Lab overview

You can connect Amazon Virtual Private Cloud (Amazon VPC) pairs using peering. However, managing point-to-point connectivity across many Amazon VPCs, without the ability to centrally manage the connectivity policies, can be operationally costly and cumbersome. For on-premises connectivity, you need to attach your AWS VPN to each individual Amazon VPC. This solution can be time-consuming to build and hard to manage when the number of VPCs grows into the hundreds.

With AWS Transit Gateway, you only have to create and manage a single connection from the central gateway to each VPC, on-premises data center, or remote office across your network. A transit gateway acts as a hub that controls how traffic is routed among all the connected networks, which act like spokes. This hub-and-spoke model significantly simplifies management and reduces operational costs because each network only has to connect to the transit gateway and not to every other network. Connect any new VPC to the transit gateway, and the VPC is then automatically available to every other network that is connected to the transit gateway. This ease of connectivity simplifies the ability to scale your network as you grow.

In this lab, you build and configure routing via transit gateways with multiple levels of complexity. You start by inspecting existing VPCs, subnets, route tables, and Amazon Elastic Compute Cloud (Amazon EC2) instances. You then create a transit gateway and attach four existing VPCs to the gateway. You investigate the default route table on the transit gateway, which allows all-all communication between VPCs attached to the transit gateway. After confirming a functional transit gateway, you then modify the route tables on the transit gateway to isolate communication between specific VPCs. Lastly, you peer two transit gateways across regional boundaries to show how you can configure a global network with transit gateways.

The ability to peer transit gateways between different AWS Regions enables customers to extend this connectivity and build global networks spanning multiple AWS Regions. Traffic using inter-region transit gateway peering always stays on the AWS global network and never traverses the public internet. This reduces threat vectors, such as common exploits and distributed denial of service (DDoS) attacks. Inter-region transit gateway peering encrypts inter-region traffic with no single point of failure.

Objectives

After completing this lab, you will be able to:

  • Configure a transit gateway
  • Attach VPCs to a transit gateway
  • Control and customize routing with AWS Transit Gateway
  • Peer transit gateways between two Regions
  • Use Network Manager to visualize and analyze your network

Duration

This lab requires approximately 60 minutes to complete.

Table of Contents

Section Time Stamp
Task 1: Review the network topology and create the baseline 3:02
Task 2: Create a Transit Gateway 9:36
Task 3: Create Transit Gateway attachments 14:15
Task 4: Create the Transit Gateway route table 20:49
Task 4.1: Create route table associations 22:12
Task 4.2: Create route propagations 25:28
Task 5: Update the VPC route tables 28:12
Task 5.1: Network validation 35:06
Task 6: Create a peering connection to the remote region Transit Gateway 39:31
Task 6.1: Record the Transit Gateway ID of the Remote Region 39:31
Task 6.2: Create the Transit Gateway peering connection 43:26
Task 6.3: Accept the Transit Gateway peering request – remote region 46:41
Task 6.4: Update the route table association – remote region 49:35
Task 6.5: Update the Transit Gateway route table – remote region 51:12
Task 6.6: Update the VPC route table – remote region 53:33
Task 6.7: Network validation 55:41
Task 7: Create route filters 1:03:42
Task 7.1: Network verification 1:08:22
Task 8: Visualize and analyze your network (Optional) 1:10:32
Task 8.1: Visualize the network 1:14:12
Task 8.2: Analyze a route 1:16:00
Conclusion 1:19:48