see our Internet Gateway has been created. So this is the Internet Gateway which we have just created. this is in a detached mode so we need to attach it to our vpc one so click on this id go to action click on attach vpc and here you will find the test vpc one so click on it and click attach internet gateway the next thing which we need to create is the subnet over here so now we have created vpc we have created internet gateway so we will create a subnet so go back to your aws console and here in the left hand navigation menu you will find the option for creating subnets so click on subnet and click on create subnet here there are default subnet but we are not going to use those one we are going to create our own subnet and as soon as you create a subnet then it will ask like in which vpc you want to create so as you remember that we have created a vpc one so we are going to select the vpc one over here and here we need to enter the name of our subnet so i'm just going to put test subnet I'm gonna suffix it with VPC 1 so that I can identify that it is block it belongs to VPC 1 and then I'm just gonna Put 1 a 1 a is our availability zone. So here in the section you will find availability zone So I'm just gonna choose Europe Central 1 a and after that we need to specify the IP ranges for this particular subnet So remember we are just working with this IP range of our VPC. So we are gonna use the similar range for our Subnet so I'm just gonna copy this IP range. I'm just gonna paste it over here and here I'm just gonna choose one over here and I'm just gonna make it 24 so that I have 256 IPs within my subnet so I'm just gonna create a one subnet over here and this subnet we are gonna make it as a public subnet that I'll show you in a moment so after that just click on create subnet and here you can see our subnet has been created But in ideal scenario, we will not have only one subnet, but we will have a multiple subnet, like a public subnet as well as private subnet. But this is just a demo, that's why I'm just creating only one subnet. So just keep in mind. Now we have created the subnet. The next thing which we need to create is our route table. So again go back to your AWS console and in the left navigation menu you will find an option for a route table. So click on the route table over here. And here these are default route tables so we are not going to touch one but we are going to create a new route table. So click on route table and here again we are just going to choose RT for route table abbreviation and then we are going to use test vpc one suffix. And after that we need to choose the VPC because if you take a look onto the diagram, so we are working within our VPC. So every resource we are creating, we are creating within our VPC1. So this route table also belongs to this particular VPC1. So here in the drop down, we are going to choose test VPC1. So select that one and I'm just going to put the tax default as it is. I'm just not going to change anything. So click on create route table. All right. So here you can see our route. table has been created. After creating the route table there is also one more thing we need to create the routes over here and also it we need to associate the subnet. So this route table we have created but we need to associate this route table with subnet and also we need to create a route for the internet gateway so that we will have access to internet for this particular subnet. So for that again go back to your AWS console and this is the route table which we have created that is RT test VPC one so click on this route table ID route table ID and here into the subnet association go and click on edit subnets and here you will find the subnet which we have just created so select this subnet and click on save association now we have associated our subnet with our route table so here you can see this is our route table and this is our subnet which we have associated so here you can see the subnet association The next thing which we need to create we need to create a route so go to the routes over here and click on edit routes and here we need to click on add routes so here we will choose 000 because we want to have a internet access within our subnet because this is our public subnet so that's why I am creating this route and this means I can access this public subnet from anywhere this particular IP address here then we need to provide a resource which is responsible for providing the internet access so that is our internet gateway and which we have already created with this which is internet gateway test vpc1 so select that one and click on save changes remember we are working in a public subnet but if you are creating a private subnet then you don't need to create this route with our internet gateway because private subnet doesn't need an internet gateway but instead you need to set up a net gateway all right so now we have created our route table also now after creating our route table the next resource which we need to create is our ec2 instance from this diagram so let's go back to our aws console and here you can see this is the home page of our aws console in the search box type ec2 click on this ec2 instance over here and click on this orange button to launch an instance and here we need to enter the name of our ec2 instance so i'm just going to put ec2 dust vpc 1. I'm just suffixing it with the vpc1 so that I can identify this instance that it belongs to vpc1. So that's the only reason I'm just putting this name. Select the base operating system. So I'm just going to choose Ubuntu and I'm just going to stick with instance type that is t2.micro which is a small ec2 instance. Then we need to create a key pair. We need to create a public and the private key and that you can do at the same time using just this link that is create a new key pair so i'm just going to click on it and here i'm just going to type ec2 test vpc 1 and i'm just going to suffix it with the key and click on create key pair and here you can see it has downloaded the key for you and also it has attached the key for your ec2 instance okay so we are just going to use this ec2 instance key later when we are going to perform the ssh into our ec2 instance okay let's move ahead The next thing which we need to set up is the network setting, which is really important. So click on edit over here. So first of all, let's take a look onto the diagram once again. So here you will see this ec2 instance we are creating inside the VPC and the name of the VPC is testvpc1. So again, go back to your AWS console and here in the dropdown, you just need to choose the VPC1. Select that one. And in the subnet, as you remember, we have created one public subnet. So that's the subnet which we need to select it over here. but in case if you have created a multiple subnet then there will be multiple subnets which will pop up over here so just choose the suitable one uh the one