Creating a large network, connecting multiple VPC and an on-premises data center together can be done in multiple ways. In this article I will explain how to do this by using Transit Gateway and Direct Connect on a high-level.
Transit Gateway and Direct Connect can be used to interconnect multiple VPCs and on-premises data centers, allowing communication between these networks. Because Transit Gateway is transitive, all networks connected to the Transit Gateway can communicate with each other when the correct routes are configured.
First we start by connecting the VPCs together by using Transit Gateway. Transit Gateway provides a hub and spoke for interconnecting VPCs and other networks. Because Transit Gateway is transitive all VPCs and connected networks can communicate with each other if the correct routes are configured.
Connecting on-premises network to AWS using Direct Connect
After connecting the VPCs together we want to add the on-premises network to our large network. This can be achieved with Virtual Private Gateway and Direct Connect Gateway which I will explain below.
A Virtual Private Gateway is used to associate VPNs or Direct Connect to a single VPC.
Virtual Private Gateways have a downside that you have to set them up for every VPC individually which is not a scalable solution. The other reason to not use the Virtual Private Gateways is that we cannot attach it to the Transit Gateway without a Direct Connect Gateway. The Direct Connect gateway is able to associate with either multiple Transit Gateways or Virtual Private Gateways.
Interconnecting AWS and on-premises networks
Below you find the full picture of the solution. By attaching the VPCs to the Transit Gateway and attaching the Direct Connect Gateway to that same Transit Gateway the network can communicate with each other.
In this blog I showed you how you can use Transit Gateway and the Direct Connect Gateway to interconnect an on-premises network and multiple AWS VPCs