AWS Transit Gateway#
Transit Gateway is a piece of AWS Networking that allows us to connect our many online subnets or VPCs together. The Transit Gateway is connected to campus via an AWS Direct Connect and a fallback VPN link.
Transit Gateway is managed by terraform code in the aws-tgw-customers project in the DIT NIS Network Operations group in code.vt.edu.
There are instructions inside the project outlining its use. Summarily, the instructions have you enumerate an object including the various vpc the new customer will be using. When the terraform runs, it loops and creates the appropriate routing allowing the indicated VPCs access to the various VT campus networks via Transit Gateway.
Transit Gateway Routes
The routing created by the terraform governing this project will be observable in the customers account, but they will not see the Transit Gateway routes which reside in the vtnis-ss account.
In order to run the terraform, you will need to assume the role neo-customer-network-access.
Links#
-
Code:
- Customer Transit Gateway Terraform: https://code.vt.edu/dit-nis-network/aws-network
- AWS Networking (Transit Gateway, Direct Connecxt, VPN): https://code.vt.edu/dit-nis-network/aws-tgw-and-dxgw
- IAM Roles Terraform: https://code.vt.edu/it-common-platform/internal/aws/iam
-
Documentation:
- Transit Gateway Architecture Google Doc: https://docs.google.com/document/d/1LoTlwQxpDSQBiGC5YMq_TocdwF3kZpLVP-4NHfNSBiE
- NIS Wiki - AWS Networking: []https://internal.nis.vt.edu/wiki/pages/viewpage.action?spaceKey=AN&title=AWS+Networking+](https://internal.nis.vt.edu/wiki/pages/viewpage.action?spaceKey=AN&title=AWS+Networking+)
- NIS AWS Connectivity Customer Requirements: https://code.vt.edu/dit-nis-network/vt-aws-connectivity-customer-req
Critical Concerns#
- Any Interruption of Transit Gateway will affect the communication between all internally routed communications between PVCs and VT's Internal Network.