What does this AWS Solutions Implementation do?

Amazon Virtual Private Cloud (Amazon VPC) provides customers with the ability to create as many virtual networks as they need, as well as different options for connecting those networks to each other and to non-AWS infrastructure. One common strategy for connecting multiple VPCs with remote networks is to implement a hub-and-spoke network topology in each region that routes all traffic through a network transit center using AWS Transit Gateway or a transit VPC. Another common strategy is to create a meshed network that uses individual connections between all networks. Both approaches can create an efficient and available transit network, each offering specific benefits and tradeoffs for different business needs.

AWS Solutions Implementation overview

This webpage addresses key considerations for implementing a global transit network on AWS, and provides general best practices and an overview of common transit network patterns. The following sections assume basic knowledge of highly available remote-network connectivity, IPsec VPNs, network addressing, subnetting, and routing.

Global Transit Network | Architecture Diagram
AWS Global Transit Network | Architecture Diagram

Reference implementation

AWS offers a fully automated solution that deploys a Cisco-based transit VPC in minutes. This highly available design deploys two Cisco CSR 1000v instances into separate Availability Zones of a dedicated transit VPC, which will act as the hub of your global transit network. The CSR instances allow for VPN termination and routing.

This solution uses AWS Lambda to automatically search for appropriately tagged virtual private gateways (VGWs) and then configure VPN connections between those spoke VPCs and the CSR instances in the transit VPC. Configuration data is stored in Amazon S3.

This solution includes an optional template that allows you to automatically add spoke VPCs from a second AWS account.

Once you have established your transit VPC, you can extend beyond the AWS Cloud and manually configure VPN connections to on-premises infrastructure or other network providers.

AWS Global Transit Network

Version 5.3.1
Last updated: 06/2019
Author: AWS and Cisco

Estimated deployment time: 5 min

CloudFormation template 
Build icon
Deploy a Solution yourself

Browse our library of AWS Solutions Implementations to get answers to common architectural problems.

Learn more 
Find an APN partner
Find an APN Partner

Find AWS certified consulting and technology partners to help you get started.

Learn more 
Explore icon
Explore Solutions Consulting Offers

Browse our portfolio of Consulting Offers to get AWS-vetted help with solution deployment.

Learn more