AWS Transit Gateway

In the powerful world of cloud computing, managing network availability between different parts can immediately become complex and challenging. Amazon Web Services (AWS) perceived this need and presented AWS Transit Gateway as a solution to work on network architecture and improve networks inside the AWS Cloud environment.

AWS Transit Gateway is a completely managed service intended to serve as a center point for interfacing numerous virtual private clouds (VPCs) and on-premises networks. It fills in as a main issue for routing and managing traffic, offering a versatile and productive answer for associations with different organizational necessities. In this article, we’ll dive into the key terminologies, functionalities, and advantages of the AWS Transit Gateway. We’ll explore its center ideas, step-by-step execution cycle, and address normal inquiries to give a complete comprehension of this fundamental AWS service.

Primary Terminologies

• AWS Transit Gateway: AWS Transit Gateway is a managed service provided by Amazon Web Services (AWS) that serves in as a center point for associating various VPCs and on-premises organizations. It works on network architecture by concentrating availability and routing, making it simpler to manage and scale network infrastructure inside AWS.
• Virtual Private Cloud (VPC): A virtual private cloud (VPC) is a virtual organization committed to an AWS account. It gives a coherently detached segment of the AWS Cloud where users can launch AWS resources, for example, EC2 instances, databases, and Lambda capabilities.
• Virtual Private Network (VPN): A virtual private network (VPN) is a solid association laid out between a user’s network and AWS, normally utilized for reaching out to on-premises organizations in the cloud. VPN connections empower secure correspondence over the web by encrypting data communicated between the users network and AWS
• Route Tables: Route tables are utilized to control the routing of network traffic inside a VPC or between a VPC and outside organizations, With regards to AWS Transit Gateway, route tables are designed to indicate the objective for traffic beginning from appended VPCs and VPN associations.
• Attachments: Attachments with regards to the AWS Transit Gateway refer to the associations between the Transit Gateway and other network resources, like VPCs and VPN associations. Connections empower traffic to stream between the Transit Gateway and the attached resources, taking into consideration consistent network.

What is AWS Transit Gateway?

AWS Transit Gateway is a completely managed service provided by Amazon Web Services (AWS) that improves network performance in the cloud by acting as a unified center point for associating various virtual private clouds (VPCs) and on-premises networks. It permits associations to unite their organizational architecture, streamline routing, and manage networks all the more effectively.

Key features of AWS Transit Gateway

• Centralized Hub: AWS Transit Gateway fills in as a main issue for connecting numerous VPCs, VPN connections, and on-premises networks. This hub and-spoke architecture works on network the executives by giving a single gateway to routing traffic between different network resources.
• Scalability: AWS Transit Gateway is exceptionally adaptable and can uphold huge number of VPCs and VPN associations inside a single AWS account. It takes out the need to oversee complex peering connections between VPCs, allowing associations to consistently scale their network infrastructure.
• Transitive Routing: Transit Gateway supports transitive routing, empowering traffic to flow between joined VPCs and VPN connections without the requirement for complex routing configurations. This improves on availability between various network segments and upgrades network agility.

Step-By-Step Process to Create AWS Transit Gateway

Step 1: Create Transit Gateway

• Navigate to Transit Gateway and click on Create transit gateways
• A transit gateway (TGW) is a network transit hub that interconnects attachments (VPCs and VPNs) within the same AWS account or across AWS accounts.

• Now click on create Transit Gateway

• Here we see transit gateway successfully created

Step 2: Configuring VPCs

• A VPC is an isolated portion of the AWS Cloud populated by AWS objects, such as Amazon EC2 instances.
• Now create two VPCs or select existing VPCs.
• Navigate to VPC Dashboard and click on create VPC.

• Same process do for VPC2, VPC3 and VPC4.
• Here we see two VPC are created.

Step 3: Transit Gateway Attachments

• Now select Transit gateway ID which is created in previous step and next select attachment type VPC or VPN.

