TABLE OF CONTENT1. Introduction to AWS Transit Gateway2. Transit Gateway concepts How do Transit Gateways Work?4. Architecture for connecting 3 VPCs in a Different Area Transit Gateway6. Step-by-Step Guide for Working With Amazon Transit Gateway7. AWS Transit Gateway Pricing8. About CloudThat9. FAQsIntroduction To AWS Transit Gateway
You will need to find a way to connect resources that are located in different VPCs as your cloud infrastructure grows. You can use a Transit Gateway to connect your virtual private clouds (VPCs), and on-premises network. It acts as a hub and spoke or star topology design to connect VPCs and on premise networks. Transit Gateway allows customers the ability to connect thousands upon thousands of VPCs. It is a regional service. It provides simplified connectivity to multiple VPCs as compared with a complex VPC peering link. The traffic between VPCs and Transit Gateway is protected on the AWS global private network. It is not accessible to the public internet. Transit Gateways from different regions can peer to each other to allow VPC communications between regions. Transit Gateway inter-Region peering encrypts all traffic with no single point or bandwidth bottleneck, which allows you to achieve greater security.
Transit Gateway Concepts
These are the key concepts that Transit Gateways should follow:
Attachments — Attach the following to the Transit Gateway
An AWS Direct Connect gateway
A peering connection to another Transit Gateway
A VPN connection to a Transit Gateway
Transit Gateway route table — Transit Gateway has a default routing table. A route table can include dynamic and static routes. These routes determine the next hop based upon the packet’s destination IP address. These routes are intended to target the Transit Gateway attachment. Transit Gateway attachments are automatically associated with the default transit gateway table.
Route propagation — A VPC or VPN connection, or Direct Connect gateway, can dynamically propagate routes to Transit Gateway route tables.
How do Transit Gateways Work?
Transit Gateway is a virtual router that allows traffic flow between your virtual private cloud (VPCs) through transit gateway. Transit Gateway sends packets from one VPC into another VPC. Layer 3 is used for routing from Transit Gateway.
The following diagram shows a Transit Gateway that has three VPCs within the same region. Each VPC has a route table that includes the local route as well as routes that will send traffic to the Transit Gateway.
Source: https://docs.aws.amazon.com/vpc/latest/tgw/how-transit-gateways-work.html#architecture-diagram
Architecture for connecting 3 VPCs in a Different Area
Transit Gateway route table for attachments shown in this diagram:
DestinationTargetRoute TypeVPC A CIDRAttachment for VPC APropagatedVPC B CIDRAttachment for VPC BPropagatedVPC C CIDRAttachment for VPC CPropagatedWorking with Transit Gateway
The following diagram shows a Transit Gateway equipped with VPC attachments in another region.
These methods allow you to create, access, manage, and control the Transit Gateway.
AWS Management Console — This provides a graphical user interface to allow you to access your Transit Gateways.
AWS Command Line Interface — This interface allows you to use commands for AWS services such as Amazon VPC and EC2, S3, and is supported on Windows, macOS and Linux.
AWS SDKs — This provides language-specific API operations that simplify the coding. It is used for Amazon S3, Amazon EC2, DynamoDB and many other purposes.
Step-by-Step Guide to Working with Amazon Transit Gateway
Two VPCs can be created with one public subnet.
a. Login into AWS management console, go to VPC service, click Launch VPC Wizard in the VPC dashboard
b. Select VPC, subnet under Auto-generate gives a name for the VPC. IPV4 CIDR Block gives VPC CIDR as –
