📡 You're offline — showing cached content
New version available!
Quick Access
🗺️ Roadmaps 🃏 Flashcards 📚 Series 🎓 Tutorials 🗺️ My Path 🎤 Mock Interview Cheat Code 📄 Resume Builder 🛠️ Dev Tools
Tutorials AWS Solutions Architect Transit Gateway

Transit Gateway

5 min read Quiz at the end
Use Transit Gateway as a central hub to connect VPCs and on-premises networks. Understand route tables for network segmentation.

Transit Gateway — Central Hub for Network Connectivity

Transit Gateway (TGW) is a network hub that connects thousands of VPCs and on-premises networks. Instead of creating VPC peering connections between every pair of VPCs (complex mesh), all VPCs connect to one central Transit Gateway.

Teacher Note: Without Transit Gateway, connecting 10 VPCs requires 45 individual peering connections (n*(n-1)/2). With Transit Gateway, each VPC connects to just one hub — 10 connections total. Like a train station that connects all cities, versus building individual roads between every pair of cities.

Without vs With Transit Gateway

WITHOUT Transit Gateway (VPC Peering Mesh):
  10 VPCs = 45 peering connections
  100 VPCs = 4,950 peering connections
  Problem: Non-transitive, no central management

WITH Transit Gateway:
  10 VPCs = 10 TGW attachments
  100 VPCs = 100 TGW attachments
  Central route table management
  Supports transitive routing

Transit Gateway Architecture

                [Transit Gateway]
                      |
       +--------------+------------------+
       |              |                  |
   VPC-Prod       VPC-Dev          Direct Connect
   (App servers)  (Development)    (On-premises)
       |              |                  |
   VPC-DB       VPC-Staging        VPN Connection
   (Database)    (Testing)         (Backup path)

TGW Route Tables

Transit Gateway uses route tables to control which VPCs can communicate with which. You can isolate environments (prod cannot talk to dev) while allowing all to reach shared services.

Route Table: Production
  - Route to VPC-Prod: ALLOW
  - Route to VPC-Shared-Services: ALLOW  
  - Route to VPC-Dev: DENY (not configured)

Route Table: Development
  - Route to VPC-Dev: ALLOW
  - Route to VPC-Shared-Services: ALLOW
  - Route to VPC-Prod: DENY (isolation)
Exam Tip: TGW is also the recommended way to connect AWS to on-premises via Direct Connect or VPN — one TGW attachment gives all connected VPCs access to on-premises, instead of separate VPN per VPC. TGW also supports multicast for streaming applications.