AWS Transit Gateway is used to simplify your AWS network architecture (topology) by allowing to have transitive peering between hundreds and thousands of VPCs and on-premise data centers.
Features
Transit Gateway is designed to simplify the network connections among VPCs and on-premise networks that are connected through VPC peering or Direct Connect (DX). It is a central hub that acts as a cloud router.
- A transit gateway implements a hub-and-spoke (star) network topology.
- VPCs are connected without peering.
- On-premise networks are connected via VPN, and Direct Connect.
- It works with regional resources by default. But it can work cross-region by peering transit gateways across regions.
- It can be used across multiple AWS accounts using Resource Access Manager (RAM).
- It can use route tables to control access among VPCs.
- It supports IP multicast.
- A transit gateway scales elastically based on the volume of network traffic. Routing through a transit gateway operates at layer 3, based on their destination IP addresses.
Central NAT Gateway
- Egress-VPC
- In one VPC, setup NAT Gateways and an Internet Gateway.
- Private instances in other VPCs can access internet through the transit gateway and a NAT gateway
Sharing Resources Across Accounts through RAM
- You can share AWS RAM (Resource Access Manager) to share a transit gateway across accounts or across AWS Organization.
Scriptorium 