Creating Transit Gateway Attachments

Multiple private spaces can connect to an internal VPC. You can reuse the transit gateway attachment by connecting another private space to it and accepting the attachment. You don’t need to create the resource share again.

Before You Begin

  • Before creating a transit gateway attachment, create the private network.

  • Ensure the private space belongs to the same region in which you are creating the transit gateway attachment. Inter-region peering is not supported. For example, you cannot attach transit gateway attachment from region A to a private space belonging to region B.

Update your infrastructure (such as firewalls, routes, and connections) before creating transit gateway attachments. When a transit gateway is pending acceptance, all infrastructure updates are delayed until you accept the attachment.

Connect to a Transit Gateway

For information about limitations when attaching a VPC to a transit gateway, see Transit gateway attachments to a VPC in the AWS documentation.

To connect to a transit gateway:

  1. From Anypoint Platform, select Runtime Manager > Private Spaces.

  2. Click the name of the private space to manage.

  3. On the Network tab, in the Connections section, Create Connection.

  4. On the Create Connection page, select Transit Gateway.

    If CloudHub 2.0 finds any existing transit gateways in the organization, you can select a transit gateway or click Add a new transit gateway and then enter the name in the Connection Name field.

    Use the same name for your transit gateway in AWS. You can change this name later.

    Connection names can contain up to 60 alphanumeric characters (a-z, A-Z, 0-9), spaces, and hyphens (-). Runtime Manager supports Unicode characters in connection names.

  5. Click Next.

Depending on whether you selected an existing transit gateway or are adding a new one, the Add Transit Gateway page lists the steps to create a resource share in AWS:

Configure Routes

In Static Routes, enter the IP prefixes of the external networks to connect through the transit gateway, and then click Next.

The routes should match VPC CIDR range so traffic can flow between the private VPC in AWS and the private space in CloudHub 2.0.

After you attach the transit gateway, the private space includes the routes you specify here.

To display the existing routes for the network, click Show Existing Routes for this Network.

You can add or remove routes later. For information, see Add or Remove a Route from the Route Table.

Create a Resource Share

  1. In another browser window, sign in to your AWS corporate account.

  2. In Anypoint Platform, click the Create Resource Share link on the Add Transit Gateway page.

    The link opens the AWS RAM console to the page for creating a resource share in the region you specified for your private space.

  3. Take the following actions on the AWS Create resource share page:

    1. Under Description, enter a descriptive name for the resource share in the Name field.

    2. Under Resources - optional, select Transit Gateways from the Select resource type menu and select the transit gateway resource to share.

      The transit gateway ID appears in the Selected resources field.

    3. Under Principals - optional, ensure that Allow external accounts is selected, enter the MuleSoft AWS account ID that appears on the Add Transit Gateway page in Anypoint Platform, and click Add.

      The AWS account number appears in the Selected principals field.

    4. Under Tags, add a tag if you want.

    5. Click Create resource share.

    6. Copy the ID and Owner values for the resource share you just created.

    7. Click Next.

Verify the Resource Share

  1. On the Anypoint Platform Add Transit Gateway page, paste the values you copied from AWS in the ID and Owner fields:

    • The resource share ID field contains alphanumeric characters (a-z, A-Z, 0-9) and hyphens (-).

    • The resource share Owner field contains only numbers.

  2. Click Next.

CloudHub 2.0 uses the resource share owner and ID you provide to attach the associated transit gateway on AWS to the private space.

When the attachment succeeds, you see the Attachment Created message and you return to the Add Transit Gateway page.

Accept the Attachment

  1. On the Add Transit Gateway page, click the Transit Gateway Attachments link.

    The link opens the AWS RAM console to the page for accepting the transit gateway attachments in the region you specified.

  2. On the Transit Gateway Attachments page, select the attachment that shows pending acceptance in the State column.

    The attachment might take a few minutes to appear.

    To verify that the attachment is correct, select the transit gateway attachment ID and, on the Details tab, ensure that the Resource owner account ID is the MuleSoft AWS account ID from the Add Transit Gateway page.

  3. From the Actions menu, select Accept.

  4. When the attachment state changes to available, return to the Add Transit Gateway page and click Done.

    You return to the Network tab for the private space. The Connections section shows the transit gateway ID and owner from AWS and indicates that the transit gateway state is Available and the attachment state is Attached to Private Network:

    If the VPC attachment state is Not Attached to VPC, the transit gateway is not attached. Click Accept the attachment link and follow the steps again.

  5. Test the connection from your private space to the transit gateway.

Configure Transit Gateway Routing

CloudHub 2.0 supports static routing for transit gateways.

Configure the network routes (subnets) that you want to be accessible through the transit gateway:

Configure Routes for Outbound Traffic from the Private Space

After the Attached to Private Network message appears, the private spaces adds the routes that you specified so that apps deployed to the private space can access the transit gateway.

To add routes to the transit gateway route table, see Add or Remove a Route from the Route Table.

Enable Inbound Traffic Through the Transit Gateway

After successfully adding routes to the transit gateway route table in Anypoint Platform, enable inbound traffic through your transit gateway on AWS.

You might need to coordinate with your network administrator to enable inbound traffic.

Test the Connection to Your Private Space

After you connect to a transit gateway, test the connectivity from CloudHub 2.0 to your networks. To test the connection, use the Network Tools application.

For download and usage information about the Network Tools application, see How To Use Network Tools Application (KB article).

Was this article helpful? Thanks for your feedback!
View on GitHub