Hi Kanan.

Below is my CLI-template configuration 

interface GigabitEthernet2
description VPN1-To-AWS-TGW
vrf forwarding 1
ip address 10.127.255.246 255.255.255.240
no ip redirects
ip nbar protocol-discovery
load-interval 30
negotiation auto
arp timeout 1200
no mop enabled
no mop sysid

interface Tunnel1000
vrf forwarding 1
ip address 169.254.254.1 255.255.255.248
ip mtu 1500
tunnel source GigabitEthernet2
tunnel destination 10.127.155.7

ip route vrf 1 10.127.155.7 255.255.255.255 10.127.255.241

Thank you.

add

tunnel vrf 1 under tunnel1000 interface and try again

Hi Kanan.

Thank you for your response. I added "tunnel vrf 1" configuration under tunnel1000 interface configuration, I still cannot ping to the GRE peer ip. When I remove the vrf configuration on Gi2 and Tunnel1000 interface, I can ping to GRE peer IP. 

When you have configuration with VRF forwarding, can you ping remote tunnel destination (10.127.155.7) ?

EDIT: it seems it (underlay) can not be pinged as per doc (2019-2020)

Is it connect attachment with VPC transport? As I understand, "10.127.255.241" is VPC router IP for subnet of Gi2.

Did you modify route table associated with Gi2 interface subnet to route towards TGW for TGW CIDR (tunnel destionation)?

In any case, it should not be problem in your underlay, since it works without vrf forwarding. Could you share vrf table when configuration is normal (i.e non-working scenario)? Also, sh interface tun1000

Hi Kanan.

When you have configuration with VRF forwarding, can you ping remote tunnel destination (10.127.155.7) ? -> The remote tunnel destination is configured on AWS Transit Gateway, which is not ping-able. 

Is it connect attachment with VPC transport? As I understand, "10.127.255.241" is VPC router IP for subnet of Gi2. -> Correct, 10.127.255.241 is AWS Transit Gateway ip address.

Did you modify route table associated with Gi2 interface subnet to route towards TGW for TGW CIDR (tunnel destionation)? Yes we associate Gi2 interface subnet in route table TGW

I attached log output for show interface Tun1000 and show ip route vrf 1 on file attached this post. 

Ping gre tunnel end with using source with ping command 

Ping <gre tunnel end1> source <gre tunnel end2>

Hi MHM. 

We tried to ping gre tunnel end using source Tunnel1000 ip, still comes out failed. 

IDCBRAWS01PIR02#ping vrf 1 169.254.254.2 source Tunnel1000
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 169.254.254.2, timeout is 2 seconds:
Packet sent with a source address of 169.254.254.1
.....
Success rate is 0 percent (0/5)

10.127.255.246 ping vrf aware to 10.127.255.241

Are this success? 

We're unable to PING 10127.255.241 because the behaviour of Transit Gateway in AWS, but we can see the ARP of that IP. Also, if we changed the vrf into vrf default, we're able to PING to remote GRE IP. 

IDCBRAWS01PIR02#show ip arp vrf 1
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.127.255.241 0 0a58.6753.6b02 ARPA GigabitEthernet2
Internet 10.127.255.246 - 0aa4.1962.c206 ARPA GigabitEthernet2
IDCBRAWS01PIR02#

I think this issue not solve yet can I ask
why you need VRF in SD-WAN ?

10.127.255.241 should be VPC router IP (gateway for subnet). Ping it when VRF is configured and show results.

10.127.155.7 should be TGW IP , it is not pingable.

Configure normal VRF based state (don't forget tunnel vrf keyword, in my lab GRE over service side did not work without this keyword) and then do packet capture:

It is available both for transport (Gi2) and Tunnel (Tu1000) interfaces. Do capture for physical interface, try to ping gre destination (169.254.254.2 as I understand) and save capture. Then do capture for tunnel interface try to ping and save capture.

Attach both captures here.