SlideShare a Scribd company logo

AWS Transit Gateway-Benefits and Best Practices

Download as PPTX, PDF
J
John Varghese

Managing connectivity between many Amazon Virtual Private Clouds (VPCs) and on-premises networks can be operationally complex and costly. In this tech talk, we will discuss how AWS transit gateway simplifies network architecture, reduces operational costs and improves security. We will also discuss best practices for designing and monitoring a global network using AWS transit gateway and Network Manager.

Technology
1 of 25
© 2020, Amazon Web Services, Inc. or its Affiliates. AWSTransit Gateway Benefits and Best Practices Nitin Ashok - Technical Account Manager, AWS Rodrigo Balan - Technical Account Manager, AWS
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Agenda • Motivation for AWS Transit Gateway • Key Features and Benefits • Common Use Cases • Sample Reference Architecture • Transit Gateway Network Manager • Best Practices
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Motivation for AWS Transit Gateway
© 2020, Amazon Web Services, Inc. or its Affiliates. What do customers want to do? Interconnect VPCs and on-prem networks Globally scale out connectivity across regions Simplify network configuration and management
© 2020, Amazon Web Services, Inc. or its Affiliates. What challenges are they facing? Complex point-to-point peering does not scale VPN Bandwidth limitations Monitoring and Management of routing configurations is time consuming
© 2020, Amazon Web Services, Inc. or its Affiliates. VPN connectionCustomer gateway AmazonVPC AmazonVPC AWS Direct Connect Gateway VPC peering VPC peering VPC peering AmazonVPC AmazonVPCVPC peering VPN connection VPN connection VPC peering Before AWSTransit Gateway
© 2020, Amazon Web Services, Inc. or its Affiliates. Before AWSTransit Gateway VPN WAN AWS Direct Connect Transit VPC Dev Prod Dev Prod Dev Prod Dev Prod Dev Prod Dev Prod
© 2020, Amazon Web Services, Inc. or its Affiliates. Introducing AWSTransit Gateway Easily interconnect thousands of VPCs and on-premise networks On-Premise Data Center AWSVPCAWSTransit Gateway
© 2020, Amazon Web Services, Inc. or its Affiliates. AWSTransit Gateway AmazonVPCAmazonVPC AmazonVPCAmazonVPC Customer gateway VPN connection AWS Direct Connect Gateway With AWSTransit Gateway
© 2020, Amazon Web Services, Inc. or its Affiliates. Key Features and Benefits
© 2020, Amazon Web Services, Inc. or its Affiliates. AWSTransit Gateway Centralized routing polices acrossVPCs and on-premises Scales to support thousands ofVPCs across multiple accounts Flexible segmentation and routing rules Horizontally scalable Increase connectivity throughput with multiple VPN connections Simplified management and network visibility PeerTransit Gateways to provide inter-region VPC connectivity AWSTransit Gateway: Key Features Route Multicast traffic betweenVPCs in the same region
© 2020, Amazon Web Services, Inc. or its Affiliates. • Centrally interconnect multipleVPCs across accounts • One central connection point forVPN and Direct Connect • Reduce or eliminate need for peer to peer networking • IncreaseVPN throughput via ECMP routing • Peer AWSTransit Gateway across regions • Leverage the AWS Global Network for low latency cross-region connectivity • Regional construct reduces blast radius • Reduces time to configure on-premises connectivity to AWS • Easily monitor and manage from a central point • Integrated with CloudWatch andVPC Flow Logs • Leverage existingVPC security groups and network access control lists • Centrally manage the networks built aroundTransit Gateways using Transit Gateway Network Manager Simplified Networking Global Connectivity Easy Manageability AWSTransit Gateway: Benefits
© 2020, Amazon Web Services, Inc. or its Affiliates. Common Use Cases
© 2020, Amazon Web Services, Inc. or its Affiliates. Use Case – Interconnecting Geographically Dispersed On- Premise andVPC resources • Customer with multipleVPCs • Build applications that span a large number of VPCs • Share network services (DNS, Active Directory, Firewall, IDS) • Reduce management overhead
© 2020, Amazon Web Services, Inc. or its Affiliates. Use Case – Edge Consolidation • Share a commonVPN or Direct Connect Gateway (DXGW) across VPCs • Reduce time to connect on-premises resources to multipleVPCs • No additional customer network changes required when adding aVPC to AWSTransit Gateway
© 2020, Amazon Web Services, Inc. or its Affiliates. Use Case – Digital security and threat intelligence • SharedVPC hosts security tools • Web application Firewall (WAF), Data Loss Prevention (DLP), Intrusion Detection / Protection (IDS/IPS) • Scales out over native AWS Services
© 2020, Amazon Web Services, Inc. or its Affiliates. Sample Reference Architecture
© 2020, Amazon Web Services, Inc. or its Affiliates. Development Production Internet Outbound URL filtering NAT gateway DLP / Proxy Edge services WAF / ADC SD-WAN VPN / Firewall IDS / IPS Firewall / NGFW Inline services Shared services Authentication & Monitoring VPN Direct Connect Account Account Account Account Administrative accounts (logging, AWS Organizations, billing, landing zone) IAM, Cross-account roles Route tables Route tables Transit Gateway East-West + North-South AWSTransit Gateway Reference Architecture Testing VPC VPC VPC VPC VPC VPC VPC
© 2020, Amazon Web Services, Inc. or its Affiliates. Transit Gateway Network Manager
© 2020, Amazon Web Services, Inc. or its Affiliates. AWSTransit Gateway: Network Manager Benefits ofTransit Gateway Network Manager • Centralize management and monitoring of networking resources and connections to remote branch offices • Define, visualize and manage networks globally • Use Route Analyzer to verify routing configurations • Integrate with third party SD-WAN solutions including Cisco, Aruba, Silver Peak and Aviatrix • No additional fees for usingTransit Gateway Network Manager
© 2020, Amazon Web Services, Inc. or its Affiliates. Best Practices
© 2020, Amazon Web Services, Inc. or its Affiliates. Best Practices: Migrate fromTransitVPC to AWSTransit Gateway TGW MigratorTool: • Provides a seamless migration path from the transitVPC solution to AWSTransit Gateway. Prerequisites: • TheVPCs cannot have overlapping CIDRs • You cannot have identical routes pointing to two differentVPCs • Verify that you have permissions required to work with transit gateways
© 2020, Amazon Web Services, Inc. or its Affiliates. Best Practices: AWSTransit gateway design best practices – Part 1 • Limit the number of transit gateway route tables unless your design requires multiple transit gateway route tables • You do not need additional transit gateways for high availability, because transit gateways are highly available by design • Enable route propagation forAWS Direct Connect gateway attachments and BGP Site-to-SiteVPN attachments • Use Border Gateway Protocol (BGP) Site-to-SiteVPN connections. If your customer gateway device or firewall for the connection supports multipath, enable the feature
© 2020, Amazon Web Services, Inc. or its Affiliates. Best Practices: AWSTransit gateway design best practices – Part 2 • Use a separate subnet for each transit gatewayVPC attachment • Create one network ACL and associate it with all of the subnets that are associated with the transit gateway • Associate the sameVPC route table with all of the subnets that are associated with the transit gateway • For multiple Region deployments, we recommend that you use a unique Autonomous System Number (Amazon-side ASN) for each of your transit gateways
© 2020, Amazon Web Services, Inc. or its Affiliates. Further reading (blog post) • Zendesk’s Global Mesh Network: How we lowered operational overhead and cost by migrating to AWS Transit Gateway • Working with Route Tables in AWS Transit Gateway • Scaling VPN throughput using AWS Transit Gateway • Automating AWS Transit Gateway attachments to a transit gateway in a central account • Advanced Troubleshooting with AWS Transit Gateway Network Manager Route Analyzer • Migrate from Transit VPC to AWS Transit Gateway

