A sandbox testing out various VPC configurations
- VPC peering
- PrivateLink
- Transit Gateway
- Transit Gateway Custom
- more complex routing setup
- Transit Gateway Centralized NAT GW
- centralize NAT Gateways (e.g., for cost savings)
- Transit Gateway Centralized East-West FW
- centralized firewall appliance for east-west cross-VPC traffic
- Transit Gateway Centralized East-West Network Firewall
- AWS Network Firewall inspecting east-west VPC traffic in TGW
- Transit Gateway AZ alignment tests
- testing conditions where VPCs may not have all AZes aligned
-
TGW Attachments
- Types:
- VPC - Linked to a single VPC
- VPN - Linked to a Customer Gateway (internet-routable IP for on-prem device)
- Peering Connection - Linked to another TGW, possibly in a different region/account
- Connect - Linked to 3rd party virtual appliance (SD-WAN)
- Types:
-
Route Table Propagation
- Allows TGW-A (e.g., VPC) to propagate routes from itself to TGW Route Table
-
VPC 1-* VPC Attachment
-
TGW Attachment 1-1 TGW Route Table association
- TGW-A can only be associated to one route table
-
VPC can be attached up to once to a particular TGW
I ran into an issue where pfSense would get stuck in initializing on first boot. System logs showed it auto-reboot for no clear reason. I ended up terminating and relaunching 3 times until it was stable (same configuration). Not very satisfying.
- cross-region TGW
- VPN TGW Attachment
- network firewall with ingress filtering, using IGW routes