AWS Transit Gateway Documentation

AWS Transit Gateway allows you to connect VPCs and on-premises networks through a central hub. This helps simplify your network and enables you to remove complex peering relationships. It acts as a cloud router – each new connection is only made once. 
 
As you expand globally, you can use inter-Region peering to connect AWS Transit Gateways together using the AWS global network. And, because of its central position, AWS Transit Gateway Network Manager has a view over your entire network, connecting to Software-Defined Wide Area Network (SD-WAN) devices.

Routing

AWS Transit Gateways supports dynamic and static layer 3 routing between Amazon Virtual Private Clouds (VPCs) and Virtual Private Networks (VPNs). Routes determine the next hop depending on the destination IP address of the packet, and can point to an Amazon VPC or to a VPN connection. 

Edge connectivity

You can create VPN connections between your AWS Transit Gateway and on-premises gateways using a VPN. You can create multiple VPN connections that announce the same prefixes and enable Equal Cost Multipath (ECMP) between these connections. By load-balancing traffic over multiple paths, ECMP can increase the bandwidth. 

Transit Gateway Connect

AWS Transit Gateway Connect allows for native integration of SD-WAN appliances into AWS. You can extend their SD-WAN edge into AWS using standard protocols such as Generic Routing Encapsulation (GRE) and Border Gateway Protocol (BGP). 

Amazon VPC feature interoperability

AWS Transit Gateway allows for the resolution of public DNS hostnames to private IP addresses when queried from Amazon VPCs that are also attached to the AWS Transit Gateway.

An instance in an Amazon VPC can access a NAT gateway, Network Load Balancer, AWS PrivateLink, and Amazon Elastic File System in others Amazon VPCs that are also attached to the AWS Transit Gateway.

Monitoring

You can use Amazon CloudWatch to get bandwidth usage between Amazon VPCs and a VPN connection, packet flow count, and packet drop count. You can also enable Amazon VPC Flow Logs on AWS Transit Gateway so you can capture information on the IP traffic routed through the AWS Transit Gateway.
 
AWS Transit Gateway Network Manager includes events and metrics to monitor the quality of your global network, both in AWS and on premises.

Management

You can use the command-line interface (CLI), AWS Management Console, or AWS CloudFormation to create and manage your AWS Transit Gateway. AWS Transit Gateway provides Amazon CloudWatch metrics, such as the number of bytes sent and received between Amazon VPCs and VPNs, the packet count, and the drop count. In addition, you can use Amazon VPC Flow Logs with AWS Transit Gateway to capture information about the IP traffic going through the AWS Transit Gateway attachment.

Peering

With AWS Transit Gateway peering, you can establish peering connections between transit gateways in the same AWS region or across regions. Peering allows you to directly route traffic between two transit gateways. Inter-region peering enables you to share resources between AWS Regions or replicate data for geographic redundancy. Intra-region peering allows multiple teams within your organization to deploy their own transit gateways and interconnect their networks in the same AWS region.

Multicast

With Transit Gateway multicast, you can create and manage multicast groups in the cloud. You can scale up and down your multicast solution in the cloud to simultaneously distribute a stream of content to multiple subscribers.

Security

AWS Transit Gateway is integrated with Identity and Access Management (IAM), enabling you to securely manage access to AWS Transit Gateway. 

Automated provisioning

Once you’ve registered existing AWS Transit Gateways, the Network Manager automatically identifies the Site-to-Site VPN connections and the on-premises resources with which they are associated.

Single management portal across cloud and on-premises networks

You can manage your private network that spans the cloud and your premises, from a single pane of glass on the AWS management console. 

Events

You can get notified of network changes, routing changes, and connection status updates. 

Metrics

You can monitor your global network through performance and traffic metrics, such as bytes in/out, packets in/out, and packets dropped. 

Additional Information

For additional information about service controls, security features and functionalities, including, as applicable, information about storing, retrieving, modifying, restricting, and deleting data, please see https://docs.aws.amazon.com/index.html. This additional information does not form part of the Documentation for purposes of the AWS Customer Agreement available at http://aws.amazon.com/agreement, or other agreement between you and AWS governing your use of AWS’s services.