diff --git a/examples/full-setup-tf-upgrade/tgw/README.md b/examples/full-setup-tf-upgrade/tgw/README.md
index 07ae2b3..d619f6a 100644
--- a/examples/full-setup-tf-upgrade/tgw/README.md
+++ b/examples/full-setup-tf-upgrade/tgw/README.md
@@ -10,6 +10,16 @@ Make sure the VPC directory contains these two files:
 * outputs.routing.tf
 * variables.tgw_environment.tf
 
+Also, copy an updated `vpc.tf` into the main VPC directory (same location as the two files above). This is because
+we need to remove the attachment subnet association to the main private route table.
+
+Also, you will need to be sure the attachment subnets have the proper tag:  In `variables.subnets.auto.tfvars`, update
+th attachment subnet block to add a tag of `"boc:vpc:route-table" = "attachment"` as shown in the example:
+
+```hcl
+  { base_cidr = "10.192.1.128/25", label = "attachment", bits = 2, private = true, enabled = true, tags = { "boc:vpc:route-table" = "attachment" } },
+```
+
 You will need to do a `tf-apply` to add the new outputs to remote state.
 
 ## FIles in VPC/tgw directory
diff --git a/examples/full-setup-tf-upgrade/vpc.tf b/examples/full-setup-tf-upgrade/vpc.tf
index 78bc9eb..e7c2b46 100644
--- a/examples/full-setup-tf-upgrade/vpc.tf
+++ b/examples/full-setup-tf-upgrade/vpc.tf
@@ -21,7 +21,10 @@ module "vpc" {
   vpc_ntp_servers = var.vpc_ntp_servers
   enable_aws_dns  = var.vpc_enable_awsdns
 
-  tags = local.tags
+  tags = merge(
+    local.tags,
+    tomap({ "boc:tgw_environment" = var.tgw_environment }),
+  )
 }
 
 module "subnets" {
@@ -39,9 +42,10 @@ module "routing" {
   source = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//routing?ref=tf-upgrade"
   vpc_id = local.vpc_id
 
-  vpc_full_name       = var.vpc_full_name
-  availability_zones  = []
-  private_subnets_ids = module.subnets.private_subnets_ids
+  vpc_full_name      = var.vpc_full_name
+  availability_zones = []
+  #  private_subnets_ids = module.subnets.private_subnets_ids
+  private_subnets_ids = [for sn in module.subnets.private_subnets_ids : sn if lookup(sn.tags, "boc:vpc:route-table", null) != "attachment"]
   public_subnets_ids  = module.subnets.public_subnets_ids
   enable_igw          = var.vpc_enable_igw
   enable_nat          = var.vpc_enable_nat