AWS Fundamentals Logo
AWS Fundamentals
L1 ConstructAWS::EC2::TransitGateway

CfnTransitGateway

Specifies a transit gateway. You can use a transit gateway to interconnect your virtual private clouds (VPC) and on-premises networks. After the transit gateway enters the `available` state, you can attach your VPCs and VPN connections to the transit gateway. To attach your VPCs, use [AWS::EC2::TransitGatewayAttachment](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-transitgatewayattachment.html) . To attach a VPN connection, use [AWS::EC2::CustomerGateway](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-customer-gateway.html) to create a customer gateway and specify the ID of the customer gateway and the ID of the transit gateway in a call to [AWS::EC2::VPNConnection](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpn-connection.html) . When you create a transit gateway, we create a default transit gateway route table and use it as the default association route table and the default propagation route table. You can use [AWS::EC2::TransitGatewayRouteTable](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-transitgatewayroutetable.html) to create additional transit gateway route tables. If you disable automatic route propagation, we do not create a default transit gateway route table. You can use [AWS::EC2::TransitGatewayRouteTablePropagation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-transitgatewayroutetablepropagation.html) to propagate routes from a resource attachment to a transit gateway route table. If you disable automatic associations, you can use [AWS::EC2::TransitGatewayRouteTableAssociation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-transitgatewayroutetableassociation.html) to associate a resource attachment with a transit gateway route table. To create a transit gateway with `EncryptionSupport` enabled through CloudFormation, you will need the `ec2:ModifyTransitGateway` Identity and Access Management (IAM) permission. For more information, see `ModifyTransitGateway` in [Actions, resources, and condition keys for Amazon EC2](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonec2.html#amazonec2-actions-as-) of the *Identify and Access Management Service Authorization Reference* .

Import

import { CfnTransitGateway } from 'aws-cdk-lib/aws-ec2';

Or use the module namespace:

import * as ec2 from 'aws-cdk-lib/aws-ec2';
// ec2.CfnTransitGateway

Properties

Configuration passed to the constructor as CfnTransitGatewayProps.

amazonSideAsnOptional
number

A private Autonomous System Number (ASN) for the Amazon side of a BGP session. The range is 64512 to 65534 for 16-bit ASNs. The default is 64512.

associationDefaultRouteTableIdOptional
string

The ID of the default association route table.

autoAcceptSharedAttachmentsOptional
string

Enable or disable automatic acceptance of attachment requests. Disabled by default.

defaultRouteTableAssociationOptional
string

Enable or disable automatic association with the default association route table. Enabled by default. If `DefaultRouteTableAssociation` is set to enable, AWS Transit Gateway will create the default transit gateway route table.

defaultRouteTablePropagationOptional
string

Enable or disable automatic propagation of routes to the default propagation route table. Enabled by default. If `DefaultRouteTablePropagation` is set to enable, AWS Transit Gateway will create the default transit gateway route table.

descriptionOptional
string

The description of the transit gateway.

dnsSupportOptional
string

Enable or disable DNS support. Enabled by default.

encryptionSupportOptional
string

Enable or disable encryption support. Disabled by default.

multicastSupportOptional
string

Indicates whether multicast is enabled on the transit gateway.

propagationDefaultRouteTableIdOptional
string

The ID of the default propagation route table.

securityGroupReferencingSupportOptional
string

Enables you to reference a security group across VPCs attached to a transit gateway (TGW). Use this option to simplify security group management and control of instance-to-instance traffic across VPCs that are connected by transit gateway. You can also use this option to migrate from VPC peering (which was the only option that supported security group referencing) to transit gateways (which now also support security group referencing). This option is disabled by default and there are no additional costs to use this feature. For important information about this feature, see [Create a transit gateway](https://docs.aws.amazon.com/vpc/latest/tgw/tgw-transit-gateways.html#create-tgw) in the *AWS Transit Gateway Guide* .

tagsOptional
CfnTag[]

The tags for the transit gateway.

transitGatewayCidrBlocksOptional
string[]

The transit gateway CIDR blocks.

vpnEcmpSupportOptional
string

Enable or disable Equal Cost Multipath Protocol support. Enabled by default.

CloudFormation Resource

This L1 construct maps directly to the following CloudFormation resource type.

AWS::EC2::TransitGatewayView in CloudFormation Explorer

Get the Amazon EC2 Cheat Sheet

Everything you need to know about Amazon EC2 on one page. HD quality, print-friendly.

Download Free Infographic

Quick Facts

LevelL1 (CloudFormation)
Moduleaws-ec2
CFN TypeAWS::EC2::TransitGateway
Properties14

Related Constructs

Explore This Service

External Links