Recommended

AWS Advanced Networking: Transit Gateway
AWS Advanced Networking: Transit GatewayAWS Advanced Networking: Transit Gateway
AWS Advanced Networking: Transit GatewayRJ Jafarkhani ☁
 
Advanced Architectures with AWS Transit Gateway
Advanced Architectures with AWS Transit GatewayAdvanced Architectures with AWS Transit Gateway
Advanced Architectures with AWS Transit GatewayAmazon Web Services
 
실전! AWS 하이브리드 네트워킹 (AWS Direct Connect 및 VPN 데모 세션) - 강동환, AWS 솔루션즈 아키텍트:: A...
실전! AWS 하이브리드 네트워킹 (AWS Direct Connect 및 VPN 데모 세션) - 강동환, AWS 솔루션즈 아키텍트:: A...실전! AWS 하이브리드 네트워킹 (AWS Direct Connect 및 VPN 데모 세션) - 강동환, AWS 솔루션즈 아키텍트:: A...
실전! AWS 하이브리드 네트워킹 (AWS Direct Connect 및 VPN 데모 세션) - 강동환, AWS 솔루션즈 아키텍트:: A...Amazon Web Services Korea
 
AWS DirectConnect 구성 가이드 (김용우) - 파트너 웨비나 시리즈
AWS DirectConnect 구성 가이드 (김용우) - 파트너 웨비나 시리즈AWS DirectConnect 구성 가이드 (김용우) - 파트너 웨비나 시리즈
AWS DirectConnect 구성 가이드 (김용우) - 파트너 웨비나 시리즈Amazon Web Services Korea
 
Implementing your landing zone - FND210 - AWS re:Inforce 2019
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Implementing your landing zone - FND210 - AWS re:Inforce 2019
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Amazon Web Services
 
[AWS Builders] AWS 네트워크 서비스 소개 및 사용 방법 - 김기현, AWS 솔루션즈 아키텍트
[AWS Builders] AWS 네트워크 서비스 소개 및 사용 방법 - 김기현, AWS 솔루션즈 아키텍트[AWS Builders] AWS 네트워크 서비스 소개 및 사용 방법 - 김기현, AWS 솔루션즈 아키텍트
[AWS Builders] AWS 네트워크 서비스 소개 및 사용 방법 - 김기현, AWS 솔루션즈 아키텍트Amazon Web Services Korea
 
AWS Summit Seoul 2023 | 가격은 저렴, 성능은 최대로! 확 달라진 Amazon EC2 알아보기
AWS Summit Seoul 2023 | 가격은 저렴, 성능은 최대로! 확 달라진 Amazon EC2 알아보기AWS Summit Seoul 2023 | 가격은 저렴, 성능은 최대로! 확 달라진 Amazon EC2 알아보기
AWS Summit Seoul 2023 | 가격은 저렴, 성능은 최대로! 확 달라진 Amazon EC2 알아보기Amazon Web Services Korea
 
Amazon Virtual Private Cloud (VPC)
Amazon Virtual Private Cloud (VPC)Amazon Virtual Private Cloud (VPC)
Amazon Virtual Private Cloud (VPC)Tejoy Vachhrajani
 

Recommended

AWS Advanced Networking: Transit Gateway
AWS Advanced Networking: Transit GatewayAWS Advanced Networking: Transit Gateway
AWS Advanced Networking: Transit GatewayRJ Jafarkhani ☁
 
Advanced Architectures with AWS Transit Gateway
Advanced Architectures with AWS Transit GatewayAdvanced Architectures with AWS Transit Gateway
Advanced Architectures with AWS Transit GatewayAmazon Web Services
 
실전! AWS 하이브리드 네트워킹 (AWS Direct Connect 및 VPN 데모 세션) - 강동환, AWS 솔루션즈 아키텍트:: A...
실전! AWS 하이브리드 네트워킹 (AWS Direct Connect 및 VPN 데모 세션) - 강동환, AWS 솔루션즈 아키텍트:: A...실전! AWS 하이브리드 네트워킹 (AWS Direct Connect 및 VPN 데모 세션) - 강동환, AWS 솔루션즈 아키텍트:: A...
실전! AWS 하이브리드 네트워킹 (AWS Direct Connect 및 VPN 데모 세션) - 강동환, AWS 솔루션즈 아키텍트:: A...Amazon Web Services Korea
 
AWS DirectConnect 구성 가이드 (김용우) - 파트너 웨비나 시리즈
AWS DirectConnect 구성 가이드 (김용우) - 파트너 웨비나 시리즈AWS DirectConnect 구성 가이드 (김용우) - 파트너 웨비나 시리즈
AWS DirectConnect 구성 가이드 (김용우) - 파트너 웨비나 시리즈Amazon Web Services Korea
 
Implementing your landing zone - FND210 - AWS re:Inforce 2019
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Implementing your landing zone - FND210 - AWS re:Inforce 2019
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Amazon Web Services
 
[AWS Builders] AWS 네트워크 서비스 소개 및 사용 방법 - 김기현, AWS 솔루션즈 아키텍트
[AWS Builders] AWS 네트워크 서비스 소개 및 사용 방법 - 김기현, AWS 솔루션즈 아키텍트[AWS Builders] AWS 네트워크 서비스 소개 및 사용 방법 - 김기현, AWS 솔루션즈 아키텍트
[AWS Builders] AWS 네트워크 서비스 소개 및 사용 방법 - 김기현, AWS 솔루션즈 아키텍트Amazon Web Services Korea
 
AWS Summit Seoul 2023 | 가격은 저렴, 성능은 최대로! 확 달라진 Amazon EC2 알아보기
AWS Summit Seoul 2023 | 가격은 저렴, 성능은 최대로! 확 달라진 Amazon EC2 알아보기AWS Summit Seoul 2023 | 가격은 저렴, 성능은 최대로! 확 달라진 Amazon EC2 알아보기
AWS Summit Seoul 2023 | 가격은 저렴, 성능은 최대로! 확 달라진 Amazon EC2 알아보기Amazon Web Services Korea
 
Amazon Virtual Private Cloud (VPC)
Amazon Virtual Private Cloud (VPC)Amazon Virtual Private Cloud (VPC)
Amazon Virtual Private Cloud (VPC)Tejoy Vachhrajani
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS SecurityAmazon Web Services
 
AWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAmazon Web Services
 
AWS Transit Gateway를 통한 Multi-VPC 아키텍처 패턴 - 강동환 솔루션즈 아키텍트, AWS :: AWS Summit ...
AWS Transit Gateway를 통한 Multi-VPC 아키텍처 패턴 - 강동환 솔루션즈 아키텍트, AWS :: AWS Summit ...AWS Transit Gateway를 통한 Multi-VPC 아키텍처 패턴 - 강동환 솔루션즈 아키텍트, AWS :: AWS Summit ...
AWS Transit Gateway를 통한 Multi-VPC 아키텍처 패턴 - 강동환 솔루션즈 아키텍트, AWS :: AWS Summit ...Amazon Web Services Korea
 
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Amazon Web Services
 
금융권 고객을 위한 클라우드 보안 및 규정 준수 가이드 - 이대근 시큐리티 어슈어런스 매니저, AWS :: AWS Summit Seoul ...
금융권 고객을 위한 클라우드 보안 및 규정 준수 가이드 - 이대근 시큐리티 어슈어런스 매니저, AWS :: AWS Summit Seoul ...금융권 고객을 위한 클라우드 보안 및 규정 준수 가이드 - 이대근 시큐리티 어슈어런스 매니저, AWS :: AWS Summit Seoul ...
금융권 고객을 위한 클라우드 보안 및 규정 준수 가이드 - 이대근 시큐리티 어슈어런스 매니저, AWS :: AWS Summit Seoul ...Amazon Web Services Korea
 
AWS Direct Connect: Deep Dive (NET403) - AWS re:Invent 2018
AWS Direct Connect: Deep Dive (NET403) - AWS re:Invent 2018AWS Direct Connect: Deep Dive (NET403) - AWS re:Invent 2018
AWS Direct Connect: Deep Dive (NET403) - AWS re:Invent 2018Amazon Web Services
 
[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...
[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...
[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...Amazon Web Services
 
AWS PrivateLink Fundamentals
AWS PrivateLink FundamentalsAWS PrivateLink Fundamentals
AWS PrivateLink FundamentalsAmazon Web Services
 
Managing and governing multi-account AWS environments using AWS Organizations...
Managing and governing multi-account AWS environments using AWS Organizations...Managing and governing multi-account AWS environments using AWS Organizations...
Managing and governing multi-account AWS environments using AWS Organizations...Amazon Web Services
 
Arm 기반의 AWS Graviton 프로세서로 구동되는 AWS 인스턴스 살펴보기 - 김종선, AWS솔루션즈 아키텍트:: AWS Summi...
Arm 기반의 AWS Graviton 프로세서로 구동되는 AWS 인스턴스 살펴보기 - 김종선, AWS솔루션즈 아키텍트:: AWS Summi...Arm 기반의 AWS Graviton 프로세서로 구동되는 AWS 인스턴스 살펴보기 - 김종선, AWS솔루션즈 아키텍트:: AWS Summi...
Arm 기반의 AWS Graviton 프로세서로 구동되는 AWS 인스턴스 살펴보기 - 김종선, AWS솔루션즈 아키텍트:: AWS Summi...Amazon Web Services Korea
 
Introduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWSIntroduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWSAmazon Web Services
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerAmazon Web Services
 
Deep Dive on AWS Single Sign-On - AWS Online Tech Talks
Deep Dive on AWS Single Sign-On - AWS Online Tech TalksDeep Dive on AWS Single Sign-On - AWS Online Tech Talks
Deep Dive on AWS Single Sign-On - AWS Online Tech TalksAmazon Web Services
 
Amazon VPC와 ELB/Direct Connect/VPN 알아보기 - 김세준, AWS 솔루션즈 아키텍트
Amazon VPC와 ELB/Direct Connect/VPN 알아보기 - 김세준, AWS 솔루션즈 아키텍트Amazon VPC와 ELB/Direct Connect/VPN 알아보기 - 김세준, AWS 솔루션즈 아키텍트
Amazon VPC와 ELB/Direct Connect/VPN 알아보기 - 김세준, AWS 솔루션즈 아키텍트Amazon Web Services Korea
 
20200714 AWS Black Belt Online Seminar Amazon Neptune
20200714 AWS Black Belt Online Seminar Amazon Neptune20200714 AWS Black Belt Online Seminar Amazon Neptune
20200714 AWS Black Belt Online Seminar Amazon NeptuneAmazon Web Services Japan
 
[AWS Builders] AWS상의 보안 위협 탐지 및 대응
[AWS Builders] AWS상의 보안 위협 탐지 및 대응[AWS Builders] AWS상의 보안 위협 탐지 및 대응
[AWS Builders] AWS상의 보안 위협 탐지 및 대응Amazon Web Services Korea
 
20190226 AWS Black Belt Online Seminar Amazon WorkSpaces
20190226 AWS Black Belt Online Seminar Amazon WorkSpaces20190226 AWS Black Belt Online Seminar Amazon WorkSpaces
20190226 AWS Black Belt Online Seminar Amazon WorkSpacesAmazon Web Services Japan
 
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...Amazon Web Services
 
KINX와 함께 하는 AWS Direct Connect 도입 - 남시우 매니저, KINX :: AWS Summit Seoul 2019
KINX와 함께 하는 AWS Direct Connect 도입 - 남시우 매니저, KINX :: AWS Summit Seoul 2019KINX와 함께 하는 AWS Direct Connect 도입 - 남시우 매니저, KINX :: AWS Summit Seoul 2019
KINX와 함께 하는 AWS Direct Connect 도입 - 남시우 매니저, KINX :: AWS Summit Seoul 2019Amazon Web Services Korea
 
Living the AWS Well Architected Framework
Living the AWS Well Architected FrameworkLiving the AWS Well Architected Framework
Living the AWS Well Architected FrameworkAdam Dillman
 
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...AWS Summits
 
Pitt Immersion Day Module 3 - networking in AWS
Pitt Immersion Day Module 3 - networking in AWSPitt Immersion Day Module 3 - networking in AWS
Pitt Immersion Day Module 3 - networking in AWSEagleDream Technologies
 

More Related Content

What's hot

AWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAmazon Web Services
 
AWS Transit Gateway를 통한 Multi-VPC 아키텍처 패턴 - 강동환 솔루션즈 아키텍트, AWS :: AWS Summit ...
AWS Transit Gateway를 통한 Multi-VPC 아키텍처 패턴 - 강동환 솔루션즈 아키텍트, AWS :: AWS Summit ...AWS Transit Gateway를 통한 Multi-VPC 아키텍처 패턴 - 강동환 솔루션즈 아키텍트, AWS :: AWS Summit ...
AWS Transit Gateway를 통한 Multi-VPC 아키텍처 패턴 - 강동환 솔루션즈 아키텍트, AWS :: AWS Summit ...Amazon Web Services Korea
 
