diff --git a/vpc-transit-gateway-association/README.md b/vpc-transit-gateway-association/README.md
index c8fbafb..826807f 100644
--- a/vpc-transit-gateway-association/README.md
+++ b/vpc-transit-gateway-association/README.md
@@ -40,12 +40,14 @@ module "vpc_tgw" {
 
 | Name | Type |
 |------|------|
+| [aws_route.gateway](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource |
 | [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
 | [aws_arn.network_account](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
 | [aws_availability_zone.zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zone) | data source |
 | [aws_availability_zones.zones](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_caller_identity.network_account](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_ec2_managed_prefix_list.tgw](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ec2_managed_prefix_list) | data source |
 | [aws_ec2_transit_gateway.gateway_peer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ec2_transit_gateway) | data source |
 | [aws_ec2_transit_gateway.gateway_self](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ec2_transit_gateway) | data source |
 | [aws_ec2_transit_gateway_route_table.route_tables_peer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ec2_transit_gateway_route_table) | data source |
@@ -65,8 +67,9 @@ module "vpc_tgw" {
 | <a name="input_create"></a> [create](#input\_create) | Flag to indicate whether to create the resources or not (default: true) | `bool` | `true` | no |
 | <a name="input_network_account_profile"></a> [network\_account\_profile](#input\_network\_account\_profile) | AWS profile of the source account sharing the VPC resources | `string` | n/a | yes |
 | <a name="input_override_prefixes"></a> [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component. This should be used primarily for common infrastructure things | `map(string)` | `{}` | no |
+| <a name="input_private_subnets_ids"></a> [private\_subnets\_ids](#input\_private\_subnets\_ids) | List of private subnet objects including: subnet, label, availability\_zone, id | <pre>list(object({<br>    subnet            = string<br>    label             = string<br>    availability_zone = string<br>    id                = string<br>  }))</pre> | `[]` | no |
+| <a name="input_route_prefix_list_name"></a> [route\_prefix\_list\_name](#input\_route\_prefix\_list\_name) | Shared prefix list name used for routing to TGW.  It is comprised of all of the network CIDR blocks in AWS using TGW. | `string` | `"transit-gateway.prod.ipv4"` | no |
 | <a name="input_route_table_label"></a> [route\_table\_label](#input\_route\_table\_label) | Route table lable for the attachment subnets | `string` | `"attachment"` | no |
-| <a name="input_subnet_ids"></a> [subnet\_ids](#input\_subnet\_ids) | List of subnet IDs for this VPC for the TGW attachment. This should be not public, and should be a separate attachment set of /28 subnets with no other use | `list(string)` | n/a | yes |
 | <a name="input_tags"></a> [tags](#input\_tags) | AWS Tags to apply to appropriate resources (S3, KMS).  Do not include safeguard tags here, use the data\_safeguard field for such things. | `map(string)` | `{}` | no |
 | <a name="input_transit_gateway_environment"></a> [transit\_gateway\_environment](#input\_transit\_gateway\_environment) | Transit Gateway Environment (aka, VRF) to which to connnect this VPC | `string` | n/a | yes |
 | <a name="input_vpc_environment"></a> [vpc\_environment](#input\_vpc\_environment) | VPC environment purpose (infrastructure, common, shared, dev, stage, ite, prod) | `string` | `null` | no |
diff --git a/vpc-transit-gateway-association/routing.tf b/vpc-transit-gateway-association/routing.tf
index e51380a..9f8f8d7 100644
--- a/vpc-transit-gateway-association/routing.tf
+++ b/vpc-transit-gateway-association/routing.tf
@@ -4,7 +4,7 @@ module "routing_attachment" {
 
   vpc_full_name                = var.vpc_full_name
   availability_zones           = var.availability_zones
-  private_subnets_ids          = var.subnet_ids
+  private_subnets_ids          = var.private_subnets_ids
   create_public_route_table    = false
   private_route_table_label    = var.route_table_label
   enable_igw                   = false
@@ -23,12 +23,20 @@ module "routing_attachment" {
   )
 }
 
-## # routes to tgw (for now, 10.128/16, should be each of the highest cidr blocks per account). It would be nice to use prefix lists, but not supported in gov
-## resource "aws_route" "gateway" {
-##   for_each               = module.routing.private_route_table_ids 
-##   route_table_id         = each.value
-## #  destination_cidr_block = "0.0.0.0/0"
-##   destination_cidr_block = "10.128.0.0/16"
-##   transit_gateway_id         = data.aws_ec2_transit_gateway.gateway_east.id
-##   depends_on = [ aws_ec2_transit_gateway_vpc_attachment.vpc_attachment ]
-## }
+data "aws_ec2_managed_prefix_list" "tgw" {
+  filter {
+    name   = "prefix-list-name"
+    values = [var.route_prefix_list_name]
+  }
+}
+
+resource "aws_route" "gateway" {
+  for_each = module.routing.private_route_table_ids
+
+  route_table_id = each.value
+  #  destination_cidr_block = "10.128.0.0/16"
+  destination_prefix_list_id = data.aws_ec2_managed_prefix_list.tgw.id
+  transit_gateway_id         = data.aws_ec2_transit_gateway.gateway_east.id
+
+  depends_on = [aws_ec2_transit_gateway_vpc_attachment.vpc_attachment]
+}
diff --git a/vpc-transit-gateway-association/variables.subnets.tf b/vpc-transit-gateway-association/variables.subnets.tf
new file mode 100644
index 0000000..666405e
--- /dev/null
+++ b/vpc-transit-gateway-association/variables.subnets.tf
@@ -0,0 +1,12 @@
+# from routing/variables.f
+
+variable "private_subnets_ids" {
+  description = "List of private subnet objects including: subnet, label, availability_zone, id"
+  type = list(object({
+    subnet            = string
+    label             = string
+    availability_zone = string
+    id                = string
+  }))
+  default = []
+}
diff --git a/vpc-transit-gateway-association/variables.tf b/vpc-transit-gateway-association/variables.tf
index e790a88..f09d671 100644
--- a/vpc-transit-gateway-association/variables.tf
+++ b/vpc-transit-gateway-association/variables.tf
@@ -13,10 +13,10 @@ variable "transit_gateway_environment" {
   }
 }
 
-variable "subnet_ids" {
-  description = "List of subnet IDs for this VPC for the TGW attachment. This should be not public, and should be a separate attachment set of /28 subnets with no other use"
-  type        = list(string)
-}
+## variable "subnet_ids" {
+##   description = "List of subnet IDs for this VPC for the TGW attachment. This should be not public, and should be a separate attachment set of /28 subnets with no other use"
+##   type        = list(string)
+## }
 
 variable "route_table_label" {
   description = "Route table lable for the attachment subnets"
@@ -24,4 +24,8 @@ variable "route_table_label" {
   default     = "attachment"
 }
 
-
+variable "route_prefix_list_name" {
+  description = "Shared prefix list name used for routing to TGW.  It is comprised of all of the network CIDR blocks in AWS using TGW."
+  type        = string
+  default     = "transit-gateway.prod.ipv4"
+}