Beta

AWS Networking Fundamentals

Transit Networks

Transit Gateway

AWS Transit Gateway provides a central hub to connect multiple VPCs and on-premises networks, eliminating the complexity of full mesh peering and point-to-point VPNs. With built-in transitive routing, it scales to support thousands of attachments, simplifying network management and improving performance.

For detailed guidance, see AWS Transit Gateway Documentation.

Challenges with VPC Peering

By default, VPCs are isolated. You must create peering connections to enable traffic flow:

  • VPC A ↔ VPC B
  • VPC B ↔ VPC C

However, peering is non-transitive: A cannot reach C via B. For four VPCs, you’d need a full mesh:

VPC1—VPC2
VPC1—VPC3
VPC1—VPC4
VPC2—VPC3
VPC2—VPC4
VPC3—VPC4

Similarly, on-premises connectivity requires individual VPNs or Direct Connect links per VPC. As the number of VPCs grows, the network quickly becomes difficult to scale and manage.

What Is AWS Transit Gateway?

AWS Transit Gateway acts as a regional network hub to interconnect your VPCs and on-premises environments with a single gateway.

Simplified VPC Connectivity

Instead of a mesh of peerings, attach each VPC to the Transit Gateway:

VPC1 ↔ TGW
VPC2 ↔ TGW
VPC3 ↔ TGW
VPC4 ↔ TGW

Now all VPCs communicate through the hub, with automatic transitive routing.

Subnet Attachments

When you attach a VPC to a Transit Gateway, you specify one subnet in each Availability Zone:

  • If your VPC spans AZ-A, AZ-B, and AZ-C, create three Transit Gateway subnets.
  • TGW uses these subnets for routing and high availability.

Note

Each Transit Gateway attachment requires at least one subnet per AZ. Plan your AZ strategy accordingly to avoid single points of failure.

Centralized On-Premises Connectivity

You can terminate all VPN and Direct Connect circuits on the Transit Gateway, reducing tunnel count and improving bandwidth utilization.

The image illustrates an AWS Transit Gateway setup, showing connections between a corporate data center and multiple VPCs, with notes on its function as a routing device.

  • VPN Consolidation: One VPN tunnel to TGW replaces N tunnels to N VPCs.
  • Direct Connect: Attach a DX gateway to TGW for high throughput and low latency.

Transit Gateway Peering

Use Transit Gateway peering to connect hubs across regions or accounts:

The image illustrates a diagram of AWS Transit Gateway peerings between two regions, each containing an AWS Transit Gateway.

Peering TypeDescription
Inter-RegionConnect TGWs in different AWS Regions
Cross-AccountShare TGW attachments across AWS accounts

Key Features and Benefits

The image is a summary slide about Transit Gateway features, highlighting networking simplification, transitive routing, subnet specification, and peering capabilities. It includes four numbered points with brief descriptions.

FeatureBenefit
Simplified TopologySingle hub replaces complex VPC mesh and point-to-point links
Transitive RoutingAutomatic routing between all attached VPCs and on-prem networks
Subnet AttachmentsHigh availability with one subnet per AZ
Peering CapabilitiesGlobal reach via cross-region and cross-account connections

Warning

Ensure your AWS account limits and route table entries align with the number of Transit Gateway attachments to avoid resource exhaustion.

By adopting AWS Transit Gateway, you streamline your network architecture, enable scalable transitive routing, and centralize connectivity for both cloud and on-premises environments.

Watch Video

Watch video content

Previous
VPC Peering Demo
Next
Privatelink