If you use the CloudFormation resource AWS::EC2::VPNConnection to create the VPN connection and attach it to the Transit Gateway (TGW), you may notice that it does not return the TGW attachment ID. So it is a bit annoying if you would like to tag the attachment and associate the attachment to a non-default TGW route table.
I am currently working on a project that needs to:
- Create two VPN Site-to-Site VPN connections, and attach them to the TGW. One for primary PoP, the other is for the failover PoP.
- Automate the failover between these two PoP.
For this post, I will share how I automate the VPN connection creation and TGW attachment (with proper tag and route table association). Later on I will create another post to share how I automate the failover.
The idea is quite simple:
- Create customer gateway.
- Create VPN connection and TGW attachment.
- Send the above VPN connection ID to a Lambda function (custom resource) to get its TGW attachment ID and also tag it.
- Use above TGW attachment ID to create TGW route table association.
If you are interested, here are the source codes vpn-tgw-attachment.