-: Hi everyone and welcome back.

Now, in today's video we'll go ahead

and deploy the transit gateway

and we'll look into these steps that are involved.

Now, before we deploy the transit gateway,

let's look into the architecture

that we will be following for our practical video.

So, the overall architecture is very simple.

You have a transit gateway,

there are two VPCs with a different cidr block.

Both the VPCs are attached to the transit gateway

and the transit gateway has a specific route entry here.

And what is the success criteria

to ensure everything is working?

The EC2 instance from the VPC-1 should be able

to communicate to the EC2 instance

from the VPC-2 through the transit gateway.

So, we will be launching one EC2 in the VPC-1,

second EC2 in the VPC-2, and we'll see

if both of these instances are able

to communicate to each other through transit gateway.

So, this is the high level overview.

Let's go ahead and deploy our first transit gateway.

Now, from the AWS console, let's quickly go to the VPC.

And at this stage there is one default VPC

that is already available.

So, this is the first VPC that we'll be using.

We'll be creating one more VPC

with a different cidr block.

Let's just call it as custom VPC

The cidr block, I'll say 192.168.0.0/16.

We'll keep it very simple,

where we have only one private subnet.

We do not really need the VPC endpoints as well.

And we'll keep things very simple.

All right, so this is a quick VPC configuration here.

Once, then you can go ahead and create a VPC.

So, let's quickly go back to the VPC,

as we know there are two VPCs that are available.

The second step is the transit gateway.

So, let's go ahead and quickly create the transit gateway.

I'll go to transit gateway here.

Let's quickly create a transit gateway.

I'll say demo-transit-gateway.

We'll keep everything as default.

We'll go ahead and directly create a transit gateway here.

Now, as we're discussing

in the transit gateway concepts as well,

one of the first thing that you need to do

after transit gateway is created

is you'll have to create a attachment.

Now, since we have two VPCs, we'll go ahead

and attach both the VPCs to the transit gateway.

It generally takes a minute

or two for the transit gateway to be available.

Let's quickly wait for a moment here.

All right, so it has been a minute

and a transit gateway is now available.

Now, the next thing that you need to do

is you have to create a transit gateway attachment.

So, let's create attachment.

I'll say vpc-attachment-1.

We'll select a transit gateway that is created,

the attachment type, here there are multiple types.

Make sure that the VPC is selected.

And within here, just select the appropriate VPC.

First, I'll be selecting the VPC

with the cidr of 172.31, which is a default one.

All right, once this is done,

let's go ahead and create a transit gateway attachment.

In a similar way, we'll also create one more attachment.

I'll say vpc-attachment-2.

We'll select the transit gateway ID.

We'll select the VPC.

This time it should be 192.168.

And since there is only one subnet,

you can select this one subnet,

ensure that this subnet is selected,

and you go ahead,

and create a transit gateway attachment number two.

All right, let's quickly check the state.

The state is pending.

So, now what we will be doing in each of the VPC,

we'll be creating a EC2 instance

to ensure the connectivity is present.

So, let's quickly go to the EC2 console.

We'll go to the Instances.

We'll launch an instance, I'll say vpc-1-ec2.

All right, within here, just ensure

that this is associated with a VPC-1.

Let's quickly verify.

So, this is associated with a VPC of 172.31.

This is completely fine.

Let's launch the instance.

Great, similarly, let's also launch one more instance.

I'll say vpc-2-ec2.

This time we'll have to select a different VPC here.

So, from the VPC, I'll select the 192.168 VPC,

and within the key pair,

I'll just say proceed without the key pair.

And let's go ahead and launch the instance.

Great, so what we'll be doing from the VPC number one,

we'll test the connectivity

towards the VPC number two through ping.

So, if you want to test the ping connectivity,

the security group of the VPC-2

should allow the ICMP traffic as well.

So, at this stage,

you don't have the ICMP traffic that is allowed.

So, let's go ahead and quickly allow that.

So, I'll edit the inbound rule here.

Let's add one more rule.

In fact, we'll just keep it simple.

We'll allow all the traffic

from 172.31.0.0/16, and I'll click on Save.

All right, let's go to the instances.

Both the instances are now running.

Similarly, let's quickly go back

to the transit gateway attachment console.

Let's refresh.

Now you see that both the attachments are now available.

Once the attachments are available,

one more thing that you'll have to check here

is the route table.

So, if you quickly go

to the transit gateway route tables here, let's open this.

Now, within here you have to ensure

that there are two route entries available.

So, here you see I have two route entries

one associated with the cidr of 172.31,

second associated with the cidr of 192.168.

Sometimes it takes few minutes

for the route entries to be available.

So, this is something to keep a note of.

Now at this stage, let's go ahead

and connect to the instance number one.

You can either connect through SSH,

in case if you added a key,

or you can also connect through browser,

whichever way works.

All right, so I'm connected to the instance number one.

From here, let's go ahead

and try to perform a ping operation

to the instance number two,

I'll copy the private IP, I'll say ping.

And if I do a ping,

you see things are not working at this stage.

Now, the reason why it is not working

is not because of the transit gateway per se,

it is because of the VPC route table.

So, let's do one thing.

Let's quickly go to the VPC.

Now, there are two VPCs.

Now, if you look into the route table,

in fact the default VPC with the cidr

of 172.31 ends with f5a.

So, in your case it might be a little different,

so just verify.

So, you have a f5a, I'll select this.

Now, if you'll go to the route table here,

there is one route table.

Let's look into the route.

There are only two route entries,

one towards the internet and second to the local.

So, now here we'll have to edit and add one more route

towards the destination VPC, which is 192.168.0.0/16.

So, any traffic that goes towards this specific destination,

where should the VPC route table direct the traffic to?

It should be directed to the transit gateway.

All right, let's save the change.

Similarly for our other VPC,

let's go to the route table.

Now for the route table that has the subnet associated,

which is 2d6 in my case, so let's also verify.

So, the second VPC only has one subnet ending with 2d6.

So, associated with that, let's open up the route table.

We'll edit the route,

we'll add one route towards the VPC number one.

So, I'll say 172.31.0.0/16,

and the target again is towards the transit gateway.

I'll save the change.

All right, now if you go ahead and try to ping again,

you see things are working perfectly well.

Great, so I hope with this,

you understood these steps involved

in the overall transit gateway practical.

Now, one of the good things here is that

whenever you add a attachment to the transit gateway,

you do not have to manually add a route entry

at a transit gateway route level.

However, at a VPC level, you still will have to add a entry

towards the transit gateway

so that the traffic can be routed

towards the transit gateway.

So, this is the high level overview

and with this, we'll conclude today's video.