AWS Transit Gateway Documentation

AWS Transit Gateway allows you to connect VPCs and on-premises networks through a central hub. This simplifies your network and puts an end to complex peering relationships. It acts as a cloud router – each new connection is only made once.
 
As you expand globally, you can use inter-Region peering to connect AWS Transit Gateways together using the AWS global network. And, because of its central position, AWS Transit Gateway Network Manager has a view over your entire network, connecting to Software-Defined Wide Area Network (SD-WAN) devices.

Routing

AWS Transit Gateways supports dynamic and static layer 3 routing between Amazon Virtual Private Clouds (VPCs) and VPN. Routes determine the next hop depending on the destination IP address of the packet, and can point to an Amazon VPC or to a VPN connection.

Edge connectivity

You can create VPN connections between your AWS Transit Gateway and on-premises gateways using VPN. You can create multiple VPN connections that announce the same prefixes and enable Equal Cost Multipath (ECMP) between these connections. By load-balancing traffic over multiple paths, ECMP can increase the bandwidth.

Transit Gateway Connect

AWS Transit Gateway Connect allows for native integration of Software-Defined Wide Area Network (SD-WAN) appliances into AWS. Customers can now extend their SD-WAN edge into AWS using standard protocols such as Generic Routing Encapsulation (GRE) and Border Gateway Protocol (BGP).

Amazon VPC feature interoperability

AWS Transit Gateway allows for the resolution of public DNS hostnames to private IP addresses when queried from Amazon VPCs that are also attached to the AWS Transit Gateway.
 
An instance in an Amazon VPC can access a NAT gateway, Network Load Balancer, AWS PrivateLink, and Amazon Elastic File System in others Amazon VPCs that are also attached to the AWS Transit Gateway.

Monitoring

You can use Amazon CloudWatch to get bandwidth usage between Amazon VPCs and a VPN connection, packet flow count, and packet drop count. You can also enable Amazon VPC Flow Logs on AWS Transit Gateway so you can capture information on the IP traffic routed through the AWS Transit Gateway.
 
AWS Transit Gateway Network Manager includes events and metrics to monitor the quality of your global network, both in AWS and on premises.

Management

You can use the command-line interface (CLI), AWS Management Console, or AWS CloudFormation to create and manage your AWS Transit Gateway. AWS Transit Gateway provides Amazon CloudWatch metrics, such as the number of bytes sent and received between Amazon VPCs and VPNs, the packet count, and the drop count. In addition, you can use Amazon VPC Flow Logs with AWS Transit Gateway to capture information about the IP traffic going through the AWS Transit Gateway attachment.

inter-Region peering

AWS Transit Gateway inter-Region peering allows customers to route traffic across AWS Regions using the AWS global network. inter-Region peering provides a simple and cost-effective way to share resources between AWS Regions or replicate data for geographic redundancy.

Multicast

With Transit Gateway multicast, you can now create and manage multicast groups in the cloud. You can scale up and down your multicast solution in the cloud to simultaneously distribute a stream of content to multiple subscribers.

Security

AWS Transit Gateway is integrated with Identity and Access Management (IAM), enabling you to manage access to AWS Transit Gateway securely.

Automated provisioning

Once you’ve registered existing AWS Transit Gateways, the Network Manager automatically identifies the Site-to-Site VPN connections and the on-premises resources with which they are associated.

Single management portal across cloud and on-premises networks

Manage your private network that spans the cloud and your premises, from a single pane of glass on the AWS management console.

Events

Get notified of network changes, routing changes, and connection status updates.

Metrics

Monitor your global network through performance and traffic metrics, such as bytes in/out, packets in/out, and packets dropped.

Additional Information

For additional information about service controls, security features and functionalities, including, as applicable, information about storing, retrieving, modifying, restricting, and deleting data, please see https://docs.aws.amazon.com/index.html. This additional information does not form part of the Documentation for purposes of the AWS Customer Agreement available at http://aws.amazon.com/agreement, or other agreement between you and AWS governing your use of AWS’s services.