feat(ec2-alpha): add Transit Gateway L2

packages/@aws-cdk/aws-ec2-alpha/README.md

@@ -696,3 +696,131 @@ const vpc = new VpcV2(this, 'VPC-integ-test-tag', {
 // Add custom tags if needed
 Tags.of(vpc).add('Environment', 'Production');
 ```
+
+## Transit Gateway
+
+The AWS Transit Gateway construct library allows you to create and configure Transit Gateway resources using AWS CDK.
+
+## Overview
+
+The Transit Gateway construct (`TransitGateway`) is the main entry point for creating and managing your Transit Gateway infrastructure. It provides methods to create route tables, attach VPCs, and configure cross-account access.
+
+The Transit Gateway construct library provides four main constructs:
+
+- `TransitGateway`: The central hub for your network connections
+- `TransitGatewayRouteTable`: Manages routing between attached networks  
+- `TransitGatewayAttachment`: Connects VPCs and on-premises networks
+- `TransitGatewayRoute`: Defines routing rules within your Transit Gateway
+
+### Basic Usage
+
+To create a minimal deployable `TransitGateway`:
+
+```ts
+import * as ec2 from '@aws-cdk/aws-ec2-alpha';
+
+const transitGateway = new ec2.TransitGateway(this, 'MyTransitGateway');
+```
+
+Key properties available:
+
+- `transitGatewayId`: The ID of the Transit Gateway
+- `transitGatewayArn`: The ARN of the Transit Gateway
+- `defaultRouteTable`: The default route table created with the Transit Gateway
+- `defaultRouteTableAssociation`: Controls automatic route table association
+- `defaultRouteTablePropagation`: Controls automatic route propagation
+
+### Default Transit Gateway Route Table
+
+By default, `TransitGateway` is created with a default `TransitGatewayRouteTable`, for which automatic Associations and automatic Propagations are enabled. 
+
+> Note: When you create a default Transit Gateway in AWS Console, EC2 creates the default `TransitGatewayRouteTable` for you. When using this construct, CDK will create the default `TransitGatewayRouteTable` for you instead with the automatic Association/Propagation features being mimicked by the CDK. 
+>
+> **Default association route table** and **Default propagation route table** will show as disabled in your AWS console but can still be toggled within CDK using the `defaultRouteTableAssociation` and `defaultRouteTablePropagation` properties respectively. 
+
+You can disable the automatic Association/Propagation on the default `TransitGatewayRouteTable` via the `TransitGateway` properties. This will still create a default route table for you:
+
+```ts
+const transitGateway = new ec2.TransitGateway(this, 'MyTransitGateway', {
+  defaultRouteTableAssociation: false,
+  defaultRouteTablePropagation: false,
+});
+```
+
+You can also provide your own `TransitGatewayRouteTable` to be used as the default route table:
+
+```ts
+const customRouteTable = new ec2.TransitGatewayRouteTable(this, 'TransitGatewayRouteTable');
+
+const transitGateway = new ec2.TransitGateway(this, 'MyTransitGateway', {
+  customDefaultRouteTable: customRouteTable,
+});
+```
+
+## Transit Gateway Route Table Management
+
+Add additional Transit Gateway Route Tables using the `addRouteTable()` method:
+
+```ts
+const tgw = new TransitGateway(this, 'TransitGateway');
+const routeTable = tgw.addRouteTable('CustomRouteTable');
+```
+
+### Attaching VPCs to the Transit Gateway
+
+Create an attachment from a VPC to the Transit Gateway using the `attachVpc()` method:
+
+```ts
+// Create a basic attachment
+const attachment = transitGateway.attachVpc('VpcAttachment', vpc, [subnet1, subnet2]);
+```
+
+You can customize the VPC attachment by passing in optional parameters. These include options for fine-tuning the attachment behavior, such as support for DNS, IPv6, Appliance Mode and Security Group Referencing.
+
+```ts
+const attachmentWithOptions = transitGateway.attachVpc('VpcAttachment', vpc, [subnet], {
+  dnsSupport: true,
+  applianceModeSupport: true,
+  ipv6Support: true,
+  securityGroupReferencingSupport: true,
+});
+```
+
+If you want to automatically associate and propagate routes with transit gateway route tables, you can pass the `associationRouteTable` and `propagationRouteTables` parameters. This will automatically create the necessary associations and propagations based on the provided route tables.
+
+```ts
+const attachmentWithRoutes = transitGateway.attachVpc('VpcAttachment', vpc, [subnet], undefined, associationRouteTable, [propagationRouteTable1, propagationRouteTable2]);
+```
+
+In this example, the `associationRouteTable` is set to `associationRouteTable`, and `propagationRouteTables` is set to an array containing `propagationRouteTable1` and `propagationRouteTable2`. This triggers the automatic creation of route table associations and route propagations between the Transit Gateway and the specified route tables.
