How do I migrate my transit VPC to a transit gateway?
Last updated: 2021-01-08
How do I migrate my Amazon Virtual Private Cloud (Amazon VPC) from a transit virtual private cloud (VPC) to a transit gateway?
- Create a transit gateway.
- Create the VPC attachments for the spoke VPCs. If the spoke VPCs:
- Are in different accounts, share the transit gateway to the second account. Then, create attachments in the second account.
- Are in different Regions, create a new transit gateway in the second Region. Then, create a peering attachment between the two transit gateways.
- Create transit gateway virtual private network (VPN) connections to the on-premises networks, if applicable.
Note: After the VPN tunnels are UP, you can change the on-premises gateway to prefer the transit gateway VPN tunnels over the virtual gateway tunnels.
- Configure the transit gateway route tables.
- In the spoke VPC route tables, change the target from the virtual private gateway to the transit gateway. Be sure to modify the VPC route tables only during a schedule maintenance window.
- After communication is established on the transit gateway, remove each of the spoke VPC tags individually. Then, delete any VPNs connected to on-premises networks, if applicable. These actions remove the VPN connection between the spoke VPC and the transit network VPC.
Note: The default tag for the spoke VPCs is configured with key: transitvpc:spoke and value: true.
- After all spokes are migrated to the transit gateway, delete the transit network VPC AWS CloudFormation stack.