Spoke VPCs

spoke_vpcs

Figure 1: Spoke VPCs

Spoke VPCs A & B are designated as workload VPCs. Spoke VPCs do not have any direct Internet connectivity and are attached with AWS Transit Gateway for all east-west, or north-south communication. The default route 0.0.0.0/0 in the VPC route tables towards AWS Transit Gateway ensures any traffic exiting a Spoke VPC will go to the Inspection VPC (discussed in next steps).

VPC Assigned CIDR
Spoke VPC A 10.1.0.0/16
Spoke VPC B 10.2.0.0/16