Building a VPC Transit Gateway between VPCs using Terraform!

Journey: 📊 Community Builder 📊

Subject matter: Building on AWS

Task: Building a VPC Transit Gateway between VPCs using Terraform!

This project practices Automation.

Using the 6 Pillars of the AWS Well-Architected Framework, Operational Excellence will be achieved in this build.

I am not a programmer and historically over my 15-year IT career I have never really needed to write code. However, I like working with Infrastructure as Code [IaC] as it is a way of working as efficiently as possible when operating at scale.

Working with IaC also limits human configuration errors and creates consistent builds.

This week, I built a VPC Transit Gateway between VPCs using Terraform!

AWS Transit Gateway is a networking service that uses a hub-and-spoke model to connect VPCs together and simplifies network infrastructure management. It acts as a central hub for all VPCs to connect and communicate through.

This type of Gateway can be used to secure communication between VPCs and also on-premises networks. Furthermore, network traffic is encrypted automatically at the physical layer.

Resource credit: This IaC architecture was created using guidance from Chinmay Tonape on Dev.to Here.

What did I use to build this environment?

• Visual Studio Code platform
• Terraform
• AWS CLI

What is built?

• An AWS Transit Gateway
• AWS Transit Gateway Attachments
• Multiple VPCs
• Custom Route Tables
• Security Groups
• Internet Gateway
• EC2 instances
• Multiple web front ends

More information on Transit Gateways: https://docs.aws.amazon.com/vpc/latest/tgw/how-transit-gateways-work.html

In this task, I used Terraform to create three VPCs with non-overlapping CIDR ranges. I hosted one EC2 instance in each VPC and then deployed a Transit Gateway with routes between the VPCs and the Transit Gateway.

I ran into issues with missing key pairs, which I will document under a Troubleshooting article later.

Once I had overcome the problem, I used Terraform to deploy the entire environment and waited for it all to come online.

I was then able to use EC2 Instance Connect to test communication between the EC2 instances using a standard ping command successfully! I was also able to navigate to the website front end that was hosted on each EC2 instance. When the website loaded, it provided metadata information about the host VPC and host instance.

After documenting the steps and taking screenshots of everything I then used Terraform to tear down the environment, which is significantly faster than doing it manually!

Some of the highlights…

Terraform build:

Build complete:

VPC A:

VPC B:

VPC C:

Internet Gateway:

Subnets:

Transit Gateway:

Transit Gateway Attachments:

Transit Gateway Route Table:

EC2 Instances:

NB. I am aware that all instances are in the same AZ, this is something I could look at altering to ensure high availability and reliability is met by splitting each EC2 instance into its own AZ in future.

VPC A Route Table:

VPC B Route Table:

VPC C Route Table:

VPC A EC2 Instance pinging VPC B and VPC C EC2 instances:

VPC A EC2 Instance Website:

VPC B EC2 Instance pinging VPC A and VPC C EC2 instances:

VPC B EC2 Instance Website:

VPC C EC2 Instance pinging VPC A and VPC B EC2 instances:

VPC B EC2 Instance Website:

Cleanup:

My interpretation of the architecture:

I hope you have enjoyed the article!