This solution is for "Transit VPC" users who want to migrate to the advanced AWS "Transit Gateway."

Note:

• The corporate configuration was done manually in the "Transit VPC" solution, and needs to be configured manually in the "Transit Gateway" solution, as well.

Instructions:

The following are Best Practices for migrating from Transit VPC to AWS Transit Gateway:

1. Without connecting to your existing production environment spoke VPCs, follow the steps in the AWS Transit Gateway Deployment Guide for deploying a new Transit Gateway.
   Since you don't need to initialize the security management configuration, please skip the "Configuring the Security Management Server with the 'autoprov-cfg' Utility" section in the deployment guide.
   Follow the instructions in order to update the management configuration:
   1. Create new vpn-community: Run $FWDIR/scripts/autoprovision/config-community.sh 
      "<NEW-VPN-COMMUNITY-NAME>"
   2. Add the new vpn-community: autoprov-cfg set controller AWS -cn "<CONTROLLER-NAME>" -com
      "<NEW-VPN-COMMUNITY-NAME>","<EXISTING-VPN-COMMUNITY-NAME>"
   3. Add the new template to the existing controller: autoprov-cfg add template -tn 
      "<NEW-TEMPLATE-NAME>" -vpn -vd "" -con "<NEW-VPN-COMMUNITY-NAME>" -dt TGW -po Standard 
      -ver R80.20 -otp "<SIC-KEY>"
      
      
2. It is recommended to run a connectivity test on your Transit Gateway before connecting your production environment.
   For a minimal test example:
   
   1. Create two spoke VPCs.
   2. Attach the spokes to the Transit Gateway (refer to the "Attaching Spoke VPCs to the Transit Gateway" section in the AWS Transit Gateway Deployment Guide).  
   3. Configure the route tables with the spoke VPCs (refer to the "Configuring Transit Gateway Route Tables" section in the AWS Transit Gateway Deployment Guide).
   4. Create an instance in each test spoke (e.g., Ubuntu) and check the connectivity between them.
   5. Remove the test spokes from the Transit Gateway (and delete any resources related that you're not using).
      
      
3. Migrating your spoke VPCs:
   This phase will require some downtime, so be sure to allocate a proper maintenance window during the migration time. You will be required to remove connectivity from the “Transit VPC” Gateways and establish connectivity to the new Transit Gateway.
   1. Make sure your Transit Gateway has completed all necessary tests and is ready to serve the production workloads.
   2. Follow the instructions in the AWS Migrate from Transit VPC to AWS Transit Gateway tool for creating VPC attachments for all spokes to your Transit Gateway.
      Note:
      We suggest not using the option "Enable routing between attached VPCs" because it will create a specific route from each spoke, not a default route to the Transit Gateway.
   3. For each spoke VPC:
      • Configure the TGW route tables with the spoke VPC (refer to the 'Configuring Transit Gateway Route Tables" section in the AWS Transit Gateway Deployment Guide).  
      • Remove the "Transit VPC" tag.
      • Create a default route to the Transit Gateway (step 3). (Refer to the "Attaching Spoke VPCs to the Transit Gateway" section in the AWS Transit Gateway Deployment Guide). 

This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.