AWS Transit Gateway のアイコン

AWS Transit Gateway Popular2018年〜

A network hub that connects multiple VPCs and on-premises networks in a hub-and-spoke topology

About 2 min read

What It Does

AWS Transit Gateway consolidates multiple VPCs, VPN connections, and Direct Connect gateways into a single hub for interconnection. Instead of mesh-style VPC Peering connections, it simplifies connectivity with a hub-and-spoke topology. Route tables control traffic paths and enable network segmentation.

Use Cases

Network connectivity for large multi-account environments with dozens to hundreds of VPCs, connecting on-premises to multiple VPCs, centralized access to shared service VPCs (DNS, authentication), and cross-region network connectivity.

Everyday Analogy

Think of an airport hub. Instead of flying direct routes (VPC Peering) between every city (VPC), routing through a hub airport (Transit Gateway) dramatically reduces the number of routes while enabling travel between all cities.

What Is Transit Gateway?

AWS Transit Gateway functions as a network hub. With VPC Peering, fully connecting N VPCs requires N*(N-1)/2 peering connections, but Transit Gateway needs only N attachments. For 10 VPCs, that's 45 peering connections reduced to just 10 attachments.

Route Tables and Segmentation

Transit Gateway route tables control which VPCs can communicate with each other. By creating multiple route tables and associating attachments, you can implement segmentation like isolating production from development networks or controlling access between departments. Transit Gateway Peering connects Transit Gateways across regions to build global networks. For detailed coverage of route tables and segmentation, related books on Amazon are a useful reference.

Getting Started

Create a Transit Gateway in the VPC console and add the VPCs you want to connect as attachments. Add routes to each VPC's route table pointing to the Transit Gateway. Share the Transit Gateway with other accounts using RAM (Resource Access Manager) for multi-account environments.

Things to Watch Out For

  • Pay-per-use based on attachment count and data processing volume. May cost more than VPC Peering (data transfer only) in some cases
  • For a small number of VPC connections, VPC Peering is simpler and more cost-effective. Transit Gateway becomes beneficial when connecting 5+ VPCs
共有するXB!

Related Services

Amazon VPC iconAmazon VPCBuild a logically isolated virtual network on AWSAWS Direct Connect iconAWS Direct ConnectA service that provides a dedicated network connection between on-premises and AWS for stable, low-latency connectivityAWS Resource Access Manager iconAWS Resource Access ManagerSecurely share AWS resources with other accounts within your organizationAWS Network Manager iconAWS Network ManagerA service for centrally managing global networks and visualizing Transit Gateway and SD-WAN connectivity

Related Articles

Building Dedicated Connections with AWS Direct Connect - Redundancy Design and Traffic ControlDesign redundant dedicated connections and connect to VPCs across multiple regions with Direct Connect Gateway. This article also covers bandwidth aggregation with LAG and MACsec encryption.Visualizing Your Global Network with AWS Network Manager - Centralized Topology and Health ManagementLearn how to visualize the topology of your global network including Transit Gateways and VPNs, and verify connectivity with route analysis.Resource Sharing Management - Efficient Resource Utilization in Multi-Account Environments with AWS RAMLearn about resource sharing in multi-account environments with AWS RAM (Resource Access Manager) and organization-wide resource management through AWS Organizations integration. Explore practical patterns for VPC subnet sharing and Transit Gateway sharing.Building a Hub-and-Spoke Network with AWS Transit Gateway - Multi-VPC Connectivity DesignConsolidate multiple VPCs and on-premises networks in a hub-and-spoke topology, establish security boundaries with route table isolation, and enable multi-region connectivity through peering.Why Is the Default VPC CIDR /16? - IP Address Design Trivia and Common PitfallsLearn why the default VPC CIDR is set to /16, the history of RFC 1918 private address space, the 5 reserved IP addresses in each subnet, and common CIDR design mistakes.

More in This Category

Amazon API Gateway iconAmazon API Gateway PopularA fully managed service for creating, publishing, managing, and monitoring APIsAWS App Mesh iconAWS App Mesh SpecializedA service mesh that controls and monitors communication between microservicesAWS Cloud Map iconAWS Cloud Map SpecializedA service discovery service for application resourcesAmazon CloudFront iconAmazon CloudFront EssentialA CDN service that delivers content at high speed from edge locations around the worldAWS Direct Connect iconAWS Direct Connect PopularA service that provides a dedicated network connection between on-premises and AWS for stable, low-latency connectivityElastic IP Address iconElastic IP Address SpecializedA static public IPv4 address that you associate with EC2 instancesElastic Load Balancing iconElastic Load Balancing EssentialA service that automatically distributes traffic across multiple servers for high availability and fault toleranceAWS Global Accelerator iconAWS Global Accelerator SpecializedA service that improves application availability and performance using the AWS global network

Similar Articles and Services

Building a Hub-and-Spoke Network with AWS Transit Gateway - Multi-VPC Connectivity DesignConsolidate multiple VPCs and on-premises networks in a hub-and-spoke topology, establish security boundaries with route table isolation, and enable multi-region connectivity through peering.AWS Transit GatewayA service that interconnects multiple VPCs and on-premises networks in a hub-and-spoke topology, dramatically simplifying network architectureVisualizing Your Global Network with AWS Network Manager - Centralized Topology and Health ManagementLearn how to visualize the topology of your global network including Transit Gateways and VPNs, and verify connectivity with route analysis.AWS Network ManagerA service for centralized visualization and management of global networksThe Depth of AWS Networking Services - Enterprise Network Design with VPC, Transit Gateway, and PrivateLinkThis article examines AWS networking services centered on VPC, Transit Gateway, PrivateLink, Direct Connect, and Network Firewall, comparing them with Azure VNet/ExpressRoute and GCP VPC/Cloud Interconnect to explain the flexibility advantages in enterprise network design.