Transit Gateway Cross-Account Internet Access

Connecting to AWS Transit Gateway Across Accounts for Internet Access #

Setup Process #

  1. Create TGW VPC Attachment

    • Terraform was used to attach the source VPC (10.80.128.0/19) in IDSS account to the TGW (tgw-0ad3f1e38e190c695) in Private Account.

  2. Update Route Tables

    • Source VPC Subnet Route Table: Added a route to 0.0.0.0/0 pointing to the TGW.
    • TGW Route Table: Verified that the route for 10.80.128.0/19 exists and peered to the correct destination TGW/VPC.
    • Egress VPC Route Table: Added a route for return traffic from the Internet to the source CIDR block.

  3. Associate TGW Route Table

    • Navigated to Transit Gateway Route Tables
    • Selected the relevant TGW Route Table (tgw-rtb-0b26d6befa805b82c)
    • Created an association with the VPC attachment for the source VPC.

  4. Traffic Flow Validation

⚠️ Key Findings & Fixes #

  • ❌ The source EC2 instance did not have a public IP and NAT functionality was not present in the source VPC.
  • ❌ The source VPC’s TGW attachment was not associated with any TGW route table.
  • ✅ After associating the TGW RT and ensuring the correct routing paths, traffic should now flow properly through the destination NAT Gateway.
Edit this page