Overview
The Network Orchestration for AWS Transit Gateway solution automates the process of setting up and managing transit networks in distributed AWS environments. This solution allows customers to visualize and monitor their global network from a single dashboard rather than toggling between Regions from the AWS Console. It creates a web interface to help control, audit, and approve transit network changes.
Benefits
Automate the process of setting up and managing transit networks in multi-account AWS environments.
Use the web user interface to either accept or reject connectivity requests when manual approval is required.
Deploy a web user interface to control, audit, and approve transit network changes.
Use rules to automatically accept or reject network changes based on the Organization Unit (OU).
Technical details
The following diagram presents the architecture you can automatically deploy using the solution's implementation guide and accompanying AWS CloudFormation templates.
Step 1
This template deploys an Amazon EventBridge rule that monitors specific virtual private cloud (VPC) and subnet tag changes.
Step 2
An EventBridge rule in the spoke account sends the tags to the EventBridge bus in the hub account.
Step 3
The rules associated with the EventBridge bus invoke an AWS Lambda function to start the solution workflow.
Step 4
AWS Step Functions (solution state machine) processes network requests from the spoke accounts.
Step 5
The state machine workflow attaches a VPC to the transit gateway.
Step 6
The state machine workflow updates the VPC route table associated with the tagged subnet.
Step 7
The state machine workflow updates the transit gateway route table with association and propagation changes.
Step 8
(Optional) The state machine workflow updates the attachment name with the VPC name and the OU name for the spoke account (retrieved from the Org Management account).
Step 9
The solution updates Amazon DynamoDB with the information extracted from the event and resources created, updated, or deleted in the workflow.
Step 1
This template deploys an Amazon EventBridge rule that monitors specific virtual private cloud (VPC) and subnet tag changes.
Step 2
An EventBridge rule in the spoke account sends the tags to the EventBridge bus in the hub account.
Step 3
The rules associated with the EventBridge bus invoke an AWS Lambda function to start the solution workflow.
Step 4
AWS Step Functions (solution state machine) processes network requests from the spoke accounts.
Step 5
The state machine workflow attaches a VPC to the transit gateway.
Step 6
The state machine workflow updates the VPC route table associated with the tagged subnet.
Step 7
The state machine workflow updates the transit gateway route table with association and propagation changes.
Step 8
(Optional) The state machine workflow updates the attachment name with the VPC name and the OU name for the spoke account (retrieved from the Org Management account).
Step 9
The solution updates Amazon DynamoDB with the information extracted from the event and resources created, updated, or deleted in the workflow.
"Australia Post is a self-funded postal service business with both commercial and community service obligations, serving 12.3 million delivery points across Australia. Our organization is made up of 35,000 employees so when we needed to expand our cloud technologies to scale our network across our growing cloud infrastructure with siloed VPCs and on-premises data centers, we experienced significant latency issues. The Serverless Transit Network Orchestrator (STNO) solution allowed us to automate our configuration and customize our network setup based on our needs with AWS Transit Gateway, reducing our network setup time from weeks to minutes, resulting on the final solution reaching 13X improved network traffic speeds between accounts."
Related content
Getting into the Serverless Mindset
Learn how to move forward without provisioning, scaling, or managing servers.
Subnets, Gateways, and Route Tables Explained
In this course, we will use sample three-tiered architecture to better understand how certain network components can help you effectively network your application. We review the differences between public and private subnets and discuss how gateways and route tables can be used for network routing.