AWS Multi Region Connectivity - Transit Gateway

Imagine a Situation where you have on On - Prem device or in Cloud and you have now on boarded a New cloud in your Project. So the Device that was on On Prem or on Different cloud, you want to create a connevtivty with the device that was on On Prem / existing cloud with the newly on boarded cloud on the project. What solution can you implement ?

Transit Gateways : Actually solves this particular problem. So when you want to connect 2 different cloud, or On prem system to Cloud provider , AWS Transit Gateway helps you to solve this situation .

We can put it more techinically “ Tansit Gateway act as network Hub, to interconnect different VPC and On Premises cloud , as you expand you network Infrastructure globally “

Few Concepts of Transit Gateway ::

1 ) Attachments :

You can attach

a) One of More vpc

b) Peering connection with other transit Gateway

c) A VPN connection to transit Gateway

2) Transit Gateway Route Table : Tansit Gateway have default route table and can have additional route tables, they have both dynamic and static route of the next hop as per the destination . Destination could be any transit gateway attachments

3) Associations — Each attachment is associated with exactly one route table. Each route table can be associated with zero to many attachments.

We wil try to Implement above architecture.

PS note: While Implemention we can use any reigion where the services are available, not necessarily that we are using same Reiong and Availbilty zone, this HLA is only for reference purpose

Implementation Steps

DO THIS IN N.Virginia Region

Step 1) Create 2 VPC —> VPC 1 and VPC 2

10.0.0.0/16 and 192.168.0.0/16

With 1 AZ 1 Public Subnet No NAT GAteway No VPC Endpoints

2) Allow All traffic in Security Groups for both VPC

3) Create a transit Gateway

VPC —> Transit Gateway —> Create Tansit Gateway → Give some name —> Create

4) Attach the Transit Gatw to VPC

Create Transit Gateway Attachment —> Name it —> Slelct Transit Gateway ID —> Attachment Tyep = VPC —> VPC ID —> Create Tansitgateway

We need to do this above steps 2 times , one by one for both the VPC

5) Lanuch 2 EC2 instance each with 1 vpc created

6) Go to Route table og VPC 1 and allow the Routes for vpc2 , need to select the Transit gate way of vpc1 allatche in rt1 and vpc2 attachment in vpc2 rt table

7) From VPC 1 EC2 box check if we can ping VPC2 EC2 publicn IP or not and vice versa, This shuld work

** Make Sure you are pinging there Public IPs not the private **

JUMP TP OHIO REGION

We need to do same steps as we did above previos region(N.Virginia)

Step 1) VPC should already be there by default, so no need to create a New VPC.

Step 2) Keep all INBOUND rules open in SG

Step 3 ) Create a Transit Gateway and Attach the Transit Gateway

Step 4) Go to Route tables and add routes to Prvious Region VPC’c

Step 5 ) All the Routing configuration is done now launch the EC2 instance

And Try to Ping the EC2 Instance or other VPC (N.Virginia) , it should work

Similary try to Ping from VPC1 and VPC2 EC2 Instance they should also work

** Make Sure you are pinging there Public IPs not the private **

** Interview Question

What are the steps to create Transit Gateway

How may VPC you have and how you manage

What is difference between peering , vpg and Transit agteway

In real time scenarios , we need to conect VPN tunnel to tunnel