Add tags to VPCs Add tags to subnets Add transit gateway attachments

Transit gateway attachments to a VPC

This section provides instructions for attaching VPCs to your transit gateway.

Add tags to VPCs

Follow the step-by-step instructions in this section to add tags to your VPCs.

Sign in to your spoke account.
Navigate to the Amazon VPC console.
Choose VPCs.
Select Tags and choose Manage tags.
Choose Add new tag.
Add the key-value pairs listed in VPC tags.

Note
If you’re using custom names for your transit gateway route tables, the values of the tags you assign need to match the names of the route tables associated with the transit gateway you’re connecting to.

Add tags to subnets

Follow the step-by-step instructions in this section to add tags to your subnets.

Sign in to your spoke account.
Navigate to Subnets within the Amazon VPC console.
Select the subnet that you want to attach to the transit gateway.
Select Tags and choose Manage tags.
Choose Add new tag.
Add keys (without values) listed in Subnet tags.

Add transit gateway attachments

Tags identify applicable resources, such as VPCs and subnets, in your spoke accounts. Tags allow create, read, update, and delete (CRUD) operations to run on the transit gateway route table associations and propagation.

Note

Verify that you have the appropriate access privileges to tag VPCs in spoke accounts, or identify the appropriate administrator in your organization.

VPC tags

For this solution to manage the VPC, the VPC in the spoke account must be tagged with both the Associate-with and Propagate-to keys. You must also add or remove both keys at the same time. By default, the tags are configured for automatic approval.

Key Value Description

Key	Value	Description
Associate-with	`<Requires input>`	The default key is `Associate-with`. The value can be one of the default route table names (`Flat`, `Isolated`, `Infrastructure`, or `On-premises`) or a custom key. You can change the name of the key in the template during initial configuration, but you must use the same key name when you tag the VPC. Type: String For sample route table options, refer to Custom route tables.
Propagate-to	`<Requires input>`	The default key is `Propagate-to`. The value can be one or more default route table names (`Flat`, `Isolated`, `Infrastructure`, or `On-premises`) or a key(s) that you created. You can change the name of the key in the template during initial configuration, but you must use the same key name when you tag the VPC. Type: CommaDelimitedList For sample route table options, refer to Custom route tables.

Associate-with

<Requires input>

The default key is Associate-with. The value can be one of the default route table names (Flat, Isolated, Infrastructure, or On-premises) or a custom key.

You can change the name of the key in the template during initial configuration, but you must use the same key name when you tag the VPC.

Type: String

For sample route table options, refer to Custom route tables.

Propagate-to

<Requires input>

The default key is Propagate-to. The value can be one or more default route table names (Flat, Isolated, Infrastructure, or On-premises) or a key(s) that you created.

You can change the name of the key in the template during initial configuration, but you must use the same key name when you tag the VPC.

Type: CommaDelimitedList

For sample route table options, refer to Custom route tables.

Subnet tags

Note

For a transit gateway attachment to a VPC, you can add only one subnet per Availability Zone. You can’t attach a second subnet in the same Availability Zone to the transit gateway.

Starting in version 3.3.0 of this solution, we support a new tag key Route-to-tgw that skips adding the subnet in the transit gateway attachment and only updates the associated route table with the default route.

Key Value Description

Key	Value	Description
Attach-to-tgw	<Leave blank>	The default key is `Attach-to-tgw`. Important Don’t enter a value. You can change the name of the key in the template during initial configuration, but you must use the same key name when you tag the subnet. If there isn’t an explicit route table associated with the subnet, the solution updates the main route table with the default route.
Route-to-tgw	<Leave blank>	The default key is `Route-to-tgw`. Important Don’t enter a value. You can change the name of the key in the template during initial configuration, but you must use the same key name when you tag the subnet. If there isn’t an explicit route table associated with the subnet, the solution updates the main route table with the default route.

Attach-to-tgw

<Leave blank>

The default key is Attach-to-tgw.

Important

Don’t enter a value.

You can change the name of the key in the template during initial configuration, but you must use the same key name when you tag the subnet.

If there isn’t an explicit route table associated with the subnet, the solution updates the main route table with the default route.

Route-to-tgw

<Leave blank>

The default key is Route-to-tgw.

Important

Don’t enter a value.

You can change the name of the key in the template during initial configuration, but you must use the same key name when you tag the subnet.

If there isn’t an explicit route table associated with the subnet, the solution updates the main route table with the default route.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Step 5: Add tags

Transit gateway peering attachments