Simplify Network Architecture with AWS Transit Gateway
In this blog will talk about AWS Transit Gateway and its implementation use cases.
AWS Transit Gateway provides a hub and spoke design for connecting VPCs and on-premises networks as a fully managed service.
Before we deep dive into Transit gateway, let's take a step back and first try to understand what networking challenges/issues it has eliminated.
Challenges:
- With increasing AWS footprint the number of point-to-point connections grows, resulting in a large mesh network that can be difficult, cumbersome, and costly to manage.
- Also with Infosec/Compliance regulation pairing between prod and lower environment isn't allowed.
- Connectivity options using (AWS Direct Connect, NAT Gateways, Internet Gateways,VPC Peering,AWS Managed VPN Connections) are strictly point-to-point, so the number of VPC-to-VPC connections grows quickly.
- No single entry exit point for network.
Use AWS Transit Gateway to build a hub-and-spoke network topology. You can connect your existing VPCs, data centers, remote offices, and remote gateways to a managed Transit Gateway, with full control over network routing and security.
Advantages:
- Simplify your overall network architecture.
- Reduce operational overhead, and gain the ability to centrally manage crucial aspects of your external connectivity.
- Consolidate your existing edge connectivity and route it through a single ingress/egress point.
Let's consider a scenario where you have build/setup scalable hybrid network for an application that is spread across multiple VPCs/AWS accounts and also has requirement to connect on-premise datacenter. Using AWS Transit gateway and Resource Access Manager combination will be able to achieve it with zero complexity.
Your network architecture diagram will look something similar.
In above diagram you can see that all incoming/outgoing network connections are managed via Transit Gateway and it acts are single point of communication. Also in case you have new AWS VPC/Account added you just need to share Transit gateway with new account / update route table and rest everything will work seamlessly.
Building Global Enterprise Network Architectures with AWS Transit Gateway
Organizations can now use AWS Transit Gateway to build out their IT networks without dealing with extensive network architecture planning and upgrades. They can take advantage of other networking and security services offered by AWS or AWS Partner Network (APN) Partners to deploy a global enterprise-grade network.
Key AWS Transit Gateway features that can be leveraged to build out a global network architecture
AWS Transit Gateway Inter-Region Peering: Inter-Region peering enables traffic to traverse between AWS Transit Gateways over the AWS global backbone. Deploying a global network becomes easier using inter-region peering as AWS Transit Gateways and their VPC and VPN attachments can be interconnected
AWS Transit Gateway Network Manager: It provides a centralized and consistent user experience. With a single interface, global IT networks can be viewed and monitored as AWS Transit Gateway Network Manager summarizes configuration and performance data from all AWS Transit Gateways and their attachments with other Amazon VPCs and on-premises locations.
Route Analyzer: To monitoring near real-time network metrics, organizations can also identify potential causes of network disruptions by analyzing how traffic is routed between AWS Transit Gateways and their attached Amazon VPCs and on premises locations.
Cross-account Support: You can share its AWS Transit Gateway with other AWS accounts so that they are free to attach their own Amazon VPCs or on-premises locations when business needs dictate.
Security: AWS Transit Gateway operates on the AWS private network, thus not exposing an enterprise’s traffic on the public internet. This helps to decrease threat vectors such as distributed denial of service (DDoS) attacks and common exploits such as SQL injection and cross-site scripting.
Conclusion
Using Transit Gateway you can greatly simplify a network architecture in AWS. Before Transit Gateway, connectivity to multi-VPC environments was accomplished via Direct Connect Gateway or Transit VPC solutions which proved to be complex in nature. However, the use of Transit Gateway allows use cases as simple as inter-VPC connectivity to more complex scenarios involving connectivity to on-site networks.
Reference links :
More content at plainenglish.io
