Spoke VPC Route Table¶
Once the Spoke VPCs are added as Protected VPCs, modify the route tables on the Spoke VPCs to egress traffic via the Valtix Gateway.
If you created the Spoke VPCs using the CloudFormation template, you will be changing the route tables spoke1-apps1, spoke1-apps2, spoke2-apps1 and spoke2-apps2
- Select the route table associated to the subnet where the app instances are running
- Add a default route to 0.0.0.0/0 and set destination to Transit Gateway
- Add another route to your local laptop's public IP with destination to Internet Gateway, thereby allowing ssh session to the app instances
- SSH to the EC2 instance. Attempt
curl http://www.google.comThis will fail as the Valtix Gateway will drop packets when no Security Policy is defined