Figure 1: Spoke VPCs
Spoke VPCs A & B are designated as workload VPCs. Spoke VPCs do not have any direct Internet connectivity and are attached with AWS Transit Gateway for all east-west, or north-south communication. The default route
0.0.0.0/0 in the VPC route tables towards AWS Transit Gateway ensures any traffic exiting a Spoke VPC will go to the Inspection VPC (discussed in next steps).
|Spoke VPC A||10.1.0.0/16|
|Spoke VPC B||10.2.0.0/16|