diff --git a/fast/stages/2-networking-e-nva-bgp/README.md b/fast/stages/2-networking-e-nva-bgp/README.md
index 405ac7190..eabd74dba 100644
--- a/fast/stages/2-networking-e-nva-bgp/README.md
+++ b/fast/stages/2-networking-e-nva-bgp/README.md
@@ -488,7 +488,7 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS
 | [main.tf](./main.tf) | Networking folder and hierarchical policy. | <code>folder</code> · <code>net-firewall-policy</code> |  |
 | [monitoring-vpn-onprem.tf](./monitoring-vpn-onprem.tf) | VPN monitoring alerts. |  | <code>google_monitoring_alert_policy</code> |
 | [monitoring.tf](./monitoring.tf) | Network monitoring dashboards. |  | <code>google_monitoring_dashboard</code> |
-| [ncc.tf](./ncc.tf) | None | <code>ncc-spoke-ra</code> |  |
+| [ncc.tf](./ncc.tf) | None | <code>ncc-spoke-ra</code> | <code>google_network_connectivity_hub</code> |
 | [nva.tf](./nva.tf) | None | <code>compute-vm</code> · <code>simple-nva</code> | <code>google_compute_address</code> |
 | [outputs.tf](./outputs.tf) | Module outputs. |  | <code>google_storage_bucket_object</code> · <code>local_file</code> |
 | [regions.tf](./regions.tf) | Compute short names for regions. |  |  |
diff --git a/fast/stages/2-networking-e-nva-bgp/ncc.tf b/fast/stages/2-networking-e-nva-bgp/ncc.tf
index d0d8766a2..97fb5f370 100644
--- a/fast/stages/2-networking-e-nva-bgp/ncc.tf
+++ b/fast/stages/2-networking-e-nva-bgp/ncc.tf
@@ -14,6 +14,18 @@
  * limitations under the License.
  */
 
+resource "google_network_connectivity_hub" "hub_trusted" {
+  name        = "prod-hub-trusted"
+  description = "Prod hub trusted"
+  project     = module.landing-project.project_id
+}
+
+resource "google_network_connectivity_hub" "hub_untrusted" {
+  name        = "prod-hub-untrusted"
+  description = "Prod hub untrusted"
+  project     = module.landing-project.project_id
+}
+
 module "spokes-trusted" {
   for_each   = var.regions
   source     = "../../../modules/ncc-spoke-ra"
@@ -22,8 +34,8 @@ module "spokes-trusted" {
   region     = each.value
 
   hub = {
-    create = true,
-    name   = "prod-hub-trusted-${each.value}"
+    create = false,
+    id     = google_network_connectivity_hub.hub_trusted.id
   }
 
   router_appliances = [
@@ -72,8 +84,8 @@ module "spokes-untrusted" {
   region     = each.value
 
   hub = {
-    create = true,
-    name   = "prod-hub-untrusted-${each.value}"
+    create = false,
+    id     = google_network_connectivity_hub.hub_untrusted.id
   }
 
   router_appliances = [
diff --git a/tests/fast/stages/s2_networking_e_nva_bgp/stage.yaml b/tests/fast/stages/s2_networking_e_nva_bgp/stage.yaml
index fa62dac08..960ac5235 100644
--- a/tests/fast/stages/s2_networking_e_nva_bgp/stage.yaml
+++ b/tests/fast/stages/s2_networking_e_nva_bgp/stage.yaml
@@ -14,4 +14,4 @@
 
 counts:
   modules: 36
-  resources: 210
+  resources: 208