As the Edtech industry continues to grow and evolve, the need for reliable and secure network infrastructure becomes imperative. Recently I got a chance to work on an Edtech project where we had to manage multiple Virtual Private Clouds (VPCs) and on-premises networks in order to accommodate their different environments – development, testing, and production.
Managing these networks separately was quite challenging and also made it difficult to troubleshoot any issues. This is where we thought of leveraging AWS Transit Gateway. In this blog, we’ll explore the capabilities of AWS Transit Gateway.
Transit Gateway can make your routing easy with the simple configuration just by making simple Transit attachments. See how it works.
What is Transit Gateway?
Transit gateways help you to connect multiple VPCs, multiple Transit Gateway, network Appliance, AWS Direct Connect Gateway, and VPN to transit Gateway. It helps you in making your routing flow understandable and easy to maintain. More over you can say it’s serverless of your VPC peering Service.
How it works?
Yes we are talking about attachments of Transit Gateway. If you see the above diagram we use attachments to connect multiple VPCs.
- Like you want to connect with Account A and Account B VPC.
- Go to AWS console Create Transit Gateway in Account A
- Now Account A is your Hub and all other accounts reaching out will be your spoke
- Go to Transit Gateway attachment. Name and create TG Attachment with VPC
- Go to the Transit Gateway Console share the Transit Gateway from Account A to Account B.
- Go to Account B and create an attachment for vpc in Account B.
- After creating an attachment you will receive request for acceptance in Account A.
- Accept it and you find now you have established a link between Account A and B.
- Now just edit the route table of subnets and enter the rule of the TGW.
- Now your both VPC are peered not with Peering connections but with TGWs 🙂
What Else can we do with Transit gateway?
Connect everything or anything with Transit Gateway
Source: https://www.telecomhall.net/t/jack-of-all-trades-master-of-none-in-telecom/12326
- Well, it’s highly scalable and can connect thousands of VPCs.
- Peering can be done in two ways by sharing TG’s or creating attachment with VPC peering. That sounds pretty annoying, but yes it’s true to save costs.
- Transit Gateway can have its own CIDRS
- It can have IPv4 and IPv6 address
- Its supports VPN connections
- Transit Gateway can be used with AWS Direct Connect to create a private connection between an on-premises network
- It can be peered with appliances on-premisses
- Well tags are common in all the AWS services
How Can we monitor the Logs for Particular Flow?
That’s too quite easy just go to that attachment. Go to Actions to enable flow Logs either to S3 or CloudWatch Log groups
Does it Replace VPC Peering?
Yes, it replaces VPC peering and makes your routing simple. Now no more routings needed to be added in both VPCs Now it can be controlled by single Account and not different peering pcx-id required only single tgw-id needed to be added and it works.
Costing?
Yes you are charged for every TGW attachment and the cost of data transfer across regions
Conclusion
In the next part of this blog, I will explain how we can manage to restrict URLs going as outbound traffic from your Instances using the AWS firewall. It will be a more practical implementation of it.
I hope you guys have enjoyed the reading but if you have any feedback or suggestions, please reach out to me. If you have any interesting use-case for Transit Gateways please share them in the comments section.
Blog Pundits: Bhupender Rawat and Sandeep Rawat
OpsTree is an End-to-End DevOps Solution Provider.
Connect with Us