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Amazon Web Services
 
금융권 고객을 위한 클라우드 보안 및 규정 준수 가이드 - 이대근 시큐리티 어슈어런스 매니저, AWS :: AWS Summit Seoul ...
금융권 고객을 위한 클라우드 보안 및 규정 준수 가이드 - 이대근 시큐리티 어슈어런스 매니저, AWS :: AWS Summit Seoul ...금융권 고객을 위한 클라우드 보안 및 규정 준수 가이드 - 이대근 시큐리티 어슈어런스 매니저, AWS :: AWS Summit Seoul ...
금융권 고객을 위한 클라우드 보안 및 규정 준수 가이드 - 이대근 시큐리티 어슈어런스 매니저, AWS :: AWS Summit Seoul ...Amazon Web Services Korea
 
AWS Direct Connect: Deep Dive (NET403) - AWS re:Invent 2018
AWS Direct Connect: Deep Dive (NET403) - AWS re:Invent 2018AWS Direct Connect: Deep Dive (NET403) - AWS re:Invent 2018
AWS Direct Connect: Deep Dive (NET403) - AWS re:Invent 2018Amazon Web Services
 
[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...
[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...
[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...Amazon Web Services
 
Managing and governing multi-account AWS environments using AWS Organizations...
Managing and governing multi-account AWS environments using AWS Organizations...Managing and governing multi-account AWS environments using AWS Organizations...
Managing and governing multi-account AWS environments using AWS Organizations...Amazon Web Services
 
Arm 기반의 AWS Graviton 프로세서로 구동되는 AWS 인스턴스 살펴보기 - 김종선, AWS솔루션즈 아키텍트:: AWS Summi...
Arm 기반의 AWS Graviton 프로세서로 구동되는 AWS 인스턴스 살펴보기 - 김종선, AWS솔루션즈 아키텍트:: AWS Summi...Arm 기반의 AWS Graviton 프로세서로 구동되는 AWS 인스턴스 살펴보기 - 김종선, AWS솔루션즈 아키텍트:: AWS Summi...
Arm 기반의 AWS Graviton 프로세서로 구동되는 AWS 인스턴스 살펴보기 - 김종선, AWS솔루션즈 아키텍트:: AWS Summi...Amazon Web Services Korea
 
Introduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWSIntroduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWSAmazon Web Services
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerAmazon Web Services
 
Deep Dive on AWS Single Sign-On - AWS Online Tech Talks
Deep Dive on AWS Single Sign-On - AWS Online Tech TalksDeep Dive on AWS Single Sign-On - AWS Online Tech Talks
Deep Dive on AWS Single Sign-On - AWS Online Tech TalksAmazon Web Services
 
Amazon VPC와 ELB/Direct Connect/VPN 알아보기 - 김세준, AWS 솔루션즈 아키텍트
Amazon VPC와 ELB/Direct Connect/VPN 알아보기 - 김세준, AWS 솔루션즈 아키텍트Amazon VPC와 ELB/Direct Connect/VPN 알아보기 - 김세준, AWS 솔루션즈 아키텍트
Amazon VPC와 ELB/Direct Connect/VPN 알아보기 - 김세준, AWS 솔루션즈 아키텍트Amazon Web Services Korea
 
20200714 AWS Black Belt Online Seminar Amazon Neptune
20200714 AWS Black Belt Online Seminar Amazon Neptune20200714 AWS Black Belt Online Seminar Amazon Neptune
20200714 AWS Black Belt Online Seminar Amazon NeptuneAmazon Web Services Japan
 
[AWS Builders] AWS상의 보안 위협 탐지 및 대응
[AWS Builders] AWS상의 보안 위협 탐지 및 대응[AWS Builders] AWS상의 보안 위협 탐지 및 대응
[AWS Builders] AWS상의 보안 위협 탐지 및 대응Amazon Web Services Korea
 
20190226 AWS Black Belt Online Seminar Amazon WorkSpaces
20190226 AWS Black Belt Online Seminar Amazon WorkSpaces20190226 AWS Black Belt Online Seminar Amazon WorkSpaces
20190226 AWS Black Belt Online Seminar Amazon WorkSpacesAmazon Web Services Japan
 
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...Amazon Web Services
 
KINX와 함께 하는 AWS Direct Connect 도입 - 남시우 매니저, KINX :: AWS Summit Seoul 2019
KINX와 함께 하는 AWS Direct Connect 도입 - 남시우 매니저, KINX :: AWS Summit Seoul 2019KINX와 함께 하는 AWS Direct Connect 도입 - 남시우 매니저, KINX :: AWS Summit Seoul 2019
KINX와 함께 하는 AWS Direct Connect 도입 - 남시우 매니저, KINX :: AWS Summit Seoul 2019Amazon Web Services Korea
 
Living the AWS Well Architected Framework
Living the AWS Well Architected FrameworkLiving the AWS Well Architected Framework
Living the AWS Well Architected FrameworkAdam Dillman
 

What's hot (20)

Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
AWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best Practices
 
AWS Transit Gateway를 통한 Multi-VPC 아키텍처 패턴 - 강동환 솔루션즈 아키텍트, AWS :: AWS Summit ...
AWS Transit Gateway를 통한 Multi-VPC 아키텍처 패턴 - 강동환 솔루션즈 아키텍트, AWS :: AWS Summit ...AWS Transit Gateway를 통한 Multi-VPC 아키텍처 패턴 - 강동환 솔루션즈 아키텍트, AWS :: AWS Summit ...
AWS Transit Gateway를 통한 Multi-VPC 아키텍처 패턴 - 강동환 솔루션즈 아키텍트, AWS :: AWS Summit ...
 
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
 
금융권 고객을 위한 클라우드 보안 및 규정 준수 가이드 - 이대근 시큐리티 어슈어런스 매니저, AWS :: AWS Summit Seoul ...
금융권 고객을 위한 클라우드 보안 및 규정 준수 가이드 - 이대근 시큐리티 어슈어런스 매니저, AWS :: AWS Summit Seoul ...금융권 고객을 위한 클라우드 보안 및 규정 준수 가이드 - 이대근 시큐리티 어슈어런스 매니저, AWS :: AWS Summit Seoul ...
금융권 고객을 위한 클라우드 보안 및 규정 준수 가이드 - 이대근 시큐리티 어슈어런스 매니저, AWS :: AWS Summit Seoul ...
 
AWS Direct Connect: Deep Dive (NET403) - AWS re:Invent 2018
AWS Direct Connect: Deep Dive (NET403) - AWS re:Invent 2018AWS Direct Connect: Deep Dive (NET403) - AWS re:Invent 2018
AWS Direct Connect: Deep Dive (NET403) - AWS re:Invent 2018
 
[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...
[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...
[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...
 
AWS PrivateLink Fundamentals
AWS PrivateLink FundamentalsAWS PrivateLink Fundamentals
AWS PrivateLink Fundamentals
 
Managing and governing multi-account AWS environments using AWS Organizations...
Managing and governing multi-account AWS environments using AWS Organizations...Managing and governing multi-account AWS environments using AWS Organizations...
Managing and governing multi-account AWS environments using AWS Organizations...
 