+
+### Adding static routes to the route table
+
+Add static routes using either the `addRoute()` method to add an active route or `addBlackholeRoute()` to add a blackhole route: 
+
+```ts
+// Add a static route to direct traffic
+routeTable.addRoute('StaticRoute', {
+  transitGatewayAttachment: vpcAttachment,
+  destinationCidrBlock: '10.0.0.0/16',
+});
+
+// Block unwanted traffic with a blackhole route
+routeTable.addBlackholeRoute('BlackholeRoute', '172.16.0.0/16');
+```
+
+### Route Table Associations and Propagations
+
+Configure route table associations and enable route propagation:
+
+```ts
+// Associate an attachment with a route table
+routeTable.addAssociation('Association', attachment);
+
+// Enable route propagation for an attachment
+routeTable.enablePropagation('Propagation', attachent);
+```
+
+**Associations** — The linking of a Transit Gateway attachment to a specific route table, which determines which routes that attachment will use for routing decisions.
+
+**Propagation** — The automatic advertisement of routes from an attachment to a route table, allowing the route table to learn about available network destinations.

packages/@aws-cdk/aws-ec2-alpha/lib/transit-gateway-attachment.ts

@@ -0,0 +1,13 @@
+import { IResource, Resource } from 'aws-cdk-lib/core';
+
+export interface ITransitGatewayAttachment extends IResource {
+  /**
+   * The ID of the transit gateway attachment.
+   * @attribute
+   */
+  readonly transitGatewayVpcAttachmentId: string;
+}
+
+export abstract class TransitGatewayAttachmentBase extends Resource implements ITransitGatewayAttachment {
+  public abstract readonly transitGatewayVpcAttachmentId: string;
+}

packages/@aws-cdk/aws-ec2-alpha/lib/transit-gateway-route-table-association.ts

@@ -0,0 +1,49 @@
+import { IResource, Resource } from 'aws-cdk-lib/core';
+import { ITransitGatewayAttachment } from './transit-gateway-attachment';
+import { ITransitGatewayRouteTable } from './transit-gateway-route-table';
+import { CfnTransitGatewayRouteTableAssociation } from 'aws-cdk-lib/aws-ec2';
+import { Construct } from 'constructs';
+
+export interface ITransitGatewayRouteTableAssociation extends IResource {
+  /**
+     * The ID of the transit gateway route table association.
+     */
+  readonly transitGatewayRouteTableAssociationId: string;
+}
+
+export interface TransitGatewayRouteTableAssociationProps {
+  /**
+     * The ID of the transit gateway route table association.
+     */
+  readonly transitGatewayVpcAttachment: ITransitGatewayAttachment;
+
+  /**
+     * The ID of the transit gateway route table association.
+     */
+  readonly transitGatewayRouteTable: ITransitGatewayRouteTable;
+}
+
+abstract class TransitGatewayRouteTableAssociationBase extends Resource implements ITransitGatewayRouteTableAssociation {
+  /**
+     * The ID of the transit gateway route table association.
+     */
+  public abstract readonly transitGatewayRouteTableAssociationId: string;
+}
+
+export class TransitGatewayRouteTableAssociation extends TransitGatewayRouteTableAssociationBase {
+  /**
+     * The ID of the transit gateway route table association.
+     */
+  public readonly transitGatewayRouteTableAssociationId: string;
+
+  constructor(scope: Construct, id: string, props: TransitGatewayRouteTableAssociationProps) {
+    super(scope, id);
+
+    const resource = new CfnTransitGatewayRouteTableAssociation(this, id, {
+      transitGatewayAttachmentId: props.transitGatewayVpcAttachment.transitGatewayVpcAttachmentId,
+      transitGatewayRouteTableId: props.transitGatewayRouteTable.routeTableId,
+    });
+
+    this.transitGatewayRouteTableAssociationId = resource.ref;
+  }
+}

packages/@aws-cdk/aws-ec2-alpha/lib/transit-gateway-route-table-propagation.ts

@@ -0,0 +1,50 @@
+import { IResource, Resource } from 'aws-cdk-lib/core';
+import { CfnTransitGatewayRouteTablePropagation } from 'aws-cdk-lib/aws-ec2';
+import { Construct } from 'constructs';
+import { ITransitGatewayAttachment } from './transit-gateway-attachment';
+import { ITransitGatewayRouteTable } from './transit-gateway-route-table';
+
+export interface ITransitGatewayRouteTablePropagation extends IResource {
+  /**
+    * The ID of the transit gateway route table propagation.
+    * @attribute
+    */
+  readonly transitGatewayRouteTablePropagationId: string;
+}
+
+export interface TransitGatewayRouteTablePropagationProps {
+  /**
+    * The ID of the transit gateway route table propagation.