which you have created next thing auto assign public ip so yes we need to enable it because this is going to be inside our public subnet so that's why i'm enabling the public ip security group so by By default they have the security group SSH 22 enabled that's so that we can SSH into our EC2 instance But we need to add a one more security group and that I am just gonna enable it for HTTP So that any HTTP request comes to our EC2 instance Then those requests are entertained. Those should not be get rejected and I should allow it from anywhere So we can access this EC2 instance from anywhere in the world all right so now we have created the security group the next thing which we need to see is the uh storage i'm just gonna stick with eight gigs and after that in the advanced detail this is one more important thing so we are just gonna use the user data so user data is the section where you can write down your shell script for installing certain packages so here i'm just gonna install the apache so i'll just copy the script from my notepad so here you can see this is the script for installing the apache so the user data section is used to install certain packages onto your ec2 instance when you're trying to set up it for the first time so here what it will do it will just update the package manager it is going to install the Apache and after that it is going to update the index.html page which we will access later on of our Apache and here it will print the hostname I'm just gonna show this a home page also after we set up over ec2 instance and after that we are just gonna restart the Apache all right So after that once we have done this setup then click on launch instance and it will take a couple of minutes to get it up and running. So go to ec2 dashboard and click on instance running and just wait for a bit so I'll be back once this instance is up and running. Now as you can see my instance is up and running and you can verify this instance set which is green and running. So click on this instance id and here you can see all the details so this is the private ip which is 12.0.1. 255 but we are not concerned about private ip bus but we need to access our public ip so just copy this public ip from here go to the new window and paste it over here so here you can see the ip address and the host name details of my ec2 instance so this is the private ip which has been shown over here so this is the home page of my apache which i have just installed using the user data let's have a look onto our setup once again so here you can see our VPC 1 is ready and we have provision or we have set up all the resource which is needed. Now the next thing is we need to set up the VPC 2 and VPC 3. So VPC 2 and VPC 3 setup are gonna be exactly similar. So I'm just not gonna show the same setup or same step again because it will be boring for you. But what you need to do when you are setting up the VPC 2 and VPC 3, just follow the same step which I have followed in setting up the VPC 1. and only suffix it with the VPC2. So you just need to create the VPC, Internet Gateway, Route Table, Subnet and EC2. Just follow all the steps which I have covered inside the VPC1 setup. Just remember try to suffix it with the VPC2 so that you will be able to identify those VPC and those EC2 instances later. One more quick note which I forgot to tell you before creating the Transit Gateway is the IP ranges of your VPC2 and VPC3. So for test VPC1 we have used 12.0.0.0 slash 24 and 16 for subnet and VPC. So here in the VPC2 you cannot use the same IP ranges so you need to change it. So for just to simplicity I will Similarly, I will be using the 14 series and 14 series for subnet. So just keep in mind you need to keep some different IP ranges for your VPC2 And VPC3 and same goes with the VPC2 subnet as well as VPC3 subnet So just make sure that you put the correct IP ranges before creating those VPC2 and VPC3 Let's go to our AWS console and create our transit gateway. So I'm just going to open my AWS console. So here in the search box type VPC, go to your VPC dashboard and here in the left navigation menu go all the way down and here you will find the transit gateways. So click on this transit gateway over here this link and here you will find the dashboard for your transit gateway. here i have not created any transit gateway so that's why the list is empty i'm just going to click on create transit gateway and put a name so i'm just going to put transit gateway tg and that's abbreviation and i'm just going to simplicity i'm just going to put vpc1 vpc2 vpc3 this is just a demo that's why i'm using this naming convention but it is not going to be the same for in your case and we don't use this kind of a naming convention in our production environment Environment. So just just keep this thing as a demo purpose only. Alright, so description I will put the Transit gateway for VPC 1 VPC 2 and VPC 3. Alright ASN so this is a Amazon side autonomous system number, so this is just an Route which we need to put if you don't put anything then AWS is going to assign to you so what i'll do i'll just not gonna put any number over here because this is the route identification so you need to put some kind of a route identification so that when we create our transit gateway so vpc will be able to find that route based on the number and then they will be able to navigate and communicate within the vpc so that's the theory behind it but let's just skip it uh and if you want to keep it then i think you can keep it six five four one two i i don't recall the exact number but we will get to know once we create our transit gateway because AWS is gonna create for us. Alright so configure cross account sharing option so I am NOT gonna choose the this option because I am just working within my account I am NOT going for a cross account setup so that's why I just keep it optional. The CIDR for transit gateway it's also optional so I'm not gonna touch that one and I'm just gonna go and click on create transit gateway. and here you can see it's in pending state so it will take couple of minutes or maybe more to set it up so i'll be back once this transit gateway state is up and running after few minutes my transit gateway is set and here you can see the state which shows available so now my transit gateway has been set up let's go back to our diagram and see what the next component which we need to create so here our transit gateway is there but still our vpcs are not associated or attached with my transit gateway. So the next thing which I'm just gonna do, I'm just gonna create an attachment. So this transit gateway is attached to VPC1, VPC2 and VPC3. So that's the next step which we need to do. So let's go back to our AWS console and to create the transit gateway attachment, again go to the left navigation menu. In the transit gateway section, you will find the option for a transit gateway attachment. So click on this transit gateway