Arm 기반의 AWS Graviton 프로세서로 구동되는 AWS 인스턴스 살펴보기 - 김종선, AWS솔루션즈 아키텍트:: AWS Summi...
Arm 기반의 AWS Graviton 프로세서로 구동되는 AWS 인스턴스 살펴보기 - 김종선, AWS솔루션즈 아키텍트:: AWS Summi...Arm 기반의 AWS Graviton 프로세서로 구동되는 AWS 인스턴스 살펴보기 - 김종선, AWS솔루션즈 아키텍트:: AWS Summi...
Arm 기반의 AWS Graviton 프로세서로 구동되는 AWS 인스턴스 살펴보기 - 김종선, AWS솔루션즈 아키텍트:: AWS Summi...
 
Introduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWSIntroduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWS
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control Tower
 
Deep Dive on AWS Single Sign-On - AWS Online Tech Talks
Deep Dive on AWS Single Sign-On - AWS Online Tech TalksDeep Dive on AWS Single Sign-On - AWS Online Tech Talks
Deep Dive on AWS Single Sign-On - AWS Online Tech Talks
 
Amazon VPC와 ELB/Direct Connect/VPN 알아보기 - 김세준, AWS 솔루션즈 아키텍트
Amazon VPC와 ELB/Direct Connect/VPN 알아보기 - 김세준, AWS 솔루션즈 아키텍트Amazon VPC와 ELB/Direct Connect/VPN 알아보기 - 김세준, AWS 솔루션즈 아키텍트
Amazon VPC와 ELB/Direct Connect/VPN 알아보기 - 김세준, AWS 솔루션즈 아키텍트
 
20200714 AWS Black Belt Online Seminar Amazon Neptune
20200714 AWS Black Belt Online Seminar Amazon Neptune20200714 AWS Black Belt Online Seminar Amazon Neptune
20200714 AWS Black Belt Online Seminar Amazon Neptune
 
[AWS Builders] AWS상의 보안 위협 탐지 및 대응
[AWS Builders] AWS상의 보안 위협 탐지 및 대응[AWS Builders] AWS상의 보안 위협 탐지 및 대응
[AWS Builders] AWS상의 보안 위협 탐지 및 대응
 
20190226 AWS Black Belt Online Seminar Amazon WorkSpaces
20190226 AWS Black Belt Online Seminar Amazon WorkSpaces20190226 AWS Black Belt Online Seminar Amazon WorkSpaces
20190226 AWS Black Belt Online Seminar Amazon WorkSpaces
 
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...
 
KINX와 함께 하는 AWS Direct Connect 도입 - 남시우 매니저, KINX :: AWS Summit Seoul 2019
KINX와 함께 하는 AWS Direct Connect 도입 - 남시우 매니저, KINX :: AWS Summit Seoul 2019KINX와 함께 하는 AWS Direct Connect 도입 - 남시우 매니저, KINX :: AWS Summit Seoul 2019
KINX와 함께 하는 AWS Direct Connect 도입 - 남시우 매니저, KINX :: AWS Summit Seoul 2019
 
Living the AWS Well Architected Framework
Living the AWS Well Architected FrameworkLiving the AWS Well Architected Framework
Living the AWS Well Architected Framework
 

Similar to AWS Transit Gateway-Benefits and Best Practices

AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...AWS Summits
 
Pitt Immersion Day Module 3 - networking in AWS
Pitt Immersion Day Module 3 - networking in AWSPitt Immersion Day Module 3 - networking in AWS
Pitt Immersion Day Module 3 - networking in AWSEagleDream Technologies
 
Networking and Edge Services on AWS
Networking and Edge Services on AWSNetworking and Edge Services on AWS
Networking and Edge Services on AWSAmazon Web Services
 
Enterprise Network Architectures on AWS
Enterprise Network Architectures on AWSEnterprise Network Architectures on AWS
Enterprise Network Architectures on AWSAmazon Web Services
 
Connecting Many VPCs: Network Design Patterns at Scale (ARC405) - AWS re:Inve...
Connecting Many VPCs: Network Design Patterns at Scale (ARC405) - AWS re:Inve...Connecting Many VPCs: Network Design Patterns at Scale (ARC405) - AWS re:Inve...
Connecting Many VPCs: Network Design Patterns at Scale (ARC405) - AWS re:Inve...Amazon Web Services
 
Best Practices for AWS PrivateLink (NET301) - AWS re:Invent 2018
Best Practices for AWS PrivateLink (NET301) - AWS re:Invent 2018Best Practices for AWS PrivateLink (NET301) - AWS re:Invent 2018
Best Practices for AWS PrivateLink (NET301) - AWS re:Invent 2018Amazon Web Services
 
DevNetOps: Automating large-scale hybrid cloud architectures - AWS Summit Cap...
DevNetOps: Automating large-scale hybrid cloud architectures - AWS Summit Cap...DevNetOps: Automating large-scale hybrid cloud architectures - AWS Summit Cap...
DevNetOps: Automating large-scale hybrid cloud architectures - AWS Summit Cap...Amazon Web Services
 
Learn How Salesforce used ADCs for App Load Balancing for an International Ro...
Learn How Salesforce used ADCs for App Load Balancing for an International Ro...Learn How Salesforce used ADCs for App Load Balancing for an International Ro...
Learn How Salesforce used ADCs for App Load Balancing for an International Ro...Amazon Web Services
 
MSC202_Learn How Salesforce Used ADCs for App Load Balancing for an Internati...
MSC202_Learn How Salesforce Used ADCs for App Load Balancing for an Internati...MSC202_Learn How Salesforce Used ADCs for App Load Balancing for an Internati...
MSC202_Learn How Salesforce Used ADCs for App Load Balancing for an Internati...Amazon Web Services
 
Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure IntegrationAmazon Web Services
 
5 Best Practices for Building an AWS Global Transit Network
5 Best Practices for Building an AWS Global Transit Network 5 Best Practices for Building an AWS Global Transit Network
5 Best Practices for Building an AWS Global Transit NetworkAmazon Web Services
 
Running Hybrid Cloud Patterns on AWS
Running Hybrid Cloud Patterns on AWSRunning Hybrid Cloud Patterns on AWS
Running Hybrid Cloud Patterns on AWSShiva Narayanaswamy
 
Designing Network Architectures with Direct Connect for Multiple Traffic Stre...
Designing Network Architectures with Direct Connect for Multiple Traffic Stre...Designing Network Architectures with Direct Connect for Multiple Traffic Stre...
Designing Network Architectures with Direct Connect for Multiple Traffic Stre...Amazon Web Services
 
Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure IntegrationAmazon Web Services
 
Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure IntegrationAmazon Web Services
 
Networking Many VPCs: Transit and Shared Architectures - NET404 - re:Invent 2017
Networking Many VPCs: Transit and Shared Architectures - NET404 - re:Invent 2017Networking Many VPCs: Transit and Shared Architectures - NET404 - re:Invent 2017
Networking Many VPCs: Transit and Shared Architectures - NET404 - re:Invent 2017Amazon Web Services
 
Enterprise Network Transformation Powered by OrangeX, with Nokia Nuage and AW...
Enterprise Network Transformation Powered by OrangeX, with Nokia Nuage and AW...Enterprise Network Transformation Powered by OrangeX, with Nokia Nuage and AW...
Enterprise Network Transformation Powered by OrangeX, with Nokia Nuage and AW...Amazon Web Services
 
Introduction to AWS OutIntroduction to AWS Outposts - CMP203 - Chicago AWS Su...
Introduction to AWS OutIntroduction to AWS Outposts - CMP203 - Chicago AWS Su...Introduction to AWS OutIntroduction to AWS Outposts - CMP203 - Chicago AWS Su...
Introduction to AWS OutIntroduction to AWS Outposts - CMP203 - Chicago AWS Su...Amazon Web Services
 
Deep Dive - Hybrid Architectures
Deep Dive - Hybrid ArchitecturesDeep Dive - Hybrid Architectures
Deep Dive - Hybrid ArchitecturesAmazon Web Services
 

Similar to AWS Transit Gateway-Benefits and Best Practices (20)

AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...
 
