Amazon Web Service (AWS)

Transit Gateway

Network

A transit gateway (TGW) is fully managed service that acts as a network transit hub used to connect virtual private clouds (VPCs) and on-premises networks through a single place, to simplify management and control over your organization connected networks while reducing operational costs.

Costs

Transit Gateway (TGW) charges for the amount of data transferred through the gateway and for the number of VPN and Direct Connect connections attached to the gateway. You are also charged for the amount of data processed by the gateway. The cost of using Transit Gateway can vary based on the amount of data transferred, the number of VPN and Direct Connect connections, and the amount of data processed.

Direct Cost

<Region>-TransitGateway-Bytes

Indirect Cost

No items found.

Terraform Name

aws_ec2_transit_gateway

Transit Gateway

attributes:

amazon_side_asn - (Optional) Private Autonomous System Number (ASN) for the Amazon side of a BGP session. The range is 64512 to 65534 for 16-bit ASNs and 4200000000 to 4294967294 for 32-bit ASNs. Default value: 64512.
auto_accept_shared_attachments - (Optional) Whether resource attachment requests are automatically accepted. Valid values: disable, enable. Default value: disable.
default_route_table_association - (Optional) Whether resource attachments are automatically associated with the default association route table. Valid values: disable, enable. Default value: enable.
default_route_table_propagation - (Optional) Whether resource attachments automatically propagate routes to the default propagation route table. Valid values: disable, enable. Default value: enable.
description - (Optional) Description of the EC2 Transit Gateway.
dns_support - (Optional) Whether DNS support is enabled. Valid values: disable, enable. Default value: enable.
multicast_support - (Optional) Whether Multicast support is enabled. Required to use ec2_transit_gateway_multicast_domain. Valid values: disable, enable. Default value: disable.
tags - (Optional) Key-value tags for the EC2 Transit Gateway. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
transit_gateway_cidr_blocks - (Optional) One or more IPv4 or IPv6 CIDR blocks for the transit gateway. Must be a size /24 CIDR block or larger for IPv4, or a size /64 CIDR block or larger for IPv6.
vpn_ecmp_support - (Optional) Whether VPN Equal Cost Multipath Protocol support is enabled. Valid values: disable, enable. Default value: enable.

‍

Associating resources with a

Transit Gateway

Resources do not "belong" to a

Transit Gateway

Rather, one or more Security Groups are associated to a resource.

Create

Transit Gateway

via Terraform:

The following HCL creates a transit gateway

Syntax:

resource "aws_ec2_transit_gateway" "example" {
description = "example"
}

Create

Transit Gateway

via CLI:

Parametres:

create-transit-gateway
[--description <value>]
[--options <value>]
[--tag-specifications <value>]
[--dry-run | --no-dry-run]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
[--debug]
[--endpoint-url <value>]
[--no-verify-ssl]
[--no-paginate]
[--output <value>]
[--query <value>]
[--profile <value>]
[--region <value>]
[--version <value>]
[--color <value>]
[--no-sign-request]
[--ca-bundle <value>]
[--cli-read-timeout <value>]
[--cli-connect-timeout <value>]
[--cli-binary-format <value>]
[--no-cli-pager]
[--cli-auto-prompt]
[--no-cli-auto-prompt]

Example:

aws ec2 create-transit-gateway \
--description MyTGW \
--options AmazonSideAsn=64516,AutoAcceptSharedAttachments=enable,DefaultRouteTableAssociation=enable,DefaultRouteTablePropagation=enable,VpnEcmpSupport=enable,DnsSupport=enable

Best Practices for

Transit Gateway

Categorized by Availability, Security & Compliance and Cost

Low

Cross transit connectivity is allowed by EC2

Security & Compliance