Transit Gateways - TannerWeinacker/Capstone GitHub Wiki

What are Transit Gateways

With a Transit Gateway, you can attach VPCs and VPN connections in the same Region and route traffic between them. Meaning that you are able to connect a VPC and on-prem networks to a single gateway, instead of using multiple VPN connections or using AWS Direct Connect.

  • Transit gateways work across AWS accounts
  • AWS RAM can be used to share Transit Gateways with other accounts
  • A routing table inside the transit gateway allows for both IPv4 or IPv6 CIDRs and targets

The Transit Gateway also provides advanced features such as routing, security, and monitoring, which allow customers to control and monitor network
traffic and apply security policies to protect their network.

How Transit Gateways work

  1. Virtual Private Clouds (VPCs) and on-premises networks are connected to the Transit Gateway through Transit Gateway attachments. Each attachment can be associated with one VPC or one on-premises network.

  2. When a VPC or an on-premises network is attached to the Transit Gateway, routes are automatically exchanged between the Transit Gateway and the attached network. This enables the attached network to send traffic to other VPCs and on-premises networks that are also attached to the Transit Gateway.

  3. The Transit Gateway uses route tables to control how traffic is forwarded between the attached networks. Each attachment can have its own set of route tables.

  4. The Transit Gateway also provides advanced features such as routing domains, which allow customers to partition their network into multiple routing domains for better management and control.

  5. Security groups and Network ACLs (Access Control Lists) can be applied to the Transit Gateway to control traffic between the attached networks.

Enabling Transit Gateway Multicast

This will allow multicast traffic to be sent from a multicast source to a multicast group over VPC attachments that are associated with the domain.

Virtual Private Gateway VS Transit Gateways

A Virtual Private Gateway provides point-to-point VPN connectivity between a VPC and an on-premises network, while a Transit Gateway provides centralized network connectivity for multiple VPCs and on-premises networks. A VGW is associated with a single VPC, while a Transit Gateway can connect multiple VPCs and on-premises networks.

Sources

TGW