attachment over here. And here this list is empty because we have not created any transit gateway attachment. So click on create a transit gateway attachment and here we need to key in the name and now we need to create the attachment based on each VPC. So we have a three VPC and we have a one transit gateway. So let's create for the first VPC. So I'm just gonna see transit gateway attachment VPC 1. the transit gateway here we need to specify the transit gateway id remember we have only one transit gateway so here is the transit gateway name and the id which we have just created so select that one attachment type so yes we are going to attach with the vpc so i'm just going to choose vpc but also this demo is only for vpc specific but in actual environment you might need to attach to the vpn also because in production like environment or in companies we have our on-premise infra also so in that case you can choose the VPN also but since we are working only into the cloud environment and also into our AWS environment so I'm just going to choose the VPC all right moving ahead so now we need to define the VPC so first attachment we are going to create is towards the VPC one so from the drop down select the VPC one which is our test VPC one which we have created so select the test VPC one And as soon as you select the test VPC one then it will show all the subnets. So here you can see we have only one subnet created but in your case it might be possible that you have a multiple subnet. So select all the possible subnet which you want to attach. Okay so now we have selected the VPC and the subnet the next thing which we need to do is create a transit gateway attachment. So click on this button create transit gateway attachment. And here you can see our first attachment has been created. So if you take a look onto the diagram, so this is the transit gateway and this is the first attachment on the left hand side which we have fixed it. Let's create it for VPC2 also. So go back to your browser, create transit gateway attachment. I'll just copy the name so that I can rename it. So I'm just going to copy this name, go there, go there and change it to 2 because it is going for VPC2. Again our transit gateway id is same we are having a single transit gateway so i'm just going to choose same and here we are going to choose vpc here we are going to choose vpc2 and here we are going to select the subnets within that vpc and tags i'm just going to keep it default click on create transit gateway so now we have created for the vpc2 also now the third one so let's go back here remove this filter and here you can see one and two both are there let's create it for the third one So paste the name, change it to 3, select the transit gateway which we have created which is single, attachment type is VPC, VPC ID is going to be third, this is the subnet and then click on create transit gateway attachment for third VPC. Remove it, this filter and here you can see all the three attachments which we have just created. And again in the diagram you can see this is our transit gateway and these three attachments we have created. Now our transit gateway is attached with all the VPCs. peaces. Before we go ahead, there is one concept which I would like to put your attention. Because why it is different from a VPC peering when we are using the transit gateway. Because VPC peering is also doing the same thing. It is also connecting the multiple VPCs. But there is a very good point about the transit gateway. In transit gateway, you need to create only single transit gateway and it can handle multiple VPCs. But in VPC peering, here in the diagram you can see. here is the first vpc peering between one and two vpc and there is another vpc pairing which we need to create it for two and three because the peering between one and two cannot refer to the third vpc so that's the drawback with our vpc peering so the more vpc you have then you need to create a multiple vpc peering but if you take a look on to our transit gateway then it is not the case so here we are having a single transit gateway and it is connecting to vpc1 vpc2 and vpc3 So that's why transit gateway are more efficient than the VPC peering. If you have a two or three VPCs then VPC peering is fine but if you have more than 10 or 50 VPCs then I would recommend to use the transit gateway. Now what next? Now we have attached the transit gateway to VPC. The next thing which we need to do is we need to update the route table so that our subnet knows like how to route the request to the transit gateway so that it can communicate with the other VPCs. So first of all we are gonna update the route table of our VPC1 or the VPC1 subnet. So let's go back to our AWS console and start modifying our route table. Here is my AWS console. Go to the home page. In the search box type VPC. Click on it. In the left navigation menu click on route tables and first of all we are going to work on our test vpc1 and its attachment so click on the route table id over here of my vpc1 and here these are the routes so click on edit routes click on add routes now this is critical so go back to your diagram once again and here you can see this is our test vpc1 and if i go further over here then here we can see now we want to reach out to the vpc2 so if i take a previous slide so the vpc2 has a ip range of 13.0.0.0 slash 16. so we want to reach out to this destination id but to reach out to that destination id we also need a attachment and that attachment we have already created with our transit gateway so we will use this attachment of vpc1 of our transit gateway and with the destination ip of my test vpc so let's go back to our routes over here and here type 13. uh sorry 13.0.0.0 16 this is the ip range of my vpc 2 and here in the transit gateway here you will find the transit gateway attachment vpc 1. click on save changes okay so now we have fixed the connectivity between the vpc 1 and vpc 2 by creating a route now we need to fix the connectivity between the vpc 1 and vpc 3. So here again we need to know the IP range of the VPC so that is starting with the 14 and we will again use the same attachment which is the first attachment this attachment we are going to use. So again go back to our route table of my test VPC one click on edit routes over here click on add routes and here I'm just gonna choose 14 0 0 0 and after that I'm just gonna choose 16 and here I'm just gonna choose the internet transit gateway and here I'm just gonna choose the attachment. VPC1 and click on save changes and now we have the connectivity between our VPC2 and VPC3 with our VPC1. Now let's take a look onto the diagram once again. It should be this one. So here now we need to work on the VPC2 route. So now we need to fix the connectivity using the attachment 2 with our VPC1 and VPC3. So go back to your routes here and go to route table and open the VPC2 route table so click on it click on edit routes