In this article, I’ll be walking you through a comprehensive demonstration of how to utilize the AWS Transit Gateway to establish seamless networking between Virtual Private Clouds (VPCs) across different AWS regions. This feature is particularly useful when you need to enable communication between workloads in different regions within your AWS environment.
Introduction
Before we dive into the hands-on demonstration, let’s first outline the scenario and provide a brief overview of the key concepts related to the AWS Transit Gateway.
Scenario
Imagine you have three distinct VPCs named “Production,” “Staging,” and “Chat Services.” These VPCs are spread across two different AWS regions. Furthermore, each VPC is set up within a separate AWS account. The primary goal is to enable network connectivity across regions, allowing workloads within the Production VPC in one region to communicate with workloads in the same VPC located in another region. The same requirement applies to the Staging VPC.
Additionally, there’s a “Shared Services” VPC designed to host services that are utilized by both the Production and Staging VPCs within the same region. To achieve this, networking between the Shared Services VPC and the local Production and Staging VPCs needs to be established.
To make this networking architecture efficient and secure, the transit gateways will be set up in a separate AWS account dedicated to network management.
AWS Transit Gateway Basics
The AWS Transit Gateway is a regional service that acts as a scalable and highly available cloud router. It streamlines the management of AWS networking by eliminating complex VPC-to-VPC relationships. The Transit Gateway also simplifies network configuration for hybrid setups, such as connecting on-premises facilities via Site-to-Site VPN and Direct Connect.
Transit Gateway allows the creation of multiple route tables, each associated with an attachment. This provides flexibility in routing decisions. The concept of propagation ensures that the route tables are populated with the necessary entries for proper packet routing.
Hands-On Section
Creating Transit Gateways
- Create Transit Gateways: Start by navigating to the AWS Management Console. In the VPC section, choose “Transit Gateways.” Create transit gateways in both regions (EU West 1 and EU Central 1) with unique ASN (Autonomous System Number). Uncheck default root table association and propagation options.
- Share Transit Gateways: In the network account, use AWS Resource Access Manager to share the transit gateways with the accounts that own the VPCs. Accept the share invitations in the corresponding accounts.
Configuring Transit Gateway Attachments
- Create Attachments: Create peering connection between two transit gateway
Create peering connection between two transit gateway
- Accept Attachments: In the account with the Transit Gateway, accept the attachment requests initiated by the other accounts.
Attaching VPCs to Transit Gateway
- Attach VPCs: Within each VPC-owning account, attach the VPCs to the respective transit gateways using Transit Gateway Attachments.
Then log in to transit gateway’s owner account, accept the request from VPC’s owner account
- Configure Routing: Configure the route tables associated with the transit gateway attachments. Propagate local attachments, add static routes for remote VPCs, and include black hole routes for unwanted traffic.
In Production VPC, edit the routes
Routing on Transit Gateway
- Configure Transit Gateway Route Tables: In the network account for each region, create transit gateway route tables associated with the attachments. Configure route propagation and add necessary routes.
Create 4 transit gateway route table.
- Propagate Attachments: Propagate attachments for specific route tables to enable route propagation.
select association tab
Repeat process for all route table.
Select prod-route-table
Click on tab “Propagation”, hit button “Create Propagation”
- Add Routes: Add static routes for communication between VPCs across regions and within the same region.
Click on “route” tab , then fulfill information, hit the button “create static route”.
Create black hole route
Testing and Conclusion
After setting up the transit gateway architecture and configuring the necessary attachments and routes, it’s time to put the networking to the test. Access an EC2 instance in the Production VPC via AWS Systems Manager’s Session Manager. From there, ping IP addresses of instances in different VPCs and regions to verify the connectivity.
By successfully completing the testing phase, you’ve demonstrated the power of AWS Transit Gateway in enabling seamless networking between VPCs across different regions, fostering efficient communication while adhering to security and organizational requirements.
In conclusion, the AWS Transit Gateway offers a robust solution for managing network connectivity across AWS regions, simplifying complex networking configurations, and ensuring efficient and secure communication between VPCs. Whether you’re dealing with inter-region peering or hybrid setups, the AWS Transit Gateway proves to be a valuable tool in your AWS networking arsenal.
Thank you for joining this demonstration, and remember to keep exploring and experimenting with AWS services to maximize the potential of your cloud environment!