What does this AWS Solutions Implementation do?
The Serverless Transit Network Orchestrator solution automates the process of setting up and managing transit networks in distributed AWS environments. It creates a web interface to help control, audit, and approve (transit) network changes.
Serverless Transit Network Orchestrator version 2.0 supports AWS Transit Gateway inter-Region peering and Amazon VPC prefix lists. Customers can establish peering connections between transit gateways to extend connectivity and build global networks spanning multiple AWS Regions. Version 2.0 also gives customers the ability to automatically register AWS Transit Gateway with Network Manager. This lets customers visualize and monitor their global network from a single dashboard rather than toggling between Regions from the AWS Console.
You can use this solution with the default deployment template, or customize it to meet your specific use case.
Cross-account and cross-Region automation
Web user interface
Flexible account support
AWS Solutions Implementation overview
The diagram below presents the architecture you can automatically deploy using the solution's implementation guide and accompanying AWS CloudFormation templates.
Serverless Transit Network Orchestrator architecture
This solution includes an AWS CloudFormation template (aws-transit-network-orchestrator-hub) you deploy in the account you want to act as the hub in the solution’s hub-and-spoke model. This solution also includes a template (aws-transit-network-orchestrator-spoke) to deploy in spoke accounts.
2. This tag change is sent to the hub account through an Amazon EventBridge bus.
3. When the event is received in the hub account, an AWS Lambda function is initiated to start the Serverless Transit Network Orchestrator workflow.
4. AWS Step Functions (Serverless Transit Network Orchestrator state machine) and Lambda process network requests from the spoke accounts and event details are stored in Amazon DynamoDB. You can approve requests automatically or manually.
5. If you choose to approve requests automatically, the VPC attaches to AWS Transit Gateway. If you choose to approve request manually, Amazon Simple Notification Service (Amazon SNS) sends an email to request approval. After the request is approved, the Serverless Transit Network Orchestrator state machine applies the network change.
6. If the request is rejected, DynamoDB and the spoke resources tag are updated with the rejected status. When a request is approved, the solution updates the route table associated with the subnet in the spoke account with a default route with AWS Transit Gateway as the target, which provides bi-directional connectivity. The solution workflow updates the subnet’s route table with the default route as defined in the hub template.
Note: To subscribe to RSS updates, you must have an RSS plug-in enabled for the browser you are using.
Browse our library of AWS Solutions Implementations to get answers to common architectural problems.
Find AWS certified consulting and technology partners to help you get started.
Browse our portfolio of Consulting Offers to get AWS-vetted help with solution deployment.