so here click on add route so here I'm just gonna choose the VPC1 so this is the IP range of my VPC1 select the transit gateway and here you will find the transit gateway attachment to which we have created for our VPC2 add one more route and here I will use 14 and here again i will choose the transit gateway so that is transit gateway and here will be vpc2 and click on save changes so now we have fixed the connectivity between if we take a look so we have fixed the connectivity between two from two to one and three so now we need to fix the connectivity between the three uh so that three uh can communicate with our two and one also so any instance which is running inside the vpc3 will be able to talk to ec21 and sorry VPC2 and VPC1. So go back to our AWS console, click on route table, go to the route table 3 of our VPC3, click on edit route, so click on add route, so I will choose the destination of my VPC1 IP range and 16 and here I will choose the transit gateway and that will be transit gateway attachment 3. So that's for VPC1 connectivity and here will be for VPC2. sorry it should be 16 and here I will try transit gateway and here I will use the click on Save Changes Alright, so let's take a look on to the diagram. So here you can see we have pretty much set up the whole transit gateway and whole infra with our EC2 instances and updated all the route table. Now what we will do, now we will log in or we will SSH into the each EC2 instance from VPC1, VPC2 and VPC3 and we will try to curl the pages of our Apache homepage of other EC2 instances. So let's switch back to terminal and try to SSH into our ec2 instances now we need to connect to ec2 instance and for that go to our home page of our aws console and here type ec2 we just need to find the instruction how to connect it so click on instances running let's take a test vpc1 ec2 instance click on connect and here you can see this is the key which we have created so we have created this key for vp uh ec2 instance running in vpc1 but we have also created the other keys also that those are ending with the two and three so now we need to do we need to change the mode of our key so right now these keys are into read and write permission but we need to make it read only so just copy this command from here and go to terminal so here you can see i have divided my terminal into three sections so this is going to be for vpc1 vpc2 and vpc3 so let's start first of all let's check i have the keys or not so here you can see i have all the three keys so this is the one two and three key or maybe i can run simply just ls command to view it so here you can see all the three keys i have right now so i'll clear it so first of all i need to do ch mode 400 and then i need to put the keys over here so vpc1 changed ch mode i'll just use the same thing and i'll just put it to okay no key so i'll just run the ls command once again and i can see that command so i'm just going to rerun the command for vpc2 i can see that it's there i have changed it so i'm just going to run it for the third key also so 400 and i'm just gonna choose the third one also it is this one over here all right i'm just gonna clear it and i'm just going to run the command lsla rt just to verify so right now i can see it's a read only if this is only read only and this is also read only so we have changed the read only permission for all the three keys so i'm just gonna clear it okay so that's been done the next thing which we need to do is we need to ssh into our ec2 instances so this is going to be our vpc1 ec2 instance so just copy this command and go to your terminal and paste it and enter and type yes over here and here you can see i'll clear it and here you can see this is the ip that is starting from 12. so this is our vpc1 ec2 instance let's open another terminal and here we are going to use the ec2 instance from vpc2 so again go back to dashboard go to instances select 2 and go to connect copy this ssh command we have already performed the ch mode a change permission so that you don't need to do go over here pass the command type yes over here clear it and here you can see that is 13 that is from our vpc 2 and now it is our vpc third so go back to our ec2 instances click on third vpc and here click on connect copy this command from here and paste it over here type yes i'll clear it and here you can see the ip which is starting from 14. so this is vpc1 call this is vpc2 that is 13 and this is vpc3 which is starting from 14. just to keep the thing simple what i'll do i'll just open all the instances into the new tab so i'll start with the one two and three i need the private ip address of all those instances so here you can see and this is our vpc1 this is our vpc2 and this is our vpc3 so let's start from our vpc2 private ip go to our now we are into the vpc1 ec2 instance id so i'm just going to use curl command to access the vpc2 apache page and hit enter and here you can see i am able to access the uh v ec2 instance apache of from my vpc2 and similarly i'll try to access the apache instance running inside the ec2 of my vpc3 so go back over here and copy the private IP of my ec2 instance running into vpc3 and I'll just use the curl command and paste it over here and here you can see we are able to access it. So from ec2 instance from vpc1 we are able to access the vpc2 as well as vpc3 and similarly if I run the curl command from vpc2 and now I will try to access this is our vpc1 and copy the private IP address and here you can see we are able to access it and similarly i can access uh the vpc3 from vpc2 so this is the ip private ip address of my vpc3 ec2 instance and here you can see i am able to access it so this is vpc2 and this is our vpc1 and this is our vpc3 similarly i'll just do the curl and now i will try to access the first of all i'll copy this ip address so this is vpc1 i'm trying to access it so that is also working from vpc3 and now i will try to access the vpc2 from vpc3 so i'll just use curl and then i'll just use the private ip address of my vpc2 and here you can see so now all our vpcs are connected and now we are able to communicate between all the vpcs so i hope you like this session on how to set up the transit gateway and how to enable the you communication between all the VPC using the transit gateway and a transit gateway attachment and if you are interested into the similar content then considering following this channel and also for you I have started the members only video those are only for the YouTube members which are into my YouTube members family so here I will be uploading some of the specific or in depth session using Terraform and AWS for those members so if you are interested into learning more in-depth concept and considering to be a member of this particular youtube channel and you will also get an access to the discord group as well so see you into the next session of devops and aws till then take care and bye bye

