...
As of , 65 Cornell AWS accounts were configured to use Direct Connect. During this migration, all those AWS accounts will have their existing Direct Connect connectivity updated to use new pathways and AWS resources to connect the Cornell campus network to AWS.
Within those 65 Cornell AWS accounts, only the network resources within VPCs using Direct Connect will be affected. Other VPCs in those Cornell AWS accounts will not be affected.
Nomenclature
We use the following terminology:
...
Before the migration is executed, a set of resources in Cornell AWS accounts will be tagged with details about the migration. In addition, a small set of new resources that support the v2 architecture will be created in Cornell AWS accounts. After the migration is complete, a few resources not used in the v1 architecture will be deleted.
Cornell AWS customers will have the opportunity to provide feedback before migration execution and any resource deletion that affects their AWS accounts.
New Resources
Resource Groups
...
- cit-dc-arch-migration-affected-resources – These resources will be directly affected by this migration. These resources include:
- new resources that support the v2 architecture
- resources that support the v1 architecture and will no longer be needed for the v2 architecture
- resources that will remain, but will have their configuration changed to support the v2 architecture
Transit Gateway Attachments should appear in this list, but a limitation of AWS Resource Groups appears to exclude these resources.
- cit-dc-arch-version-1-resources – All network resources that support or utilize the v1 architecture
- cit-dc-arch-version-2-resources – All newly-created resources that support the v2 architecture
- Transit Gateway Attachments should appear in this list, but a limitation of AWS Resource Groups appears to exclude these resources.
After the v1 → v2 migration is complete, v1 resources will either be deleted (if they are not used in the v2 architecture) or relabeled as v2 resources (if they continue to be used in the v2 architecture).
...
The AWS Transit Gateways used in the v2 architecture require different routing rules than the Virtual Private Gateways (VGW) used in the v1 architecture. Each VPC Route Table that references a Virtual Private Gateway will be duplicated and, and in the new Route Table, rules referencing a VGW are replaced will be replaced with rules referencing a TGW Attachment.
These new Route Tables will be created prior to the migration, but will not actually be utlized utilized until the migration is executed.
...
Unlike Virtual Private Gateways, TGW Attachments connect to specific subnets in a VPC. We will be making these TGW Attachments to to multiple private subnets in your VPCs. For best resiliency, we will select private subnets in multiple Availability Zones (AZs) for the TGW Attachments. In most Cornell AWS accounts, each private subnet resides in a unique AZ. If your VPC contains more than one private subnet in a given availability zone, we will consult with AWS account owners to determine best private subnet to select for the TGW Attachments.
Tagging
For this migration, we are tagging AWS resources to provide information about how the each resource is involved in the migration, the v1 architecture, and the v2 architecture.
| Tag Key | Tag Values | Description | VPC | Subnets | Route Tables | Transit Gateway | Virtual Private | Direct Connect Virtual Interfaces |
|---|---|---|---|---|---|---|---|---|
| cit:dc-arch-migration-target | yes/no | Will this resource itself be affected as part of the migration? |  | | | | | |
| cit:dc-arch-migration-description | prose | Description of planned changes to this resource | | | | | | |
| cit:dc-arch-version | v1/v2 | Is this a v1 or v2 architecture resource? After migration, v1 resources utilized in the v2 architecture will be relabeled as v2 resources. | | | | | | |
| cit:dc-arch-migration-new-resource | yes/no | Is this a new resource specifically created for the v2 architecture? | n/a | n/a | | | n/a | n/a |
| cit:dc-arch-migration-replaces | resource ID | If this v2 resource will be replacing a v1 resource, this ID references the resource that will be replaced. | n/a | n/a | | n/a | n/a | n/a |
Resource Deletion
Timeline
...