:doc:`EC2 <../../ec2>` / Client / create_transit_gateway

**********************
create_transit_gateway
**********************



.. py:method:: EC2.Client.create_transit_gateway(**kwargs)

  

  Creates a transit gateway.

   

  You can use a transit gateway to interconnect your virtual private clouds (VPC) and on-premises networks. After the transit gateway enters the ``available`` state, you can attach your VPCs and VPN connections to the transit gateway.

   

  To attach your VPCs, use  CreateTransitGatewayVpcAttachment.

   

  To attach a VPN connection, use  CreateCustomerGateway to create a customer gateway and specify the ID of the customer gateway and the ID of the transit gateway in a call to  CreateVpnConnection.

   

  When you create a transit gateway, we create a default transit gateway route table and use it as the default association route table and the default propagation route table. You can use  CreateTransitGatewayRouteTable to create additional transit gateway route tables. If you disable automatic route propagation, we do not create a default transit gateway route table. You can use  EnableTransitGatewayRouteTablePropagation to propagate routes from a resource attachment to a transit gateway route table. If you disable automatic associations, you can use  AssociateTransitGatewayRouteTable to associate a resource attachment with a transit gateway route table.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateTransitGateway>`_  


  **Request Syntax**
  ::

    response = client.create_transit_gateway(
        Description='string',
        Options={
            'AmazonSideAsn': 123,
            'AutoAcceptSharedAttachments': 'enable'|'disable',
            'DefaultRouteTableAssociation': 'enable'|'disable',
            'DefaultRouteTablePropagation': 'enable'|'disable',
            'VpnEcmpSupport': 'enable'|'disable',
            'DnsSupport': 'enable'|'disable',
            'SecurityGroupReferencingSupport': 'enable'|'disable',
            'MulticastSupport': 'enable'|'disable',
            'TransitGatewayCidrBlocks': [
                'string',
            ]
        },
        TagSpecifications=[
            {
                'ResourceType': 'capacity-reservation'|'client-vpn-endpoint'|'customer-gateway'|'carrier-gateway'|'coip-pool'|'declarative-policies-report'|'dedicated-host'|'dhcp-options'|'egress-only-internet-gateway'|'elastic-ip'|'elastic-gpu'|'export-image-task'|'export-instance-task'|'fleet'|'fpga-image'|'host-reservation'|'image'|'image-usage-report'|'import-image-task'|'import-snapshot-task'|'instance'|'instance-event-window'|'internet-gateway'|'ipam'|'ipam-pool'|'ipam-scope'|'ipv4pool-ec2'|'ipv6pool-ec2'|'key-pair'|'launch-template'|'local-gateway'|'local-gateway-route-table'|'local-gateway-virtual-interface'|'local-gateway-virtual-interface-group'|'local-gateway-route-table-vpc-association'|'local-gateway-route-table-virtual-interface-group-association'|'natgateway'|'network-acl'|'network-interface'|'network-insights-analysis'|'network-insights-path'|'network-insights-access-scope'|'network-insights-access-scope-analysis'|'outpost-lag'|'placement-group'|'prefix-list'|'replace-root-volume-task'|'reserved-instances'|'route-table'|'security-group'|'security-group-rule'|'service-link-virtual-interface'|'snapshot'|'spot-fleet-request'|'spot-instances-request'|'subnet'|'subnet-cidr-reservation'|'traffic-mirror-filter'|'traffic-mirror-session'|'traffic-mirror-target'|'transit-gateway'|'transit-gateway-attachment'|'transit-gateway-connect-peer'|'transit-gateway-multicast-domain'|'transit-gateway-policy-table'|'transit-gateway-metering-policy'|'transit-gateway-route-table'|'transit-gateway-route-table-announcement'|'volume'|'vpc'|'vpc-endpoint'|'vpc-endpoint-connection'|'vpc-endpoint-service'|'vpc-endpoint-service-permission'|'vpc-peering-connection'|'vpn-connection'|'vpn-gateway'|'vpc-flow-log'|'capacity-reservation-fleet'|'traffic-mirror-filter-rule'|'vpc-endpoint-connection-device-type'|'verified-access-instance'|'verified-access-group'|'verified-access-endpoint'|'verified-access-policy'|'verified-access-trust-provider'|'vpn-connection-device-type'|'vpc-block-public-access-exclusion'|'vpc-encryption-control'|'route-server'|'route-server-endpoint'|'route-server-peer'|'ipam-resource-discovery'|'ipam-resource-discovery-association'|'instance-connect-endpoint'|'verified-access-endpoint-target'|'ipam-external-resource-verification-token'|'capacity-block'|'mac-modification-task'|'ipam-prefix-list-resolver'|'ipam-policy'|'ipam-prefix-list-resolver-target'|'secondary-interface'|'secondary-network'|'secondary-subnet'|'capacity-manager-data-export'|'vpn-concentrator',
                'Tags': [
                    {
                        'Key': 'string',
                        'Value': 'string'
                    },
                ]
            },
        ],
        DryRun=True|False
    )
    
