"Building a Scalable AWS Network Architecture with Transit Gateway"

🚀 In this blog, we’ll walk through how to connect multiple Amazon VPCs using AWS Transit Gateway, allowing EC2 instances in different VPCs to communicate with each other. This is useful in scenarios where you need scalable, centralized connectivity across multiple VPCs.

📌 Task Breakdown

Here's what we are going to do:

1. Create 3 different VPCs in the same region

2. Launch 1 EC2 instance in each VPC

3. Create a Transit Gateway

4. Attach all 3 VPCs to the Transit Gateway

5. Update route tables and security groups

6. Test connectivity between EC2 instances

🛠️ Step 1: Create 3 VPCs in the Same Region

We’ll create 3 VPCs with non-overlapping CIDR ranges.

Actions:

• Go to VPC Dashboard > Create VPC

• Select VPC only option

• Create VPCs with following CIDRs:

  • VPC-1: 10.1.0.0/16

  • VPC-2: 10.2.0.0/16

  • VPC-3: 10.3.0.0/16

• Enable DNS Hostnames

Repeat the above step for all 3 VPCs.

🧱 Step 2 : - Create Subnets for Each VPC

🔹 Subnet Creation for VPC-1

1. Go to: VPC Dashboard > Subnets > Create Subnet

2. Fill the details:

   • Name tag: Sub1

   • VPC: Select VPC-1

   • Availability Zone: e.g., ap-south-1a

   • IPv4 CIDR block: 10.1.0.0/24

3. Click Create Subnet

Repeat same for:

🔹 VPC-2:

• Name tag: Sub2

• VPC: VPC-2

• AZ: ap-south-1a

• CIDR: 10.1.2.0/24

🔹 VPC-3:

• Name tag: Sub3

• VPC: VPC-3

• AZ: ap-south-1a

• CIDR: 0.1.3.0/24

🚀 Step 3: Launch EC2 Instances and Configure Subnets

In this step, I launched three EC2 instances and mapped them according to the subnets we created earlier.

🔹 Instance Configuration Summary:

🚏 Step 4: Create and Attach Transit Gateway

To enable communication between multiple VPCs, I created a Transit Gateway (TGW) and attached it to all three VPCs.

🔧 Steps Performed:

1. Created a Transit Gateway from the VPC Dashboard.

2. Attached the Transit Gateway to the following VPCs:

   • VPC-1 (contains the public EC2 instance)

   • VPC-2 (contains private EC2 instance)

   • VPC-3 (contains another private EC2 instance)

3. This setup allows centralized routing and enables communication between all EC2 instances across VPCs via the Transit Gateway.

I used this method to avoid the complexity of VPC Peering and simplify inter-VPC networking.

🌐 Step 5: Making VPC-1 Public using Internet Gateway

To allow internet access for the EC2 instance in VPC-1, I made one of its subnets public by attaching an Internet Gateway (IGW).

🔧 Steps Performed:

1. Created an Internet Gateway (IGW).

2. Attached the IGW to VPC-1.

3. In the route table of VPC-1, associated only Subnet-1 (which contains the public EC2 instance).

4. Added a route in the route table with:

   • Destination: 0.0.0.0/0

   • Target: Internet Gateway

With this setup, only Subnet-11 has internet access, keeping other subnets private.

🔁 Step 6: Configuring Route Tables for Inter-VPC Communication via Transit Gateway

To enable communication between the three VPCs using the Transit Gateway (TGW), I updated each VPC’s route table as follows:

🛣️ VPC-1 Route Table:

• Destination: CIDR of VPC-2 → Target: Transit Gateway

• Destination: CIDR of VPC-3 → Target: Transit Gateway

🛣️ VPC-2 Route Table:

• Destination: CIDR of VPC-1 → Target: Transit Gateway

• Destination: CIDR of VPC-3 → Target: Transit Gateway

🛣️ VPC-3 Route Table:

• Destination: CIDR of VPC-1 → Target: Transit Gateway

• Destination: CIDR of VPC-2 → Target: Transit Gateway

📌 Note: I used each VPC’s CIDR block (e.g., 10.1.0.0/16, 10.2.0.0/16, 10.3.0.0/16) as the destination in the respective route tables.

🔒 Step 7: Updating Security Groups to Allow All Traffic (For Testing Only)

To ensure temporary connectivity between EC2 instances across VPC-1, VPC-2, and VPC-3 during Transit Gateway testing, I updated the Security Groups (SGs) as follows:

• Inbound Rules:

  • Type: All Traffic

  • Protocol: All

  • Port Range: All

  • Source: 0.0.0.0/0 or respective VPC CIDR blocks

• Outbound Rules:

  • Type: All Traffic

  • Protocol: All

  • Port Range: All

  • Destination: 0.0.0.0/0 or respective VPC CIDR blocks

⚠️ Note:
Allowing All Traffic (0.0.0.0/0) is not recommended for production environments.
This is done here only for understanding and testing purposes.
In real-world setups, always apply principle of least privilege for better security.

✅ Final Step: Ping Test for Verification

• Finally, I logged into EC2-1 (Public Server in VPC-1) and pinged the private IPs of EC2-2 (Private Server in VPC-2) and EC2-3 (Private Server in VPC-3).

• The ping was successful, which confirms that communication between all VPCs is properly set up through the Transit Gateway.

🔒 Note:
Allowing All Traffic in the Security Group was done only for testing and learning purposes.
This is not a recommended practice in production. Always apply least privilege security rules.

✅ Final Wrap-Up: Transit Gateway Task

In this quick networking task, I configured 3 separate VPCs and successfully connected them using a single Transit Gateway.
Key highlights:

• VPC-1 was made public via an Internet Gateway and a public subnet.

• Proper route tables were updated in all VPCs to route traffic through the Transit Gateway.

• Security Groups were temporarily set to allow all traffic for testing (⚠️ Not recommended for production).

• Finally, from the public EC2 in VPC-1, I was able to ping the private EC2 instances in VPC-2 and VPC-3.

✔️ Result: Smooth inter-VPC communication confirmed via Transit Gateway setup.

👨‍💻 About the Author

This series isn't just about using AWS; it's about mastering the core services that power modern cloud infrastructure.

---

📬 Let's Stay Connected

• 📧 Email: gujjarapurv181@gmail.com

• 🐙 GitHub: github.com/ApurvGujjar07

• 💼 LinkedIn: linkedin.com/in/apurv-gujjar