Centralizing Cloud Networks: A Practical Guide to Deploying AWS Transit Gateway

A well-structured network infrastructure is paramount for seamless operations. Among the many options at your disposal, Transit Gateway has emerged as a game-changer, providing a scalable and efficient solution for interconnecting Virtual Private Clouds (VPCs). Say goodbye to the complexities of VPC peering and hello to a more streamlined approach. In this blog, we’ll explore the setting up of a Transit Gateway and shed light on how this innovative tool can simplify your AWS network architecture and enhance your cloud experience. Join us as we delve into the world of Transit Gateway and unlock the potential of hassle-free VPC connectivity.

Prerequisites

1. Have an AWS account. If you don’t have one, sign up here and enjoy the benefits of the Free-Tier Account
2. View project files in my GitHub portfolio
3. Install this CloudFormation template to create IAM roles for EC2 instances and Flow Logs and an S3 Bucket for endpoint policy tests
4. Install this CloudFormation template. The template creates VPC A, VPC B and VPC C each with an IGW, NATGW and public and private subnets in 2AZs using 10.0.0.0/16, 10.1.0.0/16 and 10.2.0.0/16
5. For help with Steps 3 and 4, follow the steps as outlined in the VPC Peering blog. Follow the blog’s guidelines up to the end of the Creating 3 VPCs section

Creating a Transit Gateway

1. On the left hand pane on the VPC dashboard, click on Transit gateways. Click on Create transit gateway.

2. Give the transit gateway a Name and a description. Scroll to the bottom and click on Create transit gateway

3. Give some time for the Transit gateway to be available

Attach VPCs to Transit Gateway

The best practice for connecting VPCs to Transit Gateway is to use a dedicated /28 subnet in each availability zone and the CloudFormation run earlier created these for VPC B and VPC C alongside two private and public /24 subnets for hosting workloads. Therefore before we create the transit gateway we need to add a dedicated /28 subnet in each availability zone in VPC A for the transit gateway attachments.

Create Transit Gateway Subnets in VPC A

1. On the left pane of the VPC Dashboard, select Subnets then click on Create subnet

2. Give the VPC a name, select the Availability zone, give the IPV4 CIDR block which has to be a /28 then click on Create subnet

3. Create another subnet under VPC A with a name of VPC A TGW Subnet AZ2 in us-east-1b with a CIDR block of 10.0.5.16/28

Create a Transit Gateway Attachment for VPC A

1. On the left navigation pane of the VPC dashboard, click on Transit gateway attachments then click on Create transit gateway attachment

2. Give the Gateway attachment a name and make the selections as shown below then click on Create transit gateway attachment:

3. Wait for the Gateway attachment state to be Available

Create a Transit Gateway Attachment for VPC B

1. Follow the steps we followed creating a VPC Attachment for VPC A and create it for VPC B

2. Click on Create transit gateway attachment to create the gateway attachment and wait for the Transit gateway attachment to be Available

Create a Transit Gateway Attachment for VPC C

1. Follow the steps we followed creating a VPC Attachment for VPC A and create it for VPC C

2. Click on Create transit gateway attachment to create the gateway attachment and wait for the Transit gateway attachment to be Available

3. Now we have 3 Transit Gateway Attachments:

4. On the EC2 dashboard, click on Network interfaces and note that you have 6 network interfaces for the Transit gateway

Add Routes to the Transit Gateway (TGW) to the VPC Route Tables

1. On the left navigation panel on the VPC Dashboard, Click on Route tables. Select VPC A Private Route Table. under the Routes tab, click on Edit routes

2. Add a route to Destination 10.1.0.0/16 and Target as Transit Gateway. Add another route to 10.2.0.0/16 and Target as Transit Gateway. Click on Save changes

3. Confirm that the routes have been added to the route table

4. Edit the VPC B Private Route Table

5. Add a route to the route table with Destination 10.0.0.0/8 and the Target as Transit Gateway and click on Save changes

6. Edit the VPC C Private Route Table

7. Add a route to the route table with Destination 10.0.0.0/8 and the Target as Transit Gateway and click on Save changes

Check Connectivity

1. Proceed to the EC2 console

2. Select the VPC A Private AZ1 Server and click the Connect button

3. Click on Connect in the Session manager tab

4. On the terminal ping the instance in VPC B and the instance in VPC C

The pings are successful proving that the VPCs are connected

5. To ascertain the connection even more. Ping the instance in VPC A from VPC B and from VPC C

Clean Up

1. Delete the VPC attachments. On the VPC Dashboard, click on Transit gateway attachments. Select VPC A Attachment. Under Actions click on Delete transit gateway attachment

2. On the pop-up that appears, type delete then click on Delete

3. Repeat the process for VPC B Attachment and VPC C Attachment

4. Open the Transit gateways console, select the Transit gateway. Under Actions, click on Delete transit gateway

5. On the pop-up, type delete in the text box then click on Delete

6. Delete the 2 Subnets we created in VPC A. (VPC TGW Subnet AZ1 and VPC A TGW Subnet AZ2)

7. On the CloudFormation console, select the VPC template and click on Delete at the top. A dialog box appears to confirm deletion and click on Delete

8. Delete the NetworkingPrerequisites template

Conclusion

In summary, Transit Gateway is a better choice for connecting your cloud networks than VPC peering. It’s like a modern and user-friendly tool, while VPC peering is old and complicated. By following the steps in this blog, you can make your network work better and adapt to your needs. So, choose Transit Gateway and make your cloud network easier to manage and more flexible. Your cloud journey just got a whole lot smoother!