Connect VPCs via Transit Gateway

A Transit Gateway (TGW) is a fully managed service in AWS that allows you to connect multiple Virtual Private Clouds (VPCs), on-premises networks, and other AWS resources in a scalable and centralized manner. By connecting two VPCs via a Transit Gateway, you can route traffic between them without the need for complex peering relationships or VPN connections.

In this guide, we’ll walk through the process of connecting two VPCs using a Transit Gateway in AWS, covering the following key steps:

  1. Creating the Transit Gateway
  2. Attaching the VPCs to the Transit Gateway
  3. Updating the Route Tables
  4. Verifying Connectivity

Step 1: Create a Transit Gateway

  1. Navigate to the VPC Dashboard in the AWS Management Console.
  2. On the left-hand navigation pane, click on Transit Gateways under VPN Connections and then click Create Transit Gateway.
  3. Fill in the required details:
    • Name: A name for your Transit Gateway (e.g., MyTransitGateway).
    • Description: A brief description (optional).
    • Amazon ASN: Choose an Autonomous System Number (ASN). The default 64512 is fine for most use cases.
    • Default Route Table Association: Decide whether to enable default route table association.
    • Default Route Table Propagation: Choose whether to enable default propagation to the route table.
  4. Click Create Transit Gateway.Screenshot: Create Transit Gateway
    (Insert screenshot here showing the creation of a new Transit Gateway)

Step 2: Attach VPCs to the Transit Gateway

Once the Transit Gateway is created, you can attach your VPCs to it.

Attach VPC-A to Transit Gateway:

  1. Navigate to the Transit Gateway Attachments page and click Create Transit Gateway Attachment.
  2. Select VPC for the attachment type.
  3. Select VPC-A from the VPC ID dropdown.
  4. Choose the subnet(s) within VPC-A that will be associated with the Transit Gateway (these subnets should span multiple Availability Zones for fault tolerance).
  5. Click Create Attachment.

Attach VPC-B to Transit Gateway:

  1. Repeat the same process to attach VPC-B to the Transit Gateway.Screenshot: Attach VPC-A and VPC-B
    (Insert screenshot showing attachment creation for both VPCs)

Step 3: Update Route Tables in Each VPC

To ensure traffic can flow between the VPCs, you must update the route tables in both VPCs.

VPC-A Route Table:

  1. Go to the Route Tables section under the VPC Dashboard.
  2. Select the route table associated with VPC-A.
  3. Click Edit Routes, then add a route:
    • Destination: Enter the CIDR block for VPC-B (e.g., 10.2.0.0/16).
    • Target: Select Transit Gateway (e.g., MyTransitGateway).
  4. Click Save Routes.

VPC-B Route Table:

  1. Similarly, update the route table for VPC-B by adding a route:
    • Destination: Enter the CIDR block for VPC-A (e.g., 10.1.0.0/16).
    • Target: Select Transit Gateway.
  2. Click Save Routes.Screenshot: Update VPC-A and VPC-B Route Tables
    (Insert screenshot showing the route tables for VPC-A and VPC-B)

Step 4: Verify Connectivity

Once the Transit Gateway is set up and the route tables have been updated, it’s time to verify that the VPCs can communicate.

  1. Launch EC2 Instances in both VPC-A and VPC-B. For simplicity, you can use basic Amazon Linux or Ubuntu instances.
  2. Make sure the security groups and network ACLs allow inbound and outbound traffic (e.g., allowing ICMP traffic for ping tests).
  3. Log in to the EC2 instance in VPC-A and attempt to ping the EC2 instance in VPC-B.If the ping is successful, this confirms that the VPCs are connected via the Transit Gateway.Screenshot: Test Ping Between EC2 Instances
    (Insert screenshot showing a successful ping test between EC2-A and EC2-B)

Summary

By following the above steps, you can successfully connect two VPCs in AWS via a Transit Gateway. This provides a centralized, scalable solution for routing traffic between multiple VPCs, and you can easily manage network connectivity as your infrastructure grows.

Key Benefits of Using a Transit Gateway:

  • Simplified Network Management: Centralizes routing between multiple VPCs and reduces the need for complex peering setups.
  • Scalability: Supports large-scale network architectures and inter-VPC traffic routing.
  • Cost Efficiency: Reduces the need for direct VPC peering connections, saving both cost and configuration time.

This solution is ideal for connecting multiple VPCs in different AWS regions or accounts, or for extending your on-premises network to AWS via a VPN connection.

Additional Notes:

  • Security Groups and Network ACLs: Ensure these are configured correctly to allow traffic between instances in different VPCs.
  • Transit Gateway Route Tables: You can configure multiple route tables for fine-grained control over routing decisions between VPCs.
  • Monitoring: Use CloudWatch to monitor the traffic through the Transit Gateway and troubleshoot any issues.

This concludes the process of connecting two VPCs via a Transit Gateway in AWS.

Read more about connecting VPCs via Transit Gateways on AWS by clicking here