So once we're done with the VPC setup then we are going to set up a transit gateway and then this transit gateway we are going to attach with each VPC. After attaching the VPC we are going to perform a test where we are going to access one of the EC2 in one VPC and try to access the another EC2 instance running into another VPC so that we know our transit gateway is working. This is my AWS console and let's start setting up the VPC one.

So this is the home page of my AWS console and here in the search box type VPC. click on the vpc and here click on this create vpc and here choose the option for a vpc one and here you can enter the name so i'm just gonna put test vpc one over here ip range so i'm just gonna go with 12.000 and after that i'm just gonna put 16 over here so i will have around 65 000 possible ip addresses Tendency I'm just gonna stick with default and tag and key value name I'm just gonna go with the default one and after that click on create VPC. Go to the VPC home page and check so here you can see our test VPC1 has been created. After creating the VPC, let's take a look onto the diagram once again. So just to make things simple, I have just removed all the components which we are not going to create at the moment.

So if you compare this diagram previously, so this is our ideal diagram, but right now I am working on the VPC one. So now we have created the VPC one. The next thing which we need to create is the internet gateway.

So again, go back to your AWS console and in the left navigation menu, you will find an option for internet gateway. So click on it and here click on create internet gateway. So here I will put put Internet Gateway abbreviation and type test VPC1. So I'm just putting the suffix VPC1 so that I will be able to identify that this Internet Gateway belongs to VPC1. So that's the reason I am attaching a perfect suffix with the VPC1.

And after that click on create Internet Gateway. And here you can see our Internet Gateway has been created. So this is the Internet Gateway which we have just created.

this is in a detached mode so we need to attach it to our vpc one so click on this id go to action click on attach vpc and here you will find the test vpc one so click on it and click attach internet gateway the next thing which we need to create is the subnet over here so now we have created vpc we have created internet gateway so we will create a subnet so go back to your aws console and here in the left hand navigation menu you will find the option for creating subnets so click on subnet and click on create subnet here there are default subnet but we are not going to use those one we are going to create our own subnet and as soon as you create a subnet then it will ask like in which vpc you want to create so as you remember that we have created a vpc one so we are going to select the vpc one over here and here we need to enter the name of our subnet so i'm just going to put test subnet I'm gonna suffix it with VPC 1 so that I can identify that it is block it belongs to VPC 1 and then I'm just gonna Put 1 a 1 a is our availability zone. So here in the section you will find availability zone So I'm just gonna choose Europe Central 1 a and after that we need to specify the IP ranges for this particular subnet So remember we are just working with this IP range of our VPC. So we are gonna use the similar range for our Subnet so I'm just gonna copy this IP range. I'm just gonna paste it over here and here I'm just gonna choose one over here and I'm just gonna make it 24 so that I have 256 IPs within my subnet so I'm just gonna create a one subnet over here and this subnet we are gonna make it as a public subnet that I'll show you in a moment so after that just click on create subnet and here you can see our subnet has been created But in ideal scenario, we will not have only one subnet, but we will have a multiple subnet, like a public subnet as well as private subnet.

But this is just a demo, that's why I'm just creating only one subnet. So just keep in mind. Now we have created the subnet. The next thing which we need to create is our route table. So again go back to your AWS console and in the left navigation menu you will find an option for a route table.

So click on the route table over here. And here these are default route tables so we are not going to touch one but we are going to create a new route table. So click on route table and here again we are just going to choose RT for route table abbreviation and then we are going to use test vpc one suffix. And after that we need to choose the VPC because if you take a look onto the diagram, so we are working within our VPC. So every resource we are creating, we are creating within our VPC1.

So this route table also belongs to this particular VPC1. So here in the drop down, we are going to choose test VPC1. So select that one and I'm just going to put the tax default as it is.

I'm just not going to change anything. So click on create route table. All right. So here you can see our route.

table has been created. After creating the route table there is also one more thing we need to create the routes over here and also it we need to associate the subnet. So this route table we have created but we need to associate this route table with subnet and also we need to create a route for the internet gateway so that we will have access to internet for this particular subnet. So for that again go back to your AWS console and this is the route table which we have created that is RT test VPC one so click on this route table ID route table ID and here into the subnet association go and click on edit subnets and here you will find the subnet which we have just created so select this subnet and click on save association now we have associated our subnet with our route table so here you can see this is our route table and this is our subnet which we have associated so here you can see the subnet association The next thing which we need to create we need to create a route so go to the routes over here and click on edit routes and here we need to click on add routes so here we will choose 000 because we want to have a internet access within our subnet because this is our public subnet so that's why I am creating this route and this means I can access this public subnet from anywhere this particular IP address here then we need to provide a resource which is responsible for providing the internet access so that is our internet gateway and which we have already created with this which is internet gateway test vpc1 so select that one and click on save changes remember we are working in a public subnet but if you are creating a private subnet then you don't need to create this route with our internet gateway because private subnet doesn't need an internet gateway but instead you need to set up a net gateway all right so now we have created our route table also now after creating our route table the next resource which we need to create is our ec2 instance from this diagram so let's go back to our aws console and here you can see this is the home page of our aws console in the search box type ec2 click on this ec2 instance over here and click on this orange button to launch an instance and here we need to enter the name of our ec2 instance so i'm just going to put ec2 dust vpc 1. I'm just suffixing it with the vpc1 so that I can identify this instance that it belongs to vpc1.

So that's the only reason I'm just putting this name. Select the base operating system. So I'm just going to choose Ubuntu and I'm just going to stick with instance type that is t2.micro which is a small ec2 instance.

Then we need to create a key pair. We need to create a public and the private key and that you can do at the same time using just this link that is create a new key pair so i'm just going to click on it and here i'm just going to type ec2 test vpc 1 and i'm just going to suffix it with the key and click on create key pair and here you can see it has downloaded the key for you and also it has attached the key for your ec2 instance okay so we are just going to use this ec2 instance key later when we are going to perform the ssh into our ec2 instance okay let's move ahead The next thing which we need to set up is the network setting, which is really important. So click on edit over here.

So first of all, let's take a look onto the diagram once again. So here you will see this ec2 instance we are creating inside the VPC and the name of the VPC is testvpc1. So again, go back to your AWS console and here in the dropdown, you just need to choose the VPC1. Select that one. And in the subnet, as you remember, we have created one public subnet.

