Setup AWS Site to Site VPN Connection with Transit Gateway

Image Generated by Google Gemini

I need to setup a AWS infrastructure that must have all its internet access going through the on-premise data center.

The high level AWS architecture diagram is shown as below.

Let’s set it up with terraform.

VPC, Subnet, and EC2 Instance

The VPC and subnet is created as below,

resource "aws_vpc" "testbed-vpc" {
  cidr_block = "10.226.0.0/16"
  instance_tenancy = "default"
  enable_dns_hostnames = true
  tags = {
    Name = "testbed-vpc"
  }
}


resource "aws_subnet" "management-subnet" {
  cidr_block = "10.226.1.0/24"
  vpc_id = aws_vpc.testbed-vpc.id
  tags = {
    Name = "management-subnet"
  }
}

No public subnet or internet gateway is created.

Create a EC2 instance and setup its security groups.

resource "aws_security_group" "bastion-sg" {
  name = "bastion-sg"
  description = "Allow HTTP/HTTPs/SSH/ICMP Access"
  vpc_id = "${aws_vpc.testbed-vpc.id}"
  tags = {
    Name = "bastion sg"
  }
  ingress {
    from_port = 80
    to_port = 80
    protocol = "tcp"
    cidr_blocks =…