  :type Description: string
  :param Description: 

    A description of the transit gateway.

    

  
  :type Options: dict
  :param Options: 

    The transit gateway options.

    

  
    - **AmazonSideAsn** *(integer) --* 

      A private Autonomous System Number (ASN) for the Amazon side of a BGP session. The range is 64512 to 65534 for 16-bit ASNs and 4200000000 to 4294967294 for 32-bit ASNs. The default is ``64512``.

      

    
    - **AutoAcceptSharedAttachments** *(string) --* 

      Enable or disable automatic acceptance of attachment requests. Disabled by default.

      

    
    - **DefaultRouteTableAssociation** *(string) --* 

      Enable or disable automatic association with the default association route table. Enabled by default.

      

    
    - **DefaultRouteTablePropagation** *(string) --* 

      Enable or disable automatic propagation of routes to the default propagation route table. Enabled by default.

      

    
    - **VpnEcmpSupport** *(string) --* 

      Enable or disable Equal Cost Multipath Protocol support. Enabled by default.

      

    
    - **DnsSupport** *(string) --* 

      Enable or disable DNS support. Enabled by default.

      

    
    - **SecurityGroupReferencingSupport** *(string) --* 

      Enables you to reference a security group across VPCs attached to a transit gateway to simplify security group management.

       

      This option is disabled by default.

       

      For more information about security group referencing, see `Security group referencing <https://docs.aws.amazon.com/vpc/latest/tgw/tgw-vpc-attachments.html#vpc-attachment-security>`__ in the *Amazon Web Services Transit Gateways Guide*.

      

    
    - **MulticastSupport** *(string) --* 

      Indicates whether multicast is enabled on the transit gateway

      

    
    - **TransitGatewayCidrBlocks** *(list) --* 

      One or more IPv4 or IPv6 CIDR blocks for the transit gateway. Must be a size /24 CIDR block or larger for IPv4, or a size /64 CIDR block or larger for IPv6.

      

    
      - *(string) --* 

      
  
  
  :type TagSpecifications: list
  :param TagSpecifications: 

    The tags to apply to the transit gateway.

    

  
    - *(dict) --* 

      The tags to apply to a resource when the resource is being created. When you specify a tag, you must specify the resource type to tag, otherwise the request will fail.

       

      .. note::

        

        The ``Valid Values`` lists all the resource types that can be tagged. However, the action you're using might not support tagging all of these resource types. If you try to tag a resource type that is unsupported for the action you're using, you'll get an error.

        

      

    
      - **ResourceType** *(string) --* 

        The type of resource to tag on creation.

        

      
      - **Tags** *(list) --* 

        The tags to apply to the resource.

        

      
        - *(dict) --* 

          Describes a tag.

          

        
          - **Key** *(string) --* 

            The key of the tag.

             

            Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with ``aws:``.

            

          
          - **Value** *(string) --* 

            The value of the tag.

             

            Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.

            

          
        
    
    

  :type DryRun: boolean
  :param DryRun: 

    Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is ``DryRunOperation``. Otherwise, it is ``UnauthorizedOperation``.