So that's the subnet which we need to select it over here. but in case if you have created a multiple subnet then there will be multiple subnets which will pop up over here so just choose the suitable one uh the one which you have created next thing auto assign public ip so yes we need to enable it because this is going to be inside our public subnet so that's why i'm enabling the public ip security group so by By default they have the security group SSH 22 enabled that's so that we can SSH into our EC2 instance But we need to add a one more security group and that I am just gonna enable it for HTTP So that any HTTP request comes to our EC2 instance Then those requests are entertained. Those should not be get rejected and I should allow it from anywhere So we can access this EC2 instance from anywhere in the world all right so now we have created the security group the next thing which we need to see is the uh storage i'm just gonna stick with eight gigs and after that in the advanced detail this is one more important thing so we are just gonna use the user data so user data is the section where you can write down your shell script for installing certain packages so here i'm just gonna install the apache so i'll just copy the script from my notepad so here you can see this is the script for installing the apache so the user data section is used to install certain packages onto your ec2 instance when you're trying to set up it for the first time so here what it will do it will just update the package manager it is going to install the Apache and after that it is going to update the index.html page which we will access later on of our Apache and here it will print the hostname I'm just gonna show this a home page also after we set up over ec2 instance and after that we are just gonna restart the Apache all right So after that once we have done this setup then click on launch instance and it will take a couple of minutes to get it up and running. So go to ec2 dashboard and click on instance running and just wait for a bit so I'll be back once this instance is up and running.

Now as you can see my instance is up and running and you can verify this instance set which is green and running. So click on this instance id and here you can see all the details so this is the private ip which is 12.0.1. 255 but we are not concerned about private ip bus but we need to access our public ip so just copy this public ip from here go to the new window and paste it over here so here you can see the ip address and the host name details of my ec2 instance so this is the private ip which has been shown over here so this is the home page of my apache which i have just installed using the user data let's have a look onto our setup once again so here you can see our VPC 1 is ready and we have provision or we have set up all the resource which is needed. Now the next thing is we need to set up the VPC 2 and VPC 3. So VPC 2 and VPC 3 setup are gonna be exactly similar. So I'm just not gonna show the same setup or same step again because it will be boring for you.

But what you need to do when you are setting up the VPC 2 and VPC 3, just follow the same step which I have followed in setting up the VPC 1. and only suffix it with the VPC2. So you just need to create the VPC, Internet Gateway, Route Table, Subnet and EC2. Just follow all the steps which I have covered inside the VPC1 setup. Just remember try to suffix it with the VPC2 so that you will be able to identify those VPC and those EC2 instances later. One more quick note which I forgot to tell you before creating the Transit Gateway is the IP ranges of your VPC2 and VPC3.

So for test VPC1 we have used 12.0.0.0 slash 24 and 16 for subnet and VPC. So here in the VPC2 you cannot use the same IP ranges so you need to change it. So for just to simplicity I will Similarly, I will be using the 14 series and 14 series for subnet. So just keep in mind you need to keep some different IP ranges for your VPC2 And VPC3 and same goes with the VPC2 subnet as well as VPC3 subnet So just make sure that you put the correct IP ranges before creating those VPC2 and VPC3 Let's go to our AWS console and create our transit gateway.

So I'm just going to open my AWS console. So here in the search box type VPC, go to your VPC dashboard and here in the left navigation menu go all the way down and here you will find the transit gateways. So click on this transit gateway over here this link and here you will find the dashboard for your transit gateway.

here i have not created any transit gateway so that's why the list is empty i'm just going to click on create transit gateway and put a name so i'm just going to put transit gateway tg and that's abbreviation and i'm just going to simplicity i'm just going to put vpc1 vpc2 vpc3 this is just a demo that's why i'm using this naming convention but it is not going to be the same for in your case and we don't use this kind of a naming convention in our production environment Environment. So just just keep this thing as a demo purpose only. Alright, so description I will put the Transit gateway for VPC 1 VPC 2 and VPC 3. Alright ASN so this is a Amazon side autonomous system number, so this is just an Route which we need to put if you don't put anything then AWS is going to assign to you so what i'll do i'll just not gonna put any number over here because this is the route identification so you need to put some kind of a route identification so that when we create our transit gateway so vpc will be able to find that route based on the number and then they will be able to navigate and communicate within the vpc so that's the theory behind it but let's just skip it uh and if you want to keep it then i think you can keep it six five four one two i i don't recall the exact number but we will get to know once we create our transit gateway because AWS is gonna create for us.

Alright so configure cross account sharing option so I am NOT gonna choose the this option because I am just working within my account I am NOT going for a cross account setup so that's why I just keep it optional. The CIDR for transit gateway it's also optional so I'm not gonna touch that one and I'm just gonna go and click on create transit gateway. and here you can see it's in pending state so it will take couple of minutes or maybe more to set it up so i'll be back once this transit gateway state is up and running after few minutes my transit gateway is set and here you can see the state which shows available so now my transit gateway has been set up let's go back to our diagram and see what the next component which we need to create so here our transit gateway is there but still our vpcs are not associated or attached with my transit gateway. So the next thing which I'm just gonna do, I'm just gonna create an attachment. So this transit gateway is attached to VPC1, VPC2 and VPC3.

So that's the next step which we need to do. So let's go back to our AWS console and to create the transit gateway attachment, again go to the left navigation menu. In the transit gateway section, you will find the option for a transit gateway attachment. So click on this transit gateway attachment over here.

