Creating an AWS TGW

To use the AWS TGW (Transit Gateway) feature, you must first create an AWS Transit Gateway.

This step creates an AWS Transit Gateway in a specified region with a specified AWS account. Aviatrix CoPilot also automatically creates the Default_Domain, the Shared_Service_Domain and the Aviatrix_Edge_Domain and the corresponding AWS Transit Gateway route tables.

The three domains are connected. If you attach a VPC to the Default Domain or Shared Service Domain, the VPCs can communicate with each other and can access on-prem environments through the Aviatrix Edge Domain.

create_tgw

The three domains are connected, implying that if you attach a VPC to the Default Domain or Shared Service Domain, the VPCs can communicate with each other and can access on-prem through the Aviatrix Edge Domain.

To create an AWS Transit Gateway:

  1. Go to Aviatrix CoPilot > Networking > Connectivity > select the AWS TGW tab.

  2. Click + AWS TGW.

Setting Value

Account Name

An Aviatrix account that corresponds to an IAM role or account in AWS.

Region

One of the AWS regions.

TGW Name

The name of the AWS Transit Gateway.

AWS Side AS Number

TGW ASN number. The default AS number is 64512.

Advanced Settings

FireNet Inspection Mode

Select either mode:

  • Domain-Based - This mode allows you to specify a Spoke VPC/VNet that needs inspection by defining a connection policy of the Spoke VPC/VNet’s Security Domain to the Firewall Domain.

  • Connection-Based - This mode allows you to inspect traffic going across a specific pair of Security Domains. This inspection mode reduces the amount of traffic being inspected and reduces the instances size requirements on both FireNet Gateways and firewalls.

TGW CIDR(s)

Enter the TGW CIDR ranges.

Click Save.

The AWS TGW is created. If for some reason it was not created, you can go to Monitor > Notifications > Tasks and check what errors occurred during creation.