...
- When Security Groups in one VPC reference Security Groups in a peered VPC, that peering cannot be removed without adjusting the security group to use CIDR blocks instead of the referenced Security Group. TGW Attachments do not support this type of cross-VPC Security Group referencing.
- Peering with among VPCs that are between VPCs where one of the VPCs is not using Cornell Direct Connect. VPCs not using Cornell Direct Connect cannot replace peering with the TGW Attachment in the v2 architecture.
...
Our goal with this migration is that the routing of traffic between your VPC and Cornell public and private CIDR blocks remains will remain effectively unchanged between the v1 and v2 architectures. I.e. the Direct Connect routing option that you chose when your Direct Connect connectivity was established will remain in place. Those routing options are "private network extension", "hybrid", and "all campus" routing. For details on those options see see Cornell AWS Direct Connect Routing Diagrams.
The exact pathways that Direct Connect traffic takes will change between the v1 and v2 architectures. But, the starting point (e.g., your VPC) and endpoint (e.g. a campus VLAN) of this traffic will constant.
When, specifically, will this migration occur?
...