+    */
+  readonly transitGatewayVpcAttachment: ITransitGatewayAttachment;
+
+  /**
+    * The ID of the transit gateway route table propagation.
+    */
+  readonly transitGatewayRouteTable: ITransitGatewayRouteTable;
+}
+
+abstract class TransitGatewayRouteTablePropagationBase extends Resource implements ITransitGatewayRouteTablePropagation {
+  /**
+    * The ID of the transit gateway route table propagation.
+    */
+  public abstract readonly transitGatewayRouteTablePropagationId: string;
+}
+
+export class TransitGatewayRouteTablePropagation extends TransitGatewayRouteTablePropagationBase {
+  /**
+    * The ID of the transit gateway route table propagation.
+    */
+  public readonly transitGatewayRouteTablePropagationId: string;
+
+  constructor(scope: Construct, id: string, props: TransitGatewayRouteTablePropagationProps) {
+    super(scope, id);
+
+    const resource = new CfnTransitGatewayRouteTablePropagation(this, id, {
+      transitGatewayAttachmentId: props.transitGatewayVpcAttachment.transitGatewayVpcAttachmentId,
+      transitGatewayRouteTableId: props.transitGatewayRouteTable.routeTableId,
+    });
+
+    this.transitGatewayRouteTablePropagationId = resource.ref;
+  }
+}

packages/@aws-cdk/aws-ec2-alpha/lib/transit-gateway-route-table.ts

@@ -0,0 +1,78 @@
+import { IResource, Resource } from 'aws-cdk-lib/core';
+import { ITransitGateway } from './transit-gateway';
+import { Construct } from 'constructs';
+import { CfnTransitGatewayRouteTable, IRouteTable } from 'aws-cdk-lib/aws-ec2';
+import { ITransitGatewayAttachment } from './transit-gateway-attachment';
+import { TransitGatewayActiveRoute, TransitGatewayBlackholeRoute } from './transit-gateway-route';
+import { TransitGatewayRouteTableAssociation } from './transit-gateway-route-table-association';
+import { TransitGatewayRouteTablePropagation } from './transit-gateway-route-table-propagation';
+
+export interface ITransitGatewayRouteTable extends IResource {
+  /**
+   * The ID of the transit gateway route table
+   * @attribute
+   */
+  readonly routeTableId: string;
+}
+
+export interface TransitGatewayRouteTableProps {
+  /**
+   * The ID of the transit gateway
+   */
+  readonly transitGateway: ITransitGateway;
+}
+
+abstract class TransitGatewayRouteTableBase extends Resource implements ITransitGatewayRouteTable, IRouteTable {
+  public abstract readonly routeTableId: string;
+  public abstract readonly transitGateway: ITransitGateway;
+
+  addRoute(id: string, transitGatewayAttachment: ITransitGatewayAttachment, destinationCidr: string): TransitGatewayActiveRoute {
+    return new TransitGatewayActiveRoute(this, id, {
+      transitGatewayRouteTable: this,
+      transitGatewayAttachment,
+      destinationCidrBlock: destinationCidr,
+    });
+  };
+
+  addBlackholeRoute(id: string, destinationCidr: string): TransitGatewayBlackholeRoute {
+    return new TransitGatewayBlackholeRoute(this, id, {
+      transitGatewayRouteTable: this,
+      destinationCidrBlock: destinationCidr,
+    });
+  }
+
+  addAssociation(id: string, transitGatewayAttachment: ITransitGatewayAttachment): TransitGatewayRouteTableAssociation {
+    return new TransitGatewayRouteTableAssociation(this, id, {
+      transitGatewayVpcAttachment: transitGatewayAttachment,
+      transitGatewayRouteTable: this,
+    });
+  }
+
+  enablePropagation(id: string, transitGatewayAttachment: ITransitGatewayAttachment): TransitGatewayRouteTablePropagation {
+    return new TransitGatewayRouteTablePropagation(this, id, {
+      transitGatewayVpcAttachment: transitGatewayAttachment,
+      transitGatewayRouteTable: this,
+    });
+  }
+}
+
+/**
+ * An AWS Transit Gateway route table
+ *
+ * @resource AWS::EC2::TransitGatewayRouteTable
+ */
+export class TransitGatewayRouteTable extends TransitGatewayRouteTableBase {
+  public readonly routeTableId: string;
+  public readonly transitGateway: ITransitGateway;
+
+  constructor(scope: Construct, id: string, props: TransitGatewayRouteTableProps) {
+    super(scope, id);
+
+    const resource = new CfnTransitGatewayRouteTable(this, id, {
+      transitGatewayId: props.transitGateway.transitGatewayId,
+    });
+
+    this.routeTableId = resource.ref;
+    this.transitGateway = props.transitGateway;
+  }
+}