Copyright (c) 2025 MindMesh Academy. All rights reserved. This content is proprietary and may not be reproduced or distributed without permission.

2.2.2. AWS Transit Gateway (TGW)

AWS Transit Gateway (TGW) acts as a central network transit hub, simplifying complex network architectures by connecting many VPCs and on-premises networks, enabling transitive routing.

Scenario: You need to connect 50 VPCs across different AWS accounts in a hub-and-spoke topology, allowing communication between any two spoke VPCs through the central hub VPC.

As the number of VPCs and hybrid connections grows, managing individual VPC peering connections and VPNs can become complex and unmanageable. AWS Transit Gateway (TGW) solves this problem.

AWS Transit Gateway (TGW) is a network transit hub that you can use to interconnect your VPCs, AWS accounts, and on-premises networks to a single gateway.

Key Features of AWS Transit Gateway:
  • Central Hub: Acts as a centralized router for all connected networks.
  • Transitive Routing: A key differentiator from VPC Peering. Allows traffic to flow directly between any connected networks (e.g., VPC A can communicate with VPC C via TGW, even if A and C are not directly attached).
  • Scalability: Scales to connect hundreds or thousands of VPCs and on-premises networks.
  • Simplified Architecture: Eliminates the need for a complex mesh of VPC peering connections.
  • Route Table Associations & Propagations: Control routing on the TGW via attachment associations and route propagations.
  • Network Manager: A feature of AWS Transit Gateway that provides a centralized visual console to manage and monitor your global network across AWS and on-premises.
  • Use Cases: Hub-and-spoke networks, shared services VPCs, hybrid cloud architectures.
Practical Implementation: Creating a Transit Gateway
# 1. Create a Transit Gateway
TGW_ID=$(aws ec2 create-transit-gateway \
  --description "MyEnterpriseTGW" \
  --options '{"AmazonSideAsn":64512,"DnsSupport":"enable","VpnEcmpSupport":"enable","DefaultRouteTableAssociation":"enable","DefaultRouteTablePropagation":"enable"}' \
  --query TransitGateway.TransitGatewayId --output text)
echo "Transit Gateway ID: $TGW_ID"

# 2. (Example) Create a VPC attachment
# Assuming VPC_ID and subnet IDs for TGW ENIs are defined
TGW_ATTACHMENT_ID=$(aws ec2 create-transit-gateway-vpc-attachment \
  --transit-gateway-id $TGW_ID \
  --vpc-id $VPC_ID \
  --subnet-ids subnet-0a1b2c3d subnet-0e4f5g6h \
  --query TransitGatewayVpcAttachment.TransitGatewayAttachmentId --output text)
echo "TGW VPC Attachment ID: $TGW_ATTACHMENT_ID"

⚠️ Common Pitfall: Not understanding the difference between TGW route tables and VPC route tables. You need to configure both for end-to-end connectivity. TGW route tables control routing within the TGW, while VPC route tables direct traffic to and from the TGW attachment.

Key Trade-Offs:
  • Simplicity (Peering) vs. Scalability (Transit Gateway): Transit Gateway has a higher initial setup cost and complexity but is vastly more scalable and manageable for enterprise-wide networking compared to VPC Peering.

Reflection Question: How does AWS Transit Gateway, by acting as a central network transit hub and enabling transitive routing, fundamentally simplify complex network architectures and provide scalable connectivity for many VPCs and on-premises networks, especially compared to VPC Peering?