And here this list is empty because we have not created any transit gateway attachment. So click on create a transit gateway attachment and here we need to key in the name and now we need to create the attachment based on each VPC. So we have a three VPC and we have a one transit gateway. So let's create for the first VPC.

So I'm just gonna see transit gateway attachment VPC 1. the transit gateway here we need to specify the transit gateway id remember we have only one transit gateway so here is the transit gateway name and the id which we have just created so select that one attachment type so yes we are going to attach with the vpc so i'm just going to choose vpc but also this demo is only for vpc specific but in actual environment you might need to attach to the vpn also because in production like environment or in companies we have our on-premise infra also so in that case you can choose the VPN also but since we are working only into the cloud environment and also into our AWS environment so I'm just going to choose the VPC all right moving ahead so now we need to define the VPC so first attachment we are going to create is towards the VPC one so from the drop down select the VPC one which is our test VPC one which we have created so select the test VPC one And as soon as you select the test VPC one then it will show all the subnets. So here you can see we have only one subnet created but in your case it might be possible that you have a multiple subnet. So select all the possible subnet which you want to attach. Okay so now we have selected the VPC and the subnet the next thing which we need to do is create a transit gateway attachment.

So click on this button create transit gateway attachment. And here you can see our first attachment has been created. So if you take a look onto the diagram, so this is the transit gateway and this is the first attachment on the left hand side which we have fixed it.

Let's create it for VPC2 also. So go back to your browser, create transit gateway attachment. I'll just copy the name so that I can rename it. So I'm just going to copy this name, go there, go there and change it to 2 because it is going for VPC2. Again our transit gateway id is same we are having a single transit gateway so i'm just going to choose same and here we are going to choose vpc here we are going to choose vpc2 and here we are going to select the subnets within that vpc and tags i'm just going to keep it default click on create transit gateway so now we have created for the vpc2 also now the third one so let's go back here remove this filter and here you can see one and two both are there let's create it for the third one So paste the name, change it to 3, select the transit gateway which we have created which is single, attachment type is VPC, VPC ID is going to be third, this is the subnet and then click on create transit gateway attachment for third VPC.

Remove it, this filter and here you can see all the three attachments which we have just created. And again in the diagram you can see this is our transit gateway and these three attachments we have created. Now our transit gateway is attached with all the VPCs. peaces.

Before we go ahead, there is one concept which I would like to put your attention. Because why it is different from a VPC peering when we are using the transit gateway. Because VPC peering is also doing the same thing. It is also connecting the multiple VPCs. But there is a very good point about the transit gateway.

In transit gateway, you need to create only single transit gateway and it can handle multiple VPCs. But in VPC peering, here in the diagram you can see. here is the first vpc peering between one and two vpc and there is another vpc pairing which we need to create it for two and three because the peering between one and two cannot refer to the third vpc so that's the drawback with our vpc peering so the more vpc you have then you need to create a multiple vpc peering but if you take a look on to our transit gateway then it is not the case so here we are having a single transit gateway and it is connecting to vpc1 vpc2 and vpc3 So that's why transit gateway are more efficient than the VPC peering.

If you have a two or three VPCs then VPC peering is fine but if you have more than 10 or 50 VPCs then I would recommend to use the transit gateway. Now what next? Now we have attached the transit gateway to VPC.

The next thing which we need to do is we need to update the route table so that our subnet knows like how to route the request to the transit gateway so that it can communicate with the other VPCs. So first of all we are gonna update the route table of our VPC1 or the VPC1 subnet. So let's go back to our AWS console and start modifying our route table.

Here is my AWS console. Go to the home page. In the search box type VPC. Click on it. In the left navigation menu click on route tables and first of all we are going to work on our test vpc1 and its attachment so click on the route table id over here of my vpc1 and here these are the routes so click on edit routes click on add routes now this is critical so go back to your diagram once again and here you can see this is our test vpc1 and if i go further over here then here we can see now we want to reach out to the vpc2 so if i take a previous slide so the vpc2 has a ip range of 13.0.0.0 slash 16. so we want to reach out to this destination id but to reach out to that destination id we also need a attachment and that attachment we have already created with our transit gateway so we will use this attachment of vpc1 of our transit gateway and with the destination ip of my test vpc so let's go back to our routes over here and here type 13. uh sorry 13.0.0.0 16 this is the ip range of my vpc 2 and here in the transit gateway here you will find the transit gateway attachment vpc 1. click on save changes okay so now we have fixed the connectivity between the vpc 1 and vpc 2 by creating a route now we need to fix the connectivity between the vpc 1 and vpc 3. So here again we need to know the IP range of the VPC so that is starting with the 14 and we will again use the same attachment which is the first attachment this attachment we are going to use.

So again go back to our route table of my test VPC one click on edit routes over here click on add routes and here I'm just gonna choose 14 0 0 0 and after that I'm just gonna choose 16 and here I'm just gonna choose the internet transit gateway and here I'm just gonna choose the attachment. VPC1 and click on save changes and now we have the connectivity between our VPC2 and VPC3 with our VPC1. Now let's take a look onto the diagram once again.

