Introduction to AWS Transit Gateway
As your cloud infrastructure expands globally you need to find out a way to connect your resources which are in different VPCs. A Transit Gateway is a network hub that you can use to interconnect your virtual private clouds (VPCs) and on-premises networks. It is like a hub and spoke design or star topology design for connecting VPCs and on-premises networks. Transit Gateway allows customers to connect thousands of VPCs together. It is a regional service. It gives you simplified connectivity to the multiple VPC as compared to a complex VPC peering connection. Traffic between VPC and Transit Gateway remains on the AWS global private network and is not exposed to the public internet. Transit Gateways in different regions can peer with each other to enable VPC communications across regions. Transit Gateway inter-Region peering encrypts all traffic, with no single point of failure or bandwidth bottleneck which helps you to get improved security.
Transit Gateway Concepts
The following are the key concepts for Transit Gateways:
- Attachments — You can attach the following to the Transit Gateway:
- One or more VPCs
- An AWS Direct Connect gateway
- A peering connection with another Transit Gateway
- A VPN connection to a Transit Gateway
- Transit Gateway route table — A Transit Gateway has a default route table. A route table includes dynamic and static routes that decide the next hop based on the destination IP address of the packet. The target of these routes is the Transit Gateway attachment. By default, Transit Gateway attachments are associated with the default transit gateway route table.
Route propagation — A VPC, VPN connection, or Direct Connect gateway can dynamically propagate routes to a Transit Gateway route table.
How do Transit Gateways Work?
A Transit Gateway acts as a virtual router for traffic flow between your virtual private clouds (VPCs). The packets are sent from one VPC to another VPC through Transit Gateway. Routing from a Transit Gateway operates at layer 3.
The following diagram shows a Transit Gateway with three VPCs in the same region. The route table for each of the three VPCs includes the local route and routes that send traffic for the other two VPCs through the Transit Gateway.
Architecture for Connecting 3 VPCs in a Different Region
Transit Gateway route table for the attachments shown in the above diagram:
|VPC A CIDR||Attachment for VPC A||Propagated|
|VPC B CIDR||Attachment for VPC B||Propagated|
|VPC C CIDR||Attachment for VPC C||Propagated|
Working with Transit Gateway
The following diagram shows a Transit Gateway with VPC attachments in a different region.
You can create, access, and manage the Transit Gateway using any of the following methods:
- AWS Management Console — It provides a graphical user interface that you can use to access your Transit Gateways.
- AWS Command Line Interface (AWS CLI) — It provides commands for AWS services, including Amazon VPC, EC2, S3, and the commands are supported on Windows, macOS, and Linux.
AWS SDKs — It provides language-specific API operations and removes the complexity of the coding. It is used for Amazon S3, Amazon EC2, DynamoDB, and more.
Step by Step Guide for Working with Amazon Transit Gateway
- Create 2 VPC with one public subnet-
a. Login to AWS management console and go to VPC service, in the VPC dashboard click Launch VPC Wizard
b. Select VPC, subnet, under Auto-generate option, gives a name to the VPC, under IPV4 CIDR block give VPC CIDR as- 10.0.0.0/16
c. Select Availability Zone 1, number of public subnets 1, number of private subnet 0.
d. Select NAT Gateway to None, VPC endpoint to None, and enable DNS hostname and DNS resolution. Then click on create VPC.
e. Follow the same step from (a) to (c) to create one more VPC with name B and CIDR block 10.1.0.0/16
2)Create the Transit Gateway.
a. In VPC service select Transit Gateway, click create Transit Gateway.
b. Under the name tag give the name TG1, under description put AVPC-BVPC-TG.
c. Keep other options default and click on Create Transit Gateway.
3) Create a Transit Gateway Attachment.
a. Under the Transit Gateway option in VPC service click on Transit Gateway attachment and then select create Transit Gateway attachment.
b. Under the name tag give a name to any of your attachment, in Transit Gateway ID select the Transit Gateway which you created in step 3 (a), in the Attachment type select VPC.
c. In VPC ID select A-VPC, in Subnet IDs select A-subnet-public1-us-est-1a.
d. Keep other options default and select create Transit Gateway attachment.
e. Follow the same step to create the Transit Gateway attachment for B-VPC
f. Your transit gateway attachment console should look like the below.
4) Update the route table of both VPC with the entry of the Transit Gateway attachment.
a. Under VIRTUAL PRIVATE CLOUD in VPC service go on route table select A-rtb-public click on Routes click on edit routes.
b. In Destination give the CIDR block of B-VPC which is 10.1.0.0/16, in Target select Transit Gateway then select Transit Gateway attachment AVPC-TG, click on save changes.
c.Under VIRTUAL PRIVATE CLOUD in VPC service go on route table select B-rtb-public click on Routes click on edit routes.
d. In Destination give the CIDR block of A-VPC which is 10.0.0.0/16, in Target select Transit Gateway then select Transit Gateway attachment BVPC-TG, click on save changes.
AWS Transit Gateway Pricing
The Transit Gateway is charged on an hourly basis. You get charged for the number of connections or attachments that you make to the Transit Gateway per hour and the amount of traffic that flows through AWS Transit Gateway. Data processing charges apply per gigabyte sent from a VPC, Direct Connect, or VPN to the AWS Transit Gateway.
As an example, if you have a Transit Gateway in Ohio(us-east-2) region and an Amazon VPC is attached to it then the pricing will be like below:
|Sr No.||Cost Factor||Cost|
|1||Price per AWS Transit Gateway attachment ($)||$0.05|
|2||Price per GB of data processed ($)||$0.02|
Consulting Partner, AWS authorized Training Partner, Microsoft Gold Partner, and Winner of the Microsoft Asia Superstar Campaign for India: 2021. Our team has designed and delivered various Disaster Recovery strategies to our customers.
We are on a mission to build a robust cloud computing ecosystem by disseminating knowledge on technological intricacies within cloud space. Our blogs, webinars, case studies, and white papers enable all the stakeholders in the cloud computing sphere to advance in their businesses.
To get started, go through our Expert Advisory page and Managed Services Package that is CloudThat’s offerings. Then, you can quickly get in touch with our highly accomplished team of experts to carry out your migration needs. Feel free to drop a comment or any queries that you have about Audio-to-text Automated Conversion, AWS Transcribe, or any other AWS services we will get back to you quickly.
Q1: Can I connect Amazon VPCs with the same CIDRs to the Transit Gateway?
Ans: AWS Transit Gateway does not support routing between Amazon VPCs with the same CIDRs.
Q2: How many AWS Transit Gateways can you create per AWS account?
Ans: The default quota for the Transit Gateway per AWS account is 5. This quota is adjustable using the AWS support case.
Q3: Does AWS Transit Gateway Connect supports IPv6?
Ans: Yes, AWS Transit Gateway Connect supports IPv6.