Open in app

Sign in

Write

Sign in

Scaling Network Connectivity in your VPC with AWS Transit Gateway

Reginald Bratton
6 min readDec 28, 2023

--

Written by Reginald Bratton

VPC

Today we are going to cover a VPC, VPC peering, Internet Gateways and also using AWS Transit Gateway.

Quick overview of how all of the services are intertwined:

VPC (Virtual Private Cloud)- if you need a refresher I have your covered. Click here.

VPC peering- conceptually you have three departments (sales, marketing and compliance) and they have resources stored in the VPC but all three departments need to be able to communicate with each other and retrieve data basically they all need to interact with each other in the “cloud”.

This is when you would peer the three VPC’s. BUT VPC is not transitive, meaning if (VPC B) is connected to marketing (VPC A) and then connected to compliance (VPC C) this leaves VPC B and VPC C not connected (not transitive) you would need to connect VPC B to VPC C directly not through another VPC.

not transitive

Now we can see why VPC peering is important but there is a another way for more complex networking solutions and this is where AWS Transit Gateway comes in to the save the day!

AWS Transit Gateway connects your Amazon Virtual Private Clouds (VPCs) and on-premises networks through a central hub. This connection simplifies your network and puts an end to complex peering relationships. Transit Gateway acts as a highly scalable cloud router — each new connection is made only once.

In simple terms instead of just peering the connections you can use AWS Transit Gateway to scale up (like building another VPC and connecting it or erasing it when not needed), simplifying the network connects being that the more resources you add you will need traffic to be routed. Going to individual VPC’s to connect them can slow you down so why not just use the AWS Transit Gateway?? and this could be done from one centralized hub! You can keep the main thing the main thing and that is developing the app and spending time improving it not worrying connecting VPC’s.

For our client today they are a spacecraft fleet management company. They are studying a expedition around Jupiter. They three different fleets currently stored in three VPC’s. They are looking to add a fourth fleet and they need another VPC to store/secure what they are finding on their expedition. They are looking to be able to scale up their resources while being cost efficient but also they will continue to have peering with all four VPC’s. We are going to eliminate the VPC peering and setup AWS Transit Gateway routing for one centralized hub where you can add more VPC’s (scaling up or out) without peering VPC A to VPC Z and peering VPC A to VPC L being that VPC peering is not transitive. We can simplify this using the AWS Transit Gateway.

Follow me:

To star off we are going to delete our VPC peering connection

Next page you will delete the route table. Route tables route traffic for you when you are establishing a VPC. Routing the traffic helps keep your VPC secure. Only IP address with a certain allowable address will be allowed access to your VPC.

Connection deleted:

VPC A is not connected to VPC B any more

Use the same steps to delete the connection for VPC A and VPC C (Not shown)

Now we need to set up the Transit Gateway:

Scroll down in your VPC:

Scroll down and create (not shown)

Key information to notate: Each VPC has two subnets (public and private) each in its own availability zone. We will create two subnets for each VPC (VPC A, VPC B, VPC C and DIY VPC D). We will place those subnets in two availability zones as well.

When using a Transit Gateway and using a Internet gateway you will need to route both to your subnets (private/public). View our picture below.

The IGW stands for internet gateway which connects to your two subnets.

TGW stands for Transit Gateway connects to your VPC. Our picture below shows the two targets for the IGW and TGW. Notice Our CIDR box (0.0.0.0/0) which will allow traffic from any IP address on the internet being that this is for the Internet Gateway we need full access for customers to be able to find out resources.

DIY mission completed:

Created VPC D and linked with using Transit Gateway and routed traffic with a Internet Gateway to my subnets.

To test connection using the TGW you can connect to your EC2 instance using SSH

This will bring you your connection method, we are using Session Manager

Your session manager will look different, this picture is used for illustration purposes only.

To recap: steps are below

  1. I created VPC D and routed it with a AWS transit gateway (AWS TGW)

2. Created two subnets for VPC D and placed the subnets in two availability zones (VPC D-AZ1-availibility zone 1) (VPC D-AZ2 availability zone 2)

3. After creating VPC D and the subnets in two different availability zones I routed the traffic using the TGW (Transit Gateway) and a IGW (Internet Gateway)

Click edit routes

We have routed our traffic!

Quick overview of what we did today

DIY done

Thanks for following along!

Feel free to clap and follow me as I build more solutions! and you can view my other posts

To connect with me on LinkedIn click here

Aws Transit Gateway
Vpc
Vpc Peering

--

--

Reginald Bratton

Written by Reginald Bratton

64 Followers

Join me and let's build together.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams