Assuming GLOBAL_NETWORK_ID is already created in Network Manager

2.2.2.2. 💡 First Principle: TGW Network Manager

TGW Network Manager provides a centralized visual console for network specialists, simplifying the management and monitoring of global networks that include AWS Transit Gateways and on-premises connections.

Scenario: You are managing a large-scale enterprise network spanning multiple AWS Regions and including several on-premises data centers connected via VPN and Direct Connect, all interconnected by AWS Transit Gateways. You need a centralized tool to visualize the entire network topology and monitor its health and performance.

As your AWS and hybrid cloud networks grow in complexity, managing and monitoring all connections, devices, and traffic flows can become challenging. AWS Transit Gateway Network Manager helps simplify this.

AWS Transit Gateway Network Manager is a feature of AWS Transit Gateway that provides a centralized visual console to manage and monitor your global network across AWS and on-premises infrastructure.

Key Features of TGW Network Manager:

Centralized Management: View and manage all your Transit Gateways, VPC attachments, VPN connections, and Direct Connect Gateways from a single console.
Global Network View: Provides a topology map that visualizes your global network, including AWS Regions, Availability Zones, Transit Gateways, and on-premises networks connected via VPN or Direct Connect.
Monitoring & Health: Integrates with Amazon CloudWatch for performance metrics and VPC Flow Logs for traffic analysis. It also provides network health events and alerts.
On-premises Device Integration: You can register your on-premises network devices (e.g., routers) with Network Manager to get a more comprehensive view of your hybrid network.
Event Notifications: Sends events to Amazon EventBridge for automated responses.

Practical Implementation: Registering an On-Premises Device in Network Manager

# Assuming GLOBAL_NETWORK_ID is already created in Network Manager
# 1. Create a Site (logical grouping for on-premises location)
SITE_ID=$(aws networkmanager create-site \
  --global-network-id $GLOBAL_NETWORK_ID \
  --description "MyOnPremisesDataCenter" \
  --query Site.SiteId --output text)
echo "Site ID: $SITE_ID"

# 2. Register a Customer Gateway (representing your on-premises router for VPN/DX)
# This assumes you have a Customer Gateway ID from a VPN or DX connection
# aws networkmanager register-transit-gateway-connect-peer --transit-gateway-connect-peer-arn arn:aws:ec2:us-east-1:123456789012:transit-gateway-connect-peer/tgw-connect-peer-0abcdef1234567890

# 3. Create a Device (representing a specific router/firewall at the site)
DEVICE_ID=$(aws networkmanager create-device \
  --global-network-id $GLOBAL_NETWORK_ID \
  --site-id $SITE_ID \
  --description "OnPremRouter1" \
  --query Device.DeviceId --output text)
echo "Device ID: $DEVICE_ID"

# 4. Associate the Customer Gateway with the Device
# aws networkmanager associate-customer-gateway --customer-gateway-arn arn:aws:ec2:us-east-1:123456789012:customer-gateway/cgw-0abcdef1234567890 --global-network-id $GLOBAL_NETWORK_ID --device-id $DEVICE_ID

⚠️ Common Pitfall: Not registering on-premises devices or sites in Network Manager. This limits the visibility to only AWS-side components, preventing a true end-to-end view of the hybrid network.

Key Trade-Offs:

Centralized Visibility vs. Setup Effort: Setting up Network Manager and registering all components requires initial effort but provides significant long-term benefits in simplified management and monitoring.

Reflection Question: How does TGW Network Manager, by providing a centralized visual console and integrating with monitoring tools, fundamentally simplify the management and monitoring of global networks that include AWS Transit Gateways and on-premises connections?