    

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'TransitGateway': {
              'TransitGatewayId': 'string',
              'TransitGatewayArn': 'string',
              'State': 'pending'|'available'|'modifying'|'deleting'|'deleted',
              'OwnerId': 'string',
              'Description': 'string',
              'CreationTime': datetime(2015, 1, 1),
              'Options': {
                  'AmazonSideAsn': 123,
                  'TransitGatewayCidrBlocks': [
                      'string',
                  ],
                  'AutoAcceptSharedAttachments': 'enable'|'disable',
                  'DefaultRouteTableAssociation': 'enable'|'disable',
                  'AssociationDefaultRouteTableId': 'string',
                  'DefaultRouteTablePropagation': 'enable'|'disable',
                  'PropagationDefaultRouteTableId': 'string',
                  'VpnEcmpSupport': 'enable'|'disable',
                  'DnsSupport': 'enable'|'disable',
                  'SecurityGroupReferencingSupport': 'enable'|'disable',
                  'MulticastSupport': 'enable'|'disable',
                  'EncryptionSupport': {
                      'EncryptionState': 'enabling'|'enabled'|'disabling'|'disabled',
                      'StateMessage': 'string'
                  }
              },
              'Tags': [
                  {
                      'Key': 'string',
                      'Value': 'string'
                  },
              ]
          }
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **TransitGateway** *(dict) --* 

        Information about the transit gateway.

        
        

        - **TransitGatewayId** *(string) --* 

          The ID of the transit gateway.

          
        

        - **TransitGatewayArn** *(string) --* 

          The Amazon Resource Name (ARN) of the transit gateway.

          
        

        - **State** *(string) --* 

          The state of the transit gateway.

          
        

        - **OwnerId** *(string) --* 

          The ID of the Amazon Web Services account that owns the transit gateway.

          
        

        - **Description** *(string) --* 

          The description of the transit gateway.

          
        

        - **CreationTime** *(datetime) --* 

          The creation time.

          
        

        - **Options** *(dict) --* 

          The transit gateway options.

          
          

          - **AmazonSideAsn** *(integer) --* 

            A private Autonomous System Number (ASN) for the Amazon side of a BGP session. The range is 64512 to 65534 for 16-bit ASNs and 4200000000 to 4294967294 for 32-bit ASNs.

            
          

          - **TransitGatewayCidrBlocks** *(list) --* 

            The transit gateway CIDR blocks.

            
            

            - *(string) --* 
        
          

          - **AutoAcceptSharedAttachments** *(string) --* 

            Indicates whether attachment requests are automatically accepted.

            
          

          - **DefaultRouteTableAssociation** *(string) --* 

            Indicates whether resource attachments are automatically associated with the default association route table. Enabled by default. Either ``defaultRouteTableAssociation`` or ``defaultRouteTablePropagation`` must be set to ``enable`` for Amazon Web Services Transit Gateway to create the default transit gateway route table.

            
          

          - **AssociationDefaultRouteTableId** *(string) --* 

            The ID of the default association route table.

            
          

          - **DefaultRouteTablePropagation** *(string) --* 

            Indicates whether resource attachments automatically propagate routes to the default propagation route table. Enabled by default. If ``defaultRouteTablePropagation`` is set to ``enable``, Amazon Web Services Transit Gateway creates the default transit gateway route table.

            
          

          - **PropagationDefaultRouteTableId** *(string) --* 

            The ID of the default propagation route table.

            
          

          - **VpnEcmpSupport** *(string) --* 

            Indicates whether Equal Cost Multipath Protocol support is enabled.

            
          

          - **DnsSupport** *(string) --* 

            Indicates whether DNS support is enabled.

            
          

          - **SecurityGroupReferencingSupport** *(string) --* 

            Enables you to reference a security group across VPCs attached to a transit gateway to simplify security group management.

             

            This option is disabled by default.

            
          

          - **MulticastSupport** *(string) --* 

            Indicates whether multicast is enabled on the transit gateway

            
          

          - **EncryptionSupport** *(dict) --* 

            Defines if the Transit Gateway supports VPC Encryption Control.

            
            

            - **EncryptionState** *(string) --* 

              The current encryption state of the resource.

              
            

            - **StateMessage** *(string) --* 

              A message describing the encryption state.

              
        
      
        

        - **Tags** *(list) --* 

          The tags for the transit gateway.

          
          

          - *(dict) --* 

            Describes a tag.

            
            

            - **Key** *(string) --* 

              The key of the tag.

               

              Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with ``aws:``.

              
            

            - **Value** *(string) --* 

              The value of the tag.

               

              Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.

              
        
      
    
  