Pitt Immersion Day Module 3 - networking in AWS
Pitt Immersion Day Module 3 - networking in AWSPitt Immersion Day Module 3 - networking in AWS
Pitt Immersion Day Module 3 - networking in AWS
 
Networking and Edge Services on AWS
Networking and Edge Services on AWSNetworking and Edge Services on AWS
Networking and Edge Services on AWS
 
Enterprise Network Architectures on AWS
Enterprise Network Architectures on AWSEnterprise Network Architectures on AWS
Enterprise Network Architectures on AWS
 
Connecting Many VPCs: Network Design Patterns at Scale (ARC405) - AWS re:Inve...
Connecting Many VPCs: Network Design Patterns at Scale (ARC405) - AWS re:Inve...Connecting Many VPCs: Network Design Patterns at Scale (ARC405) - AWS re:Inve...
Connecting Many VPCs: Network Design Patterns at Scale (ARC405) - AWS re:Inve...
 
Best Practices for AWS PrivateLink (NET301) - AWS re:Invent 2018
Best Practices for AWS PrivateLink (NET301) - AWS re:Invent 2018Best Practices for AWS PrivateLink (NET301) - AWS re:Invent 2018
Best Practices for AWS PrivateLink (NET301) - AWS re:Invent 2018
 
DevNetOps: Automating large-scale hybrid cloud architectures - AWS Summit Cap...
DevNetOps: Automating large-scale hybrid cloud architectures - AWS Summit Cap...DevNetOps: Automating large-scale hybrid cloud architectures - AWS Summit Cap...
DevNetOps: Automating large-scale hybrid cloud architectures - AWS Summit Cap...
 
Learn How Salesforce used ADCs for App Load Balancing for an International Ro...
Learn How Salesforce used ADCs for App Load Balancing for an International Ro...Learn How Salesforce used ADCs for App Load Balancing for an International Ro...
Learn How Salesforce used ADCs for App Load Balancing for an International Ro...
 
MSC202_Learn How Salesforce Used ADCs for App Load Balancing for an Internati...
MSC202_Learn How Salesforce Used ADCs for App Load Balancing for an Internati...MSC202_Learn How Salesforce Used ADCs for App Load Balancing for an Internati...
MSC202_Learn How Salesforce Used ADCs for App Load Balancing for an Internati...
 
Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure Integration
 
Getting Started on AWS
Getting Started on AWS Getting Started on AWS
Getting Started on AWS
 
5 Best Practices for Building an AWS Global Transit Network
5 Best Practices for Building an AWS Global Transit Network 5 Best Practices for Building an AWS Global Transit Network
5 Best Practices for Building an AWS Global Transit Network
 
Running Hybrid Cloud Patterns on AWS
Running Hybrid Cloud Patterns on AWSRunning Hybrid Cloud Patterns on AWS
Running Hybrid Cloud Patterns on AWS
 
Designing Network Architectures with Direct Connect for Multiple Traffic Stre...
Designing Network Architectures with Direct Connect for Multiple Traffic Stre...Designing Network Architectures with Direct Connect for Multiple Traffic Stre...
Designing Network Architectures with Direct Connect for Multiple Traffic Stre...
 
Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure Integration
 
Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure Integration
 
Networking Many VPCs: Transit and Shared Architectures - NET404 - re:Invent 2017
Networking Many VPCs: Transit and Shared Architectures - NET404 - re:Invent 2017Networking Many VPCs: Transit and Shared Architectures - NET404 - re:Invent 2017
Networking Many VPCs: Transit and Shared Architectures - NET404 - re:Invent 2017
 
Enterprise Network Transformation Powered by OrangeX, with Nokia Nuage and AW...
Enterprise Network Transformation Powered by OrangeX, with Nokia Nuage and AW...Enterprise Network Transformation Powered by OrangeX, with Nokia Nuage and AW...
Enterprise Network Transformation Powered by OrangeX, with Nokia Nuage and AW...
 
Introduction to AWS OutIntroduction to AWS Outposts - CMP203 - Chicago AWS Su...
Introduction to AWS OutIntroduction to AWS Outposts - CMP203 - Chicago AWS Su...Introduction to AWS OutIntroduction to AWS Outposts - CMP203 - Chicago AWS Su...
Introduction to AWS OutIntroduction to AWS Outposts - CMP203 - Chicago AWS Su...
 
Deep Dive - Hybrid Architectures
Deep Dive - Hybrid ArchitecturesDeep Dive - Hybrid Architectures
Deep Dive - Hybrid Architectures
 

More from John Varghese

Lessons Learned From Cloud Migrations: Planning is Everything
Lessons Learned From Cloud Migrations: Planning is EverythingLessons Learned From Cloud Migrations: Planning is Everything
Lessons Learned From Cloud Migrations: Planning is EverythingJohn Varghese
 
Leveraging AWS Cloudfront & S3 Services to Deliver Static Assets of a SPA
Leveraging AWS Cloudfront & S3 Services to Deliver Static Assets of a SPALeveraging AWS Cloudfront & S3 Services to Deliver Static Assets of a SPA
Leveraging AWS Cloudfront & S3 Services to Deliver Static Assets of a SPAJohn Varghese
 
Bridging Operations and Development With Observabilty
Bridging Operations and Development With ObservabiltyBridging Operations and Development With Observabilty
Bridging Operations and Development With ObservabiltyJohn Varghese
 
Security Observability for Cloud Based Applications
Security Observability for Cloud Based ApplicationsSecurity Observability for Cloud Based Applications
Security Observability for Cloud Based ApplicationsJohn Varghese
 
Building an IoT System to Protect My Lunch
Building an IoT System to Protect My LunchBuilding an IoT System to Protect My Lunch
Building an IoT System to Protect My LunchJohn Varghese
 
Building a Highly Secure S3 Bucket
Building a Highly Secure S3 BucketBuilding a Highly Secure S3 Bucket
Building a Highly Secure S3 BucketJohn Varghese
 
Reduce Amazon RDS Costs up to 50% with Proxies
Reduce Amazon RDS Costs up to 50% with ProxiesReduce Amazon RDS Costs up to 50% with Proxies
Reduce Amazon RDS Costs up to 50% with ProxiesJohn Varghese
 
Keynote - Lead the change around you
Keynote - Lead the change around youKeynote - Lead the change around you
Keynote - Lead the change around youJohn Varghese
 
