Enhance the Makefile in the infrastructure git project with the following content:
AWS_REGION := eu-central-1
###############################################################################################
.PHONY: transit-gateway
transit-gateway:
aws cloudformation deploy \
--no-fail-on-empty-changeset \
--template-file transit/gateway.yml \
--stack-name transit-gateway \
--parameter-overrides OrganizationId=$(shell aws organizations describe-organization --query 'Organization.Id' --output text) \
MasterAccountId=$(shell aws organizations describe-organization --query 'Organization.MasterAccountId' --output text) \
--region $(AWS_REGION)
Create a new cloudformation template in transit/gateway.yml and define the hosted zone in there:
---
AWSTemplateFormatVersion: 2010-09-09
Description: Transit gateway
Parameters:
OrganizationId:
Type: String
AllowedPattern: '^o-[a-z0-9]{10}$'
Description: ID of the AWS organization, eg. o-exampleorgid
MasterAccountId:
Type: String
AllowedPattern: '^[0-9]*$'
Description: ID of the master AWS account
Resources:
TransitGateway:
Type: "AWS::EC2::TransitGateway"
Properties:
AmazonSideAsn: 65000
Description: "Main transit gateway"
AutoAcceptSharedAttachments: "enable"
DefaultRouteTableAssociation: "enable"
DnsSupport: "enable"
VpnEcmpSupport: "enable"
Tags:
- Key: "Name"
Value: "MainTransitGateway"
TransitGatewayResourceShare:
Type: "AWS::RAM::ResourceShare"
Properties:
Name: "TransitGatewayResourceShare"
AllowExternalPrincipals: No
ResourceArns:
- !Sub "arn:aws:ec2:${AWS::Region}:${AWS::AccountId}:transit-gateway/${TransitGateway}"
Principals:
- "arn:aws:organizations::${MasterAccountId}:organization/${OrganizationId}"
Create the Cloudformation stack with the following command in the transit AWS account
AWS_PROFILE=myorg-transit make transit-gateway