An AWS Transit Gateway allows to attach Amazon VPCs, AWS S2S VPN, and AWS Direct Connect connections in the same Region, and route traffic between them. Transit Gateways are designed to be highly scalable and resilient. It can be attached up to 5000 VPCs to each gateway and each attachment can handle up to 50 Gbits/second of bursty traffic.

Transit Gateway supports multiple routing tables which can be used to build and isolate multiple traffic flows

1. Create VPCs

Using AWS Console, create 3 VPCs. Enable both IPv4 and IPv6 CIDRs

2. Create Subnets

For each previously created VPC, create two subnets.

3. Create TGW 

Using AWS Console create Transit Gateway

4. List route tables

Each VPC has a default route table. All corresponding subnets created in previous step, should be associated with VPC default route table

5. Check VPC-A route table

Using AWS Console confirm if the route table routes both IPv4 and IPv6 traffic via TGW attachment

6. Check VPC-B route table

Using AWS Console confirm if the route table routes both IPv4 and IPv6 traffic via TGW attachment

7. Check VPC-Dest route table

Using AWS Console confirm if the route table routes both IPv4 and IPv6 traffic via TGW attachment

8. Create TGW VPC attachments

Create TGW attachments for each VPC, remember to enable  IPv6 (it's disabled by default)

9. Create TGW route tables

Create 3x TGW route tables, each to control traffic from previously created VPC

10. Associate VPC-Dest attachment

Associate VPC-Dest attachment to From-Dest route table

11. Associate VPC-A attachment

Associate VPC-A attachment to From-A route table

12. Associate VPC-B attachment

Associate VPC-B attachment to From-B route table

13. Propagate all attachments to VPC-Dest route table

To allow traffic from VPC-Dest to both VPC-A and VPC-B, propagate both attachments to VPC-Dest route table

14. Propagate selected attachments to VPC-A route table

Propagate VPC-Dest and VPC-A attachments with to VPC-A route table

15. Propagate selected attachments to VPC-B route table

Propagate VPC-Dest and VPC-B attachments with to VPC-B route table

16. Create test EC2 instances

Create EC2 instance in each VPC. Confirm if each got both IPv4 and IPv6 address

17. Test from VPC-Dest

Log into EC2 instance created in VPC-Dest. Confirm if you can ping instances deployed in VPC-A and VPC-B

18. Test from VPC-A

Log into EC2 instance created in VPC-A. Confirm if you can ping instance deployed in VPC-Dest but you cannot ping those which has been deployed in VPC-B

19. Test from VPC-B

Log into EC2 instance created in VPC-B. Confirm if you can ping instance deployed in VPC-Dest but you cannot ping those which has been deployed in VPC-A