Transit Gateway is a service in AWS that simplifies network architecture and connectivity by acting as a hub for connecting multiple Virtual Private Clouds (VPCs) and on-premises networks.

Basics and Functionality:

  1. Definition: Transit Gateway is a network transit hub that allows you to connect multiple VPCs and on-premises networks through a single gateway.
  2. Hub-and-Spoke Model: Transit Gateway follows a hub-and-spoke architecture, making it easier to manage network connections.
  3. Centralized Routing: It provides centralized routing for VPCs, simplifying complex routing configurations.
  4. VPC Peering: Transit Gateway supports VPC peering, allowing VPCs to communicate with each other across the transit hub.
  5. Global Service: It’s a global service, meaning it operates across all AWS regions.

Transit Gateway Attachments:

  1. VPC Attachments: You can attach multiple VPCs to a Transit Gateway to enable communication between them.
  2. VPN Attachments: It supports VPN connections for connecting on-premises networks.
  3. Direct Connect Attachments: Transit Gateway can connect to on-premises networks through AWS Direct Connect.
  4. VPC Peering Attachments: You can attach VPC peering connections to a Transit Gateway to enable communication between peered VPCs.
  5. Transit Gateway Peering: Transit Gateway can also peer with other Transit Gateways in different AWS accounts.

Routing and Route Tables:

  1. Route Tables: Transit Gateway uses route tables to control traffic between attachments.
  2. Association with VPCs: Each attachment (VPC, VPN, Direct Connect) has its associated route table.
  3. Propagation: You can propagate routes between route tables to control traffic flow.
  4. Prefix-Based Routing: Routing decisions are made based on destination prefixes (CIDR blocks) in the route tables.
  5. Default Route: A default route ( can be used for routing traffic to a default destination.

Security and Control:

  1. Security Groups and NACLs: Security Groups and Network Access Control Lists (NACLs) are still used within VPCs for fine-grained control over traffic.
  2. Security Groups Across VPCs: You can apply security groups to resources in different VPCs connected via Transit Gateway.
  3. Inter-Region Peering: Transit Gateway does not support direct peering between Transit Gateways in different regions.
  4. Encryption: Traffic between Transit Gateway and on-premises networks can be encrypted using VPN or Direct Connect.

Transit Gateway Network Manager (TGNM):

  1. Management: Transit Gateway Network Manager (TGNM) provides a centralized dashboard for managing global networks.
  2. Monitoring: TGNM provides visibility into network health and performance across multiple regions.

Scalability and Limits:

  1. VPC Limit: Each Transit Gateway can be attached to a maximum of 5,000 VPCs.
  2. Route Limits: Transit Gateway has a limit on the number of routes that can be added to a route table.
  3. Prefix Length Limit: Transit Gateway supports prefix lengths from /0 to /26.
  4. Propagation Limits: Route propagation has a limit of 100 route tables.


  1. Integration with AWS Organizations: You can associate a Transit Gateway with AWS Organizations to share it across accounts.
  2. VPC Endpoints: Transit Gateway does not support VPC endpoints; traffic destined for AWS services should go through the internet.
  3. Integration with Direct Connect Gateway: You can associate Transit Gateways with Direct Connect Gateways for more complex hybrid network architectures.


  1. Data Transfer Costs: Data transfer costs apply when traffic traverses Transit Gateway, but internal VPC-to-VPC traffic within the same region is not charged.
  2. Pricing: Transit Gateway has its own pricing model based on the number of attachments and data processed.

Transit Gateway simplifies network architecture in AWS by providing a centralized hub for connecting multiple VPCs and on-premises networks. Understanding its capabilities and configurations is essential for building scalable and well-connected AWS environments.

By Abhishek K.

Author is a Architect by profession. This blog is to share his experience and give back to the community what he learned throughout his career.