It should be this one. So here now we need to work on the VPC2 route. So now we need to fix the connectivity using the attachment 2 with our VPC1 and VPC3. So go back to your routes here and go to route table and open the VPC2 route table so click on it click on edit routes so here click on add route so here I'm just gonna choose the VPC1 so this is the IP range of my VPC1 select the transit gateway and here you will find the transit gateway attachment to which we have created for our VPC2 add one more route and here I will use 14 and here again i will choose the transit gateway so that is transit gateway and here will be vpc2 and click on save changes so now we have fixed the connectivity between if we take a look so we have fixed the connectivity between two from two to one and three so now we need to fix the connectivity between the three uh so that three uh can communicate with our two and one also so any instance which is running inside the vpc3 will be able to talk to ec21 and sorry VPC2 and VPC1. So go back to our AWS console, click on route table, go to the route table 3 of our VPC3, click on edit route, so click on add route, so I will choose the destination of my VPC1 IP range and 16 and here I will choose the transit gateway and that will be transit gateway attachment 3. So that's for VPC1 connectivity and here will be for VPC2.

sorry it should be 16 and here I will try transit gateway and here I will use the click on Save Changes Alright, so let's take a look on to the diagram. So here you can see we have pretty much set up the whole transit gateway and whole infra with our EC2 instances and updated all the route table. Now what we will do, now we will log in or we will SSH into the each EC2 instance from VPC1, VPC2 and VPC3 and we will try to curl the pages of our Apache homepage of other EC2 instances.

So let's switch back to terminal and try to SSH into our ec2 instances now we need to connect to ec2 instance and for that go to our home page of our aws console and here type ec2 we just need to find the instruction how to connect it so click on instances running let's take a test vpc1 ec2 instance click on connect and here you can see this is the key which we have created so we have created this key for vp uh ec2 instance running in vpc1 but we have also created the other keys also that those are ending with the two and three so now we need to do we need to change the mode of our key so right now these keys are into read and write permission but we need to make it read only so just copy this command from here and go to terminal so here you can see i have divided my terminal into three sections so this is going to be for vpc1 vpc2 and vpc3 so let's start first of all let's check i have the keys or not so here you can see i have all the three keys so this is the one two and three key or maybe i can run simply just ls command to view it so here you can see all the three keys i have right now so i'll clear it so first of all i need to do ch mode 400 and then i need to put the keys over here so vpc1 changed ch mode i'll just use the same thing and i'll just put it to okay no key so i'll just run the ls command once again and i can see that command so i'm just going to rerun the command for vpc2 i can see that it's there i have changed it so i'm just going to run it for the third key also so 400 and i'm just gonna choose the third one also it is this one over here all right i'm just gonna clear it and i'm just going to run the command lsla rt just to verify so right now i can see it's a read only if this is only read only and this is also read only so we have changed the read only permission for all the three keys so i'm just gonna clear it okay so that's been done the next thing which we need to do is we need to ssh into our ec2 instances so this is going to be our vpc1 ec2 instance so just copy this command and go to your terminal and paste it and enter and type yes over here and here you can see i'll clear it and here you can see this is the ip that is starting from 12. so this is our vpc1 ec2 instance let's open another terminal and here we are going to use the ec2 instance from vpc2 so again go back to dashboard go to instances select 2 and go to connect copy this ssh command we have already performed the ch mode a change permission so that you don't need to do go over here pass the command type yes over here clear it and here you can see that is 13 that is from our vpc 2 and now it is our vpc third so go back to our ec2 instances click on third vpc and here click on connect copy this command from here and paste it over here type yes i'll clear it and here you can see the ip which is starting from 14. so this is vpc1 call this is vpc2 that is 13 and this is vpc3 which is starting from 14. just to keep the thing simple what i'll do i'll just open all the instances into the new tab so i'll start with the one two and three i need the private ip address of all those instances so here you can see and this is our vpc1 this is our vpc2 and this is our vpc3 so let's start from our vpc2 private ip go to our now we are into the vpc1 ec2 instance id so i'm just going to use curl command to access the vpc2 apache page and hit enter and here you can see i am able to access the uh v ec2 instance apache of from my vpc2 and similarly i'll try to access the apache instance running inside the ec2 of my vpc3 so go back over here and copy the private IP of my ec2 instance running into vpc3 and I'll just use the curl command and paste it over here and here you can see we are able to access it. So from ec2 instance from vpc1 we are able to access the vpc2 as well as vpc3 and similarly if I run the curl command from vpc2 and now I will try to access this is our vpc1 and copy the private IP address and here you can see we are able to access it and similarly i can access uh the vpc3 from vpc2 so this is the ip private ip address of my vpc3 ec2 instance and here you can see i am able to access it so this is vpc2 and this is our vpc1 and this is our vpc3 similarly i'll just do the curl and now i will try to access the first of all i'll copy this ip address so this is vpc1 i'm trying to access it so that is also working from vpc3 and now i will try to access the vpc2 from vpc3 so i'll just use curl and then i'll just use the private ip address of my vpc2 and here you can see so now all our vpcs are connected and now we are able to communicate between all the vpcs so i hope you like this session on how to set up the transit gateway and how to enable the you communication between all the VPC using the transit gateway and a transit gateway attachment and if you are interested into the similar content then considering following this channel and also for you I have started the members only video those are only for the YouTube members which are into my YouTube members family so here I will be uploading some of the specific or in depth session using Terraform and AWS for those members so if you are interested into learning more in-depth concept and considering to be a member of this particular youtube channel and you will also get an access to the discord group as well so see you into the next session of devops and aws till then take care and bye bye

Transcript for:Guide to AWS Transit Gateway Setup

Transcript for:
Guide to AWS Transit Gateway Setup