Why can't I associate a transit gateway to my Direct Connect gateway?
I want to troubleshoot why I can't associate a transit gateway with my AWS Direct Connect gateway.
Short description
You can't associate a transit gateway with your Direct Connect gateway for the following issues:
- Existing virtual private gateway association
- Autonomous System Number (ASN) conflict
- AWS Identity and Access Management (IAM) permissions issue
- Exceeded association limit
- Cross-account association requirements
Resolution
Check for existing gateway associations
A Direct Connect gateway supports either a virtual private gateway or a transit gateway, but you can't associate both at the same time.
Confirm that your Direct Connect gateway isn't associated with a virtual private gateway or private virtual interface. If your Direct Connect gateway is associated with a virtual private gateway or a private virtual interface, then create a new Direct Connect gateway. Then, associate your new Direct Connect gateway with a transit gateway.
Verify the ASNs for your gateways
Confirm that your Direct Connect gateway and transit gateway have different ASNs.
If they use the same ASN, then refer to the ModifyTransitGatewayOptions API or create a new Direct Connect gateway with a different ASN.
If you connect to multiple transit gateways that are in different AWS Regions, then assign a different ASN to each transit gateway.
Check your IAM permissions
Confirm that your IAM identity has the required permissions to associate a transit gateway with a Direct Connect Gateway. For more information, see Identity and Access Management for Direct Connect.
Check for association limits
A Direct Connect gateway supports up to 6 transit gateways per Direct Connect gateway. If your Direct Connect gateway has reached this limit, then create a new Direct Connect gateway to associate additional transit gateways. For more information, see AWS Direct Connect quotas.
Review cross-account association requirements
If your transit gateway and Direct Connect gateway are in different AWS accounts, then you must first create a transit gateway association proposal from the account with the transit gateway. Then, accept the proposal from the account with the Direct Connect gateway.
Related information
AWS Direct Connect gateways and transit gateway associations
Create a transit gateway and AWS Direct Connect association proposal
Associate or disassociate AWS Direct Connect with a transit gateway
- Language
- English
This needs to be updated to 6.
You can attach up only up to three transit gateways to a Direct Connect gateway.
https://docs.aws.amazon.com/directconnect/latest/UserGuide/limits.html
Thank you for your comment. We'll review and update the Knowledge Center article as needed.
I can't associate my Direct Connect Gwy on Account A with a shared TGW coming from Account B, albeit I can see it in the dropdown. Error I'm getting is: Invalid Transit Gateway Id or Owner Account Console I'm trying this from is: AWS Direct Connect > Direct Connect gateways > [DX Gwy ID] > Associate
If Transit Gateway (TGW) and DirectConnect Gateway (DXGW) are in two different accounts, an association proposal has to be created first from the Account where TGW exists (use guidance Create a transit gateway association proposal) and then accept proposal from the Account where DXGW exists (use guidance Accept or reject a transit gateway association proposal).
Relevant content
- asked 7 years ago
