Configuring Centralized Access to the Internet with Transit Gateway

1.5 hours
  • 6 Learning Objectives

About this Hands-on Lab

Welcome to this challenge lab!

In this lab, you will be creating a centralized egress internet environment. You will be given access to two VPCs. In the workload VPC, a subnet will be provisioned and an EC2 instance will be available in this subnet for you to connect to. You will start off by deploying three subnets and an internet gateway. Once deployed, you will proceed with deploying a transit gateway and a NAT gateway before finishing the configuration with route table modifications. Finally, you’ll test web site access from an EC2 instance in one of the VPCs.

To complete this lab, you should have an understanding of all of the technologies mentioned above, as well as knowledge of the AWS Management Console.

Good luck, Cloud Gurus!

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Create Transit Gateway and Attach to the New Transit Gateway Subnets in Each VPC

In this objective, you will be creating a transit gateway. Once this has been created, you will then create transit gateway attachments and configure these for the newly created subnets in the WorkloadVPC and EgressVPC.

Use the following information for this objective:

Creating a transit gateway

Name = Transit-Gateway-01
Description = WorkloadVPC-EgressVPC

WorkloadVPC transit gateway attachment

Name = WorkloadVPC-TGW-Att
Transit gateway ID = Transit-Gateway01
Attachment type = VPC
VPC ID = WorkloadVPC
Subnet ID = WorkloadVPCTransitUsEast1a

EgressVPC transit gateway attachment

Name = EgressVPC-TGW-Att
Transit gateway ID = Transit-Gateway01
Attachment type = VPC
VPC ID = EgressVPC
Subnet ID = EgressVPCTransitUsEast1a
Create NAT Gateway

In this objective, we will be deploying a NAT gateway called EgressVPCNGW in the public subnet of our VPC.

Use the following settings for this objective:

Name = EgressVPCNGW
Subnet = EgressVPCNATUsEast1a
Connectivity type = Public
Elastic IP allocation ID = Allocate Elastic IP
Configure VPC Route Tables

In this objective, we will configure the route tables for traffic to flow from the EC2 instance through the environment to the target website. For the transit gateway, make sure you add this as a static route.

WorkloadVPCPrivateRouteTable --> Transit Gateway

EgressVPCTransitRouteTable --> NAT Gateway

EgressVPCNATRouteTable --> Internet Gateway --> Transit Gateway

Configure Transit Gateway Route Table

Transit Gateway Route Table --> EgressVPC-TGW-Att

Test Website Connectivity from EC2Instance1

Using EC2Instance1 test connectivity to

Connect to EC2Instance1 using the connection option in the EC2 console and selct the Session Manager tab. Once connected, issue the following commands to test.


Issue this command:


Verify IP address displayed is the same as the public IP address of the NAT gateway.

Create VPC Subnets and Link to Route Tables

In this objective, you will create the foundations for the lab by provisioning the subnets required for the lab.

Create Subnet in Workload VPC

VPCID = WorkloadVPC
SubnetName = WorkloadVPCTransitUsEast1a
Availability Zone = us-east-1a
IPv4 CIDR Block =

Map to route table WorkloadVPCTransitRouteTable.

Create Subnets in Egress VPC

SubnetName = EgressVPCTransitUsEast1a
Availability Zone = us-east-1a
IPv4 CIDR Block =

Map to route table EgressVPCTransitRouteTable.

SubnetName = EgressVPCNATUsEast1a
Availability Zone = us-east-1a
IPv4 CIDR Block =

Map to route table EgressVPCNATRouteTable.

Create Internet Gateway and Attach to the Egress VPC

In this objective, you will need to create an Internet Gateway and attach this to the Egress VPC.

Name = EgressVPCIGW

Attach to VPC = EgressVPC

Additional Resources

Windyfront Air Conditioning has been looking for ways to reduce complexity in their AWS environment. It has been decided to implement a centralized approach for egress traffic to the internet.

In this lab, you will be responsible for configuring a proof-of-concept deployment of the environment so that testing by the Windyfront internal teams can take place.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?