diff --git a/examples/full-setup-tf-upgrade/tgw/README.md b/examples/full-setup-tf-upgrade/tgw/README.md
index d619f6a..af29a56 100644
--- a/examples/full-setup-tf-upgrade/tgw/README.md
+++ b/examples/full-setup-tf-upgrade/tgw/README.md
@@ -49,6 +49,40 @@ This is used to pull other variables from remote state.
 tf-run apply
 ```
 
+# Converting the VPC to TGW
+
+## Preparation
+
+* do iperf3 before
+* ping (nping) multiple hosts like: `sudo nping -c 10 --icmp IP IP IP` to make sure there is connectivity
+* may also do `nmap -p 22 IP IP IP` to be sure SSH connectivity is there
+* change variables.vpc.auto.tfvars to disable VPC VPN and enable TGW VPN
+* do tf-plan in both vpcN and vpcN/tgw so they are ready
+
+## Executing the changes
+
+* run continuous ping (nping) multiple hosts like: `sudo nping -c 300 --icmp IP IP IP`
+* do changes in vpcN/tgw/ first
+* then do changes in vpcN
+  * if super old stuff (do2-govcloud), need to disable/delete the vgw propagation resources
+  * also need to "shut" the tunnels, so need to work with TCO for that
+
+## Create Issue to remove VPN
+
+1. create issue in cloud-information
+   `remove vpn ACCOUNT ALIAS REGION VPCNAME CIDR`
+1. add text from
+`tf-output vpn_tunnel_endpoints` as hcl markdown (without the header log text)
+for older VPCs, this output won't exist. So, add the contents of the following
+```script
+tf-output | grep vpn_
+show-tunnel-status.sh  $(get-profile) $(get-region) "*VPCSHORT*"
+TFNOCOLOR=1 tf-state show aws_vpn_connection.vpn_bcc |grep -iE "tunnel.*(address|asn)" | grep -v \<                               
+TFNOCOLOR=1 tf-state show aws_vpn_connection.vpn_hq  |grep -iE "tunnel.*(address|asn)" | grep -v \<                               
+```
+1. add to milestone `Remove VPC based VPN`
+1. add to project `VPC Transit Gateway Migration`
+
 <!-- No editing needed beyond this point -->
 <!-- BEGIN_TF_DOCS -->
 <!-- END_TF_DOCS -->