Skip to main content
Latest Documentation
This is the latest documentation for the Cloud Posse Reference Architecture. To determine which version you're currently using, please see Version Identification.
Sponsor @cloudposse
Version: Latest

Establish Connectivity with Transit Gateway

AWS Transit Gateway (TGW) provides a central hub for connecting VPCs across multiple AWS accounts. This guide explains the Transit Gateway components, their architecture, and how to deploy them to establish network connectivity.

Components Overview

The Transit Gateway solution consists of several components that work together:

tgw/hub
Creates the Transit Gateway in the network account (core-network). This is the central routing hub that all other VPCs connect to.
tgw/attachment
Creates and manages Transit Gateway VPC attachments in connected accounts. Each account with a VPC needs an attachment to connect to the Transit Gateway.
tgw/routes
Manages Transit Gateway route tables in the network account. Controls how traffic flows between attachments.
vpc-routes
Configures VPC route tables in connected accounts to route traffic through the Transit Gateway. In stacks, this is typically configured as vpc/routes/private.

Architecture

The Transit Gateway components work together to create a hub-and-spoke network topology:

  1. The Transit Gateway is created in the core-network account (tgw/hub)
  2. VPCs in other accounts attach to the Transit Gateway (tgw/attachment)
  3. Transit Gateway route tables control routing between attachments (tgw/routes)
  4. VPC route tables in connected accounts direct traffic through the Transit Gateway (vpc/routes/private)

Connected Accounts

In the reference architecture, the following accounts connect to the Transit Gateway:

  1. core-network — The hub account where the Transit Gateway is deployed
  2. core-auto — Automation account for self-hosted GitHub runners
  3. plat-dev — Development environment
  4. plat-staging — Staging environment
  5. plat-prod — Production environment
  6. plat-sandbox — Optional sandbox environment

Deployment

Deploy the Transit Gateway infrastructure using the network workflow:

Loading workflow...

This workflow deploys the components in the correct order:

  1. Creates the Transit Gateway hub in core-network
  2. Creates VPC attachments in each connected account
  3. Configures Transit Gateway route tables
  4. Updates VPC route tables in connected accounts

References

  1. AWS Transit Gateway Documentation
  2. Transit Gateway Peering
  3. tgw/hub Component
  4. tgw/attachment Component