We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.
If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”
Customize cookie preferences
We use cookies and similar tools (collectively, "cookies") for the following purposes.
Essential
Essential cookies are necessary to provide our site and services and cannot be deactivated. They are usually set in response to your actions on the site, such as setting your privacy preferences, signing in, or filling in forms.
Performance
Performance cookies provide anonymous statistics about how customers navigate our site so we can improve site experience and performance. Approved third parties may perform analytics on our behalf, but they cannot use the data for their own purposes.
Allowed
Functional
Functional cookies help us provide useful site features, remember your preferences, and display relevant content. Approved third parties may set these cookies to provide certain site features. If you do not allow these cookies, then some or all of these services may not function properly.
Allowed
Advertising
Advertising cookies may be set through our site by us or our advertising partners and help us deliver relevant marketing content. If you do not allow these cookies, you will experience less relevant advertising.
Allowed
Blocking some types of cookies may impact your experience of our sites. You may review and change your choices at any time by selecting Cookie preferences in the footer of this site. We and selected third-parties use cookies or similar technologies as specified in the AWS Cookie Notice.
Your privacy choices
We display ads relevant to your interests on AWS sites and on other properties, including cross-context behavioral advertising. Cross-context behavioral advertising uses data from one site or app to advertise to you on a different company’s site or app.
To not allow AWS cross-context behavioral advertising based on cookies or similar technologies, select “Don't allow” and “Save privacy choices” below, or visit an AWS site with a legally-recognized decline signal enabled, such as the Global Privacy Control. If you delete your cookies or visit this site from a different browser or device, you will need to make your selection again. For more information about cookies and how we use them, please read our AWS Cookie Notice.
The Network Orchestration for AWS Transit Gateway solution automates the process of setting up and managing transit networks in distributed AWS environments. This solution allows customers to visualize and monitor their global network from a single dashboard rather than toggling between Regions from the AWS Console. It creates a web interface to help control, audit, and approve transit network changes.
Benefits
Cross-account and cross-Region capability
Automate the process of setting up and managing transit networks in multi-account AWS environments.
Change management
Use the web user interface to either accept or reject connectivity requests when manual approval is required.
Web user interface
Deploy a web user interface to control, audit, and approve transit network changes.
Compliance
Use rules to automatically accept or reject network changes based on the Organization Unit (OU).
Step 5 The state machine workflow attaches a VPC to the transit gateway.
Step 6 The state machine workflow updates the VPC route table associated with the tagged subnet.
Step 7 The state machine workflow updates the transit gateway route table with association and propagation changes.
Step 8 (Optional) The state machine workflow updates the attachment name with the VPC name and the OU name for the spoke account (retrieved from the Org Management account).
Step 9 The solution updates Amazon DynamoDB with the information extracted from the event and resources created, updated, or deleted in the workflow.
Step 1 This template deploys an Amazon EventBridge rule that monitors specific virtual private cloud (VPC) and subnet tag changes.
Step 2 An EventBridge rule in the spoke account sends the tags to the EventBridge bus in the hub account.
Step 3 The rules associated with the EventBridge bus invoke an AWS Lambda function to start the solution workflow.
Step 4 AWS Step Functions (solution state machine) processes network requests from the spoke accounts.
Step 5 The state machine workflow attaches a VPC to the transit gateway.
Step 6 The state machine workflow updates the VPC route table associated with the tagged subnet.
Step 7 The state machine workflow updates the transit gateway route table with association and propagation changes.
Step 8 (Optional) The state machine workflow updates the attachment name with the VPC name and the OU name for the spoke account (retrieved from the Org Management account).
Step 9 The solution updates Amazon DynamoDB with the information extracted from the event and resources created, updated, or deleted in the workflow.
Step 1 This template deploys an Amazon EventBridge rule that monitors specific virtual private cloud (VPC) and subnet tag changes.
Step 2 An EventBridge rule in the spoke account sends the tags to the EventBridge bus in the hub account.
Step 3 The rules associated with the EventBridge bus invoke an AWS Lambda function to start the solution workflow.
Step 4 AWS Step Functions (solution state machine) processes network requests from the spoke accounts.
Step 5 The state machine workflow attaches a VPC to the transit gateway.
Step 5 The state machine workflow attaches a VPC to the transit gateway.
Step 6 The state machine workflow updates the VPC route table associated with the tagged subnet.
Step 7 The state machine workflow updates the transit gateway route table with association and propagation changes.
Step 8 (Optional) The state machine workflow updates the attachment name with the VPC name and the OU name for the spoke account (retrieved from the Org Management account).
Step 9 The solution updates Amazon DynamoDB with the information extracted from the event and resources created, updated, or deleted in the workflow.
Step 1 This template deploys an Amazon EventBridge rule that monitors specific virtual private cloud (VPC) and subnet tag changes.
Step 2 An EventBridge rule in the spoke account sends the tags to the EventBridge bus in the hub account.
Step 3 The rules associated with the EventBridge bus invoke an AWS Lambda function to start the solution workflow.
Step 4 AWS Step Functions (solution state machine) processes network requests from the spoke accounts.
Step 5 The state machine workflow attaches a VPC to the transit gateway.
Step 6 The state machine workflow updates the VPC route table associated with the tagged subnet.
Step 7 The state machine workflow updates the transit gateway route table with association and propagation changes.
Step 8 (Optional) The state machine workflow updates the attachment name with the VPC name and the OU name for the spoke account (retrieved from the Org Management account).
Step 9 The solution updates Amazon DynamoDB with the information extracted from the event and resources created, updated, or deleted in the workflow.
Step 1 This template deploys an Amazon EventBridge rule that monitors specific virtual private cloud (VPC) and subnet tag changes.
Step 2 An EventBridge rule in the spoke account sends the tags to the EventBridge bus in the hub account.
Step 3 The rules associated with the EventBridge bus invoke an AWS Lambda function to start the solution workflow.
Step 4 AWS Step Functions (solution state machine) processes network requests from the spoke accounts.
Step 5 The state machine workflow attaches a VPC to the transit gateway.
"Australia Post is a self-funded postal service business with both commercial and community service obligations, serving 12.3 million delivery points across Australia. Our organization is made up of 35,000 employees so when we needed to expand our cloud technologies to scale our network across our growing cloud infrastructure with siloed VPCs and on-premises data centers, we experienced significant latency issues. The Network Orchestration for AWS Transit Gateway solution allowed us to automate our configuration and customize our network setup based on our needs with AWS Transit Gateway, reducing our network setup time from weeks to minutes, resulting on the final solution reaching 13X improved network traffic speeds between accounts."
Jason Gorringe, Cloud Services Manager
Australia Post
Related content
Training
Getting into the Serverless Mindset
Learn how to move forward without provisioning, scaling, or managing servers.
In this course, we will use sample three-tiered architecture to better understand how certain network components can help you effectively network your application. We review the differences between public and private subnets and discuss how gateways and route tables can be used for network routing.