AWS Transit Gateway Documentation

AWS Transit Gateways supports dynamic and static layer 3 routing between Amazon Virtual Private Clouds (VPCs) and Virtual Private Networks (VPNs). Routes determine the next hop depending on the destination IP address of the packet, and can point to an Amazon VPC or to a VPN connection. 

You can create VPN connections between your AWS Transit Gateway and on-premises gateways using a VPN. You can create multiple VPN connections that announce the same prefixes and enable Equal Cost Multipath (ECMP) between these connections. By load-balancing traffic over multiple paths, ECMP can increase the bandwidth. 

AWS Transit Gateway Connect allows for native integration of SD-WAN appliances into AWS. You can extend their SD-WAN edge into AWS using standard protocols such as Generic Routing Encapsulation (GRE) and Border Gateway Protocol (BGP). 

AWS Transit Gateway allows for the resolution of public DNS hostnames to private IP addresses when queried from Amazon VPCs that are also attached to the AWS Transit Gateway.

You can use the command-line interface (CLI), AWS Management Console, or AWS CloudFormation to create and manage your AWS Transit Gateway. AWS Transit Gateway provides Amazon CloudWatch metrics, such as the number of bytes sent and received between Amazon VPCs and VPNs, the packet count, and the drop count. In addition, you can use Amazon VPC Flow Logs with AWS Transit Gateway to capture information about the IP traffic going through the AWS Transit Gateway attachment.

With AWS Transit Gateway peering, you can establish peering connections between transit gateways in the same AWS region or across regions. Peering allows you to directly route traffic between two transit gateways. Inter-region peering enables you to share resources between AWS Regions or replicate data for geographic redundancy. Intra-region peering allows multiple teams within your organization to deploy their own transit gateways and interconnect their networks in the same AWS region.

With Transit Gateway multicast, you can create and manage multicast groups in the cloud. You can scale up and down your multicast solution in the cloud to simultaneously distribute a stream of content to multiple subscribers.

AWS Transit Gateway is integrated with Identity and Access Management (IAM), enabling you to securely manage access to AWS Transit Gateway. 

Once you’ve registered existing AWS Transit Gateways, the Network Manager automatically identifies the Site-to-Site VPN connections and the on-premises resources with which they are associated.

You can manage your private network that spans the cloud and your premises, from a single pane of glass on the AWS management console. 

You can get notified of network changes, routing changes, and connection status updates. 

You can monitor your global network through performance and traffic metrics, such as bytes in/out, packets in/out, and packets dropped. 

For additional information about service controls, security features and functionalities, including, as applicable, information about storing, retrieving, modifying, restricting, and deleting data, please see https://docs.aws.amazon.com/index.html. This additional information does not form part of the Documentation for purposes of the AWS Customer Agreement available at http://aws.amazon.com/agreement, or other agreement between you and AWS governing your use of AWS’s services.