AWS Systems manager 2019
AWS Systems manager 2019AWS Systems manager 2019
AWS Systems manager 2019John Varghese
 
Acd19 kubertes cluster at scale on aws at intuit
Acd19 kubertes cluster at scale on aws at intuitAcd19 kubertes cluster at scale on aws at intuit
Acd19 kubertes cluster at scale on aws at intuitJohn Varghese
 
Emerging job trends and best practices in the aws community
Emerging job trends and best practices in the aws communityEmerging job trends and best practices in the aws community
Emerging job trends and best practices in the aws communityJohn Varghese
 
Automating security in aws with divvy cloud
Automating security in aws with divvy cloudAutomating security in aws with divvy cloud
Automating security in aws with divvy cloudJohn Varghese
 
AWS temporary credentials challenges in prevention detection mitigation
AWS temporary credentials challenges in prevention detection mitigationAWS temporary credentials challenges in prevention detection mitigation
AWS temporary credentials challenges in prevention detection mitigationJohn Varghese
 
Securing aws workloads with embedded application security
Securing aws workloads with embedded application securitySecuring aws workloads with embedded application security
Securing aws workloads with embedded application securityJohn Varghese
 
Of CORS thats a thing how CORS in the cloud still kills security
Of CORS thats a thing how CORS in the cloud still kills securityOf CORS thats a thing how CORS in the cloud still kills security
Of CORS thats a thing how CORS in the cloud still kills securityJohn Varghese
 
Native cloud security monitoring
Native cloud security monitoringNative cloud security monitoring
Native cloud security monitoringJohn Varghese
 
Last year in AWS - 2019
Last year in AWS - 2019Last year in AWS - 2019
Last year in AWS - 2019John Varghese
 
Gpu accelerated BERT deployment on aws
Gpu accelerated BERT deployment on awsGpu accelerated BERT deployment on aws
Gpu accelerated BERT deployment on awsJohn Varghese
 
EKS security best practices
EKS security best practicesEKS security best practices
EKS security best practicesJohn Varghese
 

More from John Varghese (20)

Lessons Learned From Cloud Migrations: Planning is Everything
Lessons Learned From Cloud Migrations: Planning is EverythingLessons Learned From Cloud Migrations: Planning is Everything
Lessons Learned From Cloud Migrations: Planning is Everything
 
Leveraging AWS Cloudfront & S3 Services to Deliver Static Assets of a SPA
Leveraging AWS Cloudfront & S3 Services to Deliver Static Assets of a SPALeveraging AWS Cloudfront & S3 Services to Deliver Static Assets of a SPA
Leveraging AWS Cloudfront & S3 Services to Deliver Static Assets of a SPA
 
Bridging Operations and Development With Observabilty
Bridging Operations and Development With ObservabiltyBridging Operations and Development With Observabilty
Bridging Operations and Development With Observabilty
 
Security Observability for Cloud Based Applications
Security Observability for Cloud Based ApplicationsSecurity Observability for Cloud Based Applications
Security Observability for Cloud Based Applications
 
Who Broke My Crypto
Who Broke My CryptoWho Broke My Crypto
Who Broke My Crypto
 
Building an IoT System to Protect My Lunch
Building an IoT System to Protect My LunchBuilding an IoT System to Protect My Lunch
Building an IoT System to Protect My Lunch
 
Building a Highly Secure S3 Bucket
Building a Highly Secure S3 BucketBuilding a Highly Secure S3 Bucket
Building a Highly Secure S3 Bucket
 
Reduce Amazon RDS Costs up to 50% with Proxies
Reduce Amazon RDS Costs up to 50% with ProxiesReduce Amazon RDS Costs up to 50% with Proxies
Reduce Amazon RDS Costs up to 50% with Proxies
 
Keynote - Lead the change around you
Keynote - Lead the change around youKeynote - Lead the change around you
Keynote - Lead the change around you
 
AWS Systems manager 2019
AWS Systems manager 2019AWS Systems manager 2019
AWS Systems manager 2019
 
Acd19 kubertes cluster at scale on aws at intuit
Acd19 kubertes cluster at scale on aws at intuitAcd19 kubertes cluster at scale on aws at intuit
Acd19 kubertes cluster at scale on aws at intuit
 
Emerging job trends and best practices in the aws community
Emerging job trends and best practices in the aws communityEmerging job trends and best practices in the aws community
Emerging job trends and best practices in the aws community
 
Automating security in aws with divvy cloud
Automating security in aws with divvy cloudAutomating security in aws with divvy cloud
Automating security in aws with divvy cloud
 
AWS temporary credentials challenges in prevention detection mitigation
AWS temporary credentials challenges in prevention detection mitigationAWS temporary credentials challenges in prevention detection mitigation
AWS temporary credentials challenges in prevention detection mitigation
 
Securing aws workloads with embedded application security
Securing aws workloads with embedded application securitySecuring aws workloads with embedded application security
Securing aws workloads with embedded application security
 
Of CORS thats a thing how CORS in the cloud still kills security
Of CORS thats a thing how CORS in the cloud still kills securityOf CORS thats a thing how CORS in the cloud still kills security
Of CORS thats a thing how CORS in the cloud still kills security
 
Native cloud security monitoring
Native cloud security monitoringNative cloud security monitoring
Native cloud security monitoring
 
Last year in AWS - 2019
Last year in AWS - 2019Last year in AWS - 2019
Last year in AWS - 2019
 
Gpu accelerated BERT deployment on aws
Gpu accelerated BERT deployment on awsGpu accelerated BERT deployment on aws
Gpu accelerated BERT deployment on aws
 
EKS security best practices
EKS security best practicesEKS security best practices
EKS security best practices
 

Recently uploaded

"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 

Recently uploaded (20)