• VPC attachment: Select and configure your VPC attachment.
• VPC ID: Select the VPC1 to attach to the transit gateway.

• Now click on Create Transit gateway attachments

• Same we need to do on VPC2 as well.

• Here we see VPC1 and VPC2 are attached to transit gateway

Step 4: Creating route Tables

• In previous step we are created VPC along with Route Table, Now we need to attach our Transit gateway to route table
• Now choose Private route table and navigate to routes
• Click on Edit route and choose add route

• Set cidr block and in drop down box select Transit gateway and click save changes

• Route table was updated

• Now same process we need to do for the VPC2 as well.

• VPC2 Route table also updated

Step 5: Configuring security groups

• Create New Security Groups or select existing security group
• Now edit inbound rules to security groups allow all traffic

Step 6: Launch EC2 Instance

• While launching instances in network settings choose created VPCs and also choose private subnet as shown in below figure

Instance-1

Launce the instance from the vpc one with the private subnet.

Instance-2

Launce the instance from the vpc two with the public subnet.

• Now both EC2 instances in their respective VPCs are created., That is VPC1 and VPC2. They can communicate to each other with their private IPs through transit gateway. Here is how we can test it:
• SSH into the Bastion Host and Copy the Keypair .pem File to an EC2 Instance in VPC 1.

Here is the command to be execute in terminal

ssh -i /path/to/your/keypair.pem ec2-user@bastion-host-public-ip

• Now use the scp command to securely copy the keypair .pem file to the desired path in the EC2 instance of VPC 1:

scp -i <keypair name> /path/to/your/keypair.pem ec2-user@ec2-instance-private-ip:/path/to/destination/

• Now change the permission to keypairs file, we are only giving read only permission to key pair file. To change file permissions follow below commands

chmod 400 <keypair name>

• SSH into the EC2 Instance of VPC 1 from the Bastion Host:
• Now we are connecting SSH into the EC2 instance of VPC 1 using its private IP address follow below command

ssh -i /path/to/destination/keypair.pem ec2-user@ec2-instance-private-ip

• Now execute below command

ping <private IP address of 2nd instance>

• When its successfully ping then our connection was successful. When its ping they communicate from one VPC to another VPC
• Here we are doing from vpc1 private IP to connecting to VPC2

Output

Here we see VPC 1 to VPC 2 and VPC3

Here we see VPC 2 to VPC 1 and VPC3

Conclusion

AWS Transit Gateway reforms cloud network availability by filling in as a centralized hub for connecting different VPCs and on-premises networks. With worked on administration and transitive routing capacities, it smoothest out network architecture, improves versatility, and advances consistent correspondence between resources. This versatile arrangement obliges great many associations, ensuring adaptability for advancing cloud conditions. By integrating consistently with AWS services, Transit Gateway augments functional effectiveness and works with light-footed network deployments, its inter region looking element empowers global network, engaging associations to construct strong, geographically distributed architectures.

Transit Gate way – FAQs

What is the difference between AWS Transit Gateway and VPC peering?

AWS Transit Gateway is a centralized together hub for interfacing numerous VPCs and VPN associations, while VPC looking empowers direct network between two VPCs.

Could I attach Transit Gateway to numerous AWS accounts?

Yes, you can share a Transit Gateway to other AWS accounts utilizing Resource Access Manager (RAM) and join it to VPCs in those accounts.

Does AWS Transit Gateway support inter-region peering?

Yes, AWS Transit Gateway supports between inter region, allowing you to associate VPCs in various AWS regions.

How does AWS Transit Gateway further develop network versatility?

AWS Transit Gateway works on network design by allowing you to manage availability for hundreds or thousands of VPCs and VPN connections midway.

Is AWS Transit Gateway reasonable for hybrid cloud environments?

Yes, AWS Transit Gateway gives consistent combination among AWS and on-premises networks, making it ideal for cross breed cloud deployments.