AWS::EC2::TransitGateway - Amazon CloudFormation
SyntaxPropertiesReturn valuesExamplesSee also
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AWS::EC2::TransitGateway

Specifies a transit gateway.

You can use a transit gateway to interconnect your virtual private clouds (VPC) and on-premises networks. After the transit gateway enters the available state, you can attach your VPCs and VPN connections to the transit gateway.

To attach your VPCs, use AWS::EC2::TransitGatewayAttachment.

To attach a VPN connection, use AWS::EC2::CustomerGateway to create a customer gateway and specify the ID of the customer gateway and the ID of the transit gateway in a call to AWS::EC2::VPNConnection.

When you create a transit gateway, we create a default transit gateway route table and use it as the default association route table and the default propagation route table. You can use AWS::EC2::TransitGatewayRouteTable to create additional transit gateway route tables. If you disable automatic route propagation, we do not create a default transit gateway route table. You can use AWS::EC2::TransitGatewayRouteTablePropagation to propagate routes from a resource attachment to a transit gateway route table. If you disable automatic associations, you can use AWS::EC2::TransitGatewayRouteTableAssociation to associate a resource attachment with a transit gateway route table.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{
  "Type" : "AWS::EC2::TransitGateway",
  "Properties" : {
      "AmazonSideAsn" : Integer,
      "AssociationDefaultRouteTableId" : String,
      "AutoAcceptSharedAttachments" : String,
      "DefaultRouteTableAssociation" : String,
      "DefaultRouteTablePropagation" : String,
      "Description" : String,
      "DnsSupport" : String,
      "MulticastSupport" : String,
      "PropagationDefaultRouteTableId" : String,
      "Tags" : [ Tag, ... ],
      "TransitGatewayCidrBlocks" : [ String, ... ],
      "VpnEcmpSupport" : String
    }
}

Properties

AmazonSideAsn

A private Autonomous System Number (ASN) for the Amazon side of a BGP session. The range is 64512 to 65534 for 16-bit ASNs. The default is 64512.

Required: No

Type: Integer

Update requires: Replacement

AssociationDefaultRouteTableId

The ID of the default association route table.

Required: No

Type: String

Update requires: No interruption

AutoAcceptSharedAttachments

Enable or disable automatic acceptance of attachment requests. Disabled by default.

Required: No

Type: String

Allowed values: enable | disable

Update requires: No interruption

DefaultRouteTableAssociation

Enable or disable automatic association with the default association route table. Enabled by default.

Required: No

Type: String

Allowed values: enable | disable

Update requires: No interruption

DefaultRouteTablePropagation

Enable or disable automatic propagation of routes to the default propagation route table. Enabled by default.

Required: No

Type: String

Allowed values: enable | disable

Update requires: No interruption

Description

The description of the transit gateway.

Required: No

Type: String

Update requires: No interruption

DnsSupport

Enable or disable DNS support. Enabled by default.

Required: No

Type: String

Allowed values: enable | disable

Update requires: No interruption

MulticastSupport

Indicates whether multicast is enabled on the transit gateway

Required: No

Type: String

Allowed values: enable | disable

Update requires: Replacement

PropagationDefaultRouteTableId

The ID of the default propagation route table.

Required: No

Type: String

Update requires: No interruption

Tags

The tags for the transit gateway.

Required: No

Type: Array of Tag

Update requires: No interruption

TransitGatewayCidrBlocks

The transit gateway CIDR blocks.

Required: No

Type: Array of String

Update requires: No interruption

VpnEcmpSupport

Enable or disable Equal Cost Multipath Protocol support. Enabled by default.

Required: No

Type: String

Allowed values: enable | disable

Update requires: No interruption

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the ID of the transit gateway.

For more information about using the Ref function, see Ref.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

Id

The ID of the transit gateway.

Examples

Create a transit gateway

The following example declares a transit gateway.

JSON

"myTransitGateway": {
   "Type": "AWS::EC2::TransitGateway",
   "Properties": {
      "AmazonSideAsn": 65000,
      "Description": "TGW Route Integration Test",
      "AutoAcceptSharedAttachments": "disable",
      "DefaultRouteTableAssociation": "enable",
      "DnsSupport": "enable",
      "VpnEcmpSupport": "enable",
      "Tags": [
         {
            "Key": "Application",
            "Value": {
               "Ref": "AWS::StackId"
            }
         }
      ]
   }
}

YAML

  myTransitGateway:
    Type: "AWS::EC2::TransitGateway"
    Properties:
      AmazonSideAsn: 65000
      Description: "TGW Route Integration Test"
      AutoAcceptSharedAttachments: "disable"
      DefaultRouteTableAssociation: "enable"
      DnsSupport: "enable"
      VpnEcmpSupport: "enable"
      Tags:
      - Key: Application
        Value: !Ref 'AWS::StackId'

See also