This pattern describes the simplest configuration in which AWS Transit Gateway can be used to connect an on-premises network to virtual private clouds (VPCs) in multiple AWS accounts within an AWS Region. Using this setup, you can establish a hybrid network that connects multiple VPC networks in a Region and an on-premises network. This is accomplished by using a transit gateway and a virtual private network (VPN) connection to the on-premises network.

Prerequisites and limitations

Prerequisites 

• An account for hosting network services, managed as a member account of an organization in AWS Organizations

• VPCs in multiple AWS accounts, without overlapping Classless Inter-Domain Routing (CIDR) blocks

Limitations 

This pattern does not support the isolation of traffic between certain VPCs or the on-premises network. All the networks attached to the transit gateway will be able to reach each other. To isolate traffic, you need to use custom route tables on the transit gateway. This pattern only connects the VPCs and on-premises network by using a single default transit gateway route table, which is the simplest configuration.

Architecture

Target technology stack  

• AWS Transit Gateway

• AWS Site-to-Site VPN

• VPC

• AWS Resource Access Manager (AWS RAM)

Target architecture 

https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/centralize-network-connectivity-using-aws-transit-gateway.html?did=pg_card&trk=pg_card