"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 

AWS Transit Gateway-Benefits and Best Practices

  • 1. © 2020, Amazon Web Services, Inc. or its Affiliates. AWSTransit Gateway Benefits and Best Practices Nitin Ashok - Technical Account Manager, AWS Rodrigo Balan - Technical Account Manager, AWS
  • 2. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Agenda • Motivation for AWS Transit Gateway • Key Features and Benefits • Common Use Cases • Sample Reference Architecture • Transit Gateway Network Manager • Best Practices
  • 3. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Motivation for AWS Transit Gateway
  • 4. © 2020, Amazon Web Services, Inc. or its Affiliates. What do customers want to do? Interconnect VPCs and on-prem networks Globally scale out connectivity across regions Simplify network configuration and management
  • 5. © 2020, Amazon Web Services, Inc. or its Affiliates. What challenges are they facing? Complex point-to-point peering does not scale VPN Bandwidth limitations Monitoring and Management of routing configurations is time consuming
  • 6. © 2020, Amazon Web Services, Inc. or its Affiliates. VPN connectionCustomer gateway AmazonVPC AmazonVPC AWS Direct Connect Gateway VPC peering VPC peering VPC peering AmazonVPC AmazonVPCVPC peering VPN connection VPN connection VPC peering Before AWSTransit Gateway
  • 7. © 2020, Amazon Web Services, Inc. or its Affiliates. Before AWSTransit Gateway VPN WAN AWS Direct Connect Transit VPC Dev Prod Dev Prod Dev Prod Dev Prod Dev Prod Dev Prod
  • 8. © 2020, Amazon Web Services, Inc. or its Affiliates. Introducing AWSTransit Gateway Easily interconnect thousands of VPCs and on-premise networks On-Premise Data Center AWSVPCAWSTransit Gateway
  • 9. © 2020, Amazon Web Services, Inc. or its Affiliates. AWSTransit Gateway AmazonVPCAmazonVPC AmazonVPCAmazonVPC Customer gateway VPN connection AWS Direct Connect Gateway With AWSTransit Gateway
  • 10. © 2020, Amazon Web Services, Inc. or its Affiliates. Key Features and Benefits
  • 11. © 2020, Amazon Web Services, Inc. or its Affiliates. AWSTransit Gateway Centralized routing polices acrossVPCs and on-premises Scales to support thousands ofVPCs across multiple accounts Flexible segmentation and routing rules Horizontally scalable Increase connectivity throughput with multiple VPN connections Simplified management and network visibility PeerTransit Gateways to provide inter-region VPC connectivity AWSTransit Gateway: Key Features Route Multicast traffic betweenVPCs in the same region
  • 12. © 2020, Amazon Web Services, Inc. or its Affiliates. • Centrally interconnect multipleVPCs across accounts • One central connection point forVPN and Direct Connect • Reduce or eliminate need for peer to peer networking • IncreaseVPN throughput via ECMP routing • Peer AWSTransit Gateway across regions • Leverage the AWS Global Network for low latency cross-region connectivity • Regional construct reduces blast radius • Reduces time to configure on-premises connectivity to AWS • Easily monitor and manage from a central point • Integrated with CloudWatch andVPC Flow Logs • Leverage existingVPC security groups and network access control lists • Centrally manage the networks built aroundTransit Gateways using Transit Gateway Network Manager Simplified Networking Global Connectivity Easy Manageability AWSTransit Gateway: Benefits
  • 13. © 2020, Amazon Web Services, Inc. or its Affiliates. Common Use Cases
  • 14. © 2020, Amazon Web Services, Inc. or its Affiliates. Use Case – Interconnecting Geographically Dispersed On- Premise andVPC resources • Customer with multipleVPCs • Build applications that span a large number of VPCs • Share network services (DNS, Active Directory, Firewall, IDS) • Reduce management overhead
  • 15. © 2020, Amazon Web Services, Inc. or its Affiliates. Use Case – Edge Consolidation • Share a commonVPN or Direct Connect Gateway (DXGW) across VPCs • Reduce time to connect on-premises resources to multipleVPCs • No additional customer network changes required when adding aVPC to AWSTransit Gateway
  • 16. © 2020, Amazon Web Services, Inc. or its Affiliates. Use Case – Digital security and threat intelligence • SharedVPC hosts security tools • Web application Firewall (WAF), Data Loss Prevention (DLP), Intrusion Detection / Protection (IDS/IPS) • Scales out over native AWS Services
  • 17. © 2020, Amazon Web Services, Inc. or its Affiliates. Sample Reference Architecture
  • 18. © 2020, Amazon Web Services, Inc. or its Affiliates. Development Production Internet Outbound URL filtering NAT gateway DLP / Proxy Edge services WAF / ADC SD-WAN VPN / Firewall IDS / IPS Firewall / NGFW Inline services Shared services Authentication & Monitoring VPN Direct Connect Account Account Account Account Administrative accounts (logging, AWS Organizations, billing, landing zone) IAM, Cross-account roles Route tables Route tables Transit Gateway East-West + North-South AWSTransit Gateway Reference Architecture Testing VPC VPC VPC VPC VPC VPC VPC
  • 19. © 2020, Amazon Web Services, Inc. or its Affiliates. Transit Gateway Network Manager
  • 20. © 2020, Amazon Web Services, Inc. or its Affiliates. AWSTransit Gateway: Network Manager Benefits ofTransit Gateway Network Manager • Centralize management and monitoring of networking resources and connections to remote branch offices • Define, visualize and manage networks globally • Use Route Analyzer to verify routing configurations • Integrate with third party SD-WAN solutions including Cisco, Aruba, Silver Peak and Aviatrix • No additional fees for usingTransit Gateway Network Manager
  • 21. © 2020, Amazon Web Services, Inc. or its Affiliates. Best Practices
  • 22. © 2020, Amazon Web Services, Inc. or its Affiliates. Best Practices: Migrate fromTransitVPC to AWSTransit Gateway TGW MigratorTool: • Provides a seamless migration path from the transitVPC solution to AWSTransit Gateway. Prerequisites: • TheVPCs cannot have overlapping CIDRs • You cannot have identical routes pointing to two differentVPCs • Verify that you have permissions required to work with transit gateways
  • 23. © 2020, Amazon Web Services, Inc. or its Affiliates. Best Practices: AWSTransit gateway design best practices – Part 1 • Limit the number of transit gateway route tables unless your design requires multiple transit gateway route tables • You do not need additional transit gateways for high availability, because transit gateways are highly available by design • Enable route propagation forAWS Direct Connect gateway attachments and BGP Site-to-SiteVPN attachments • Use Border Gateway Protocol (BGP) Site-to-SiteVPN connections. If your customer gateway device or firewall for the connection supports multipath, enable the feature
  • 24. © 2020, Amazon Web Services, Inc. or its Affiliates. Best Practices: AWSTransit gateway design best practices – Part 2 • Use a separate subnet for each transit gatewayVPC attachment • Create one network ACL and associate it with all of the subnets that are associated with the transit gateway • Associate the sameVPC route table with all of the subnets that are associated with the transit gateway • For multiple Region deployments, we recommend that you use a unique Autonomous System Number (Amazon-side ASN) for each of your transit gateways
  • 25. © 2020, Amazon Web Services, Inc. or its Affiliates. Further reading (blog post) • Zendesk’s Global Mesh Network: How we lowered operational overhead and cost by migrating to AWS Transit Gateway • Working with Route Tables in AWS Transit Gateway • Scaling VPN throughput using AWS Transit Gateway • Automating AWS Transit Gateway attachments to a transit gateway in a central account • Advanced Troubleshooting with AWS Transit Gateway Network Manager Route Analyzer • Migrate from Transit VPC to AWS Transit Gateway

Editor's Notes

  1. Monitoring: Use Amazon CloudWatch metrics and events to monitor your networks Respond to connectivity issues: Network Manager provides you with event notifications from a single interface so that you can get a global view of what is happening on your network. You can identify and troubleshoot network problems faster than if you received the information from different tools. Global view – See network activity in many locations from one single dashboard. You can compare activity and identify inconsistencies between on-premises locations and the AWS cloud, or issues that affect several locations differently. Route Analyzer: Verify that the transit gateway route table configuration will work as expected before you start sending traffic. Validate your existing route configuration. Diagnose route-related issues that are causing traffic disruption in your global network. SD-WAN: Automatically create AWS Site-to-Site VPN connections using SD-WAN management consoles