AWS Learner

AWS PrivateLink & AWS Transit Gateway

Utkarsh Rastogi's photo
Utkarsh Rastogi
·

3 min read

Table of contents

Amazon VPC Concepts Learning --> Day5

Your own AWS service, services hosted by other AWS accounts, and third-party services on the AWS Marketplace and AWS Supported Services may all be securely linked to your VPCs using AWS PrivateLink. You are no longer in need of an Internet gateway, NAT device, public IP address, or VPN connection in order to communicate with any of these services because the communication between your VPC and these services stays within the Amazon network.

The following are important concepts to understand as you get started using AWS PrivateLink.

  • Architecture diagram

  • Service providers

  • Service consumers

  • AWS PrivateLink connections

  • Private hosted zones

Architecture diagram

A high-level overview of AWS Private Link’s operation is given in diagram. To connect to endpoint services hosted by service providers, service consumers construct interface VPC endpoints.

Service providers

Service provider is the owner of the service. AWS, AWS Partners, and other AWS accounts are examples of service provider. Service provider can host their services: using on-premises server or AWS Services by EC2 instances.

Service consumers

A service's user is also known as a service consumer. Service users can use on-premises servers or AWS resources like EC2 instances to access endpoint services.

AWS PrivateLink Connections

A connection between the VPC endpoint and the endpoint service is used to send traffic from your VPC to the endpoint service. Without going through the public internet, traffic between a VPC endpoint and an endpoint service remains inside the AWS network.

Private hosted zones

DNS records that specify how to route traffic for a domain or subdomain are stored in a hosted zone. The records outline the internet traffic routing for a public hosted zone. The records for a private hosted zone define the traffic routing within your VPCs

AWS Transit Gateway

  • Your on-premises networks and Amazon Virtual Private Clouds (VPCs) are connected via AWS Transit Gateway through central hub.

  • As your cloud infrastructure expands globally, inter-Region peering connects transit gateways together using the AWS Global Infrastructure.

  • Automatic physical layer encryption is applied to all network traffic between AWS data centers.

  • Transit Gateway functions as an extremely scalable cloud router—it establishes connections just once.

  • When using a transit gateway for routing, packets are routed at layer 3, where they are assigned to a particular next-hop attachment according to their destination IP addresses.

Use Cases for Transit Gateway

  • Centralized router- Your transit gateway may be set up to function as a single, centralized router that links your Site-to-Site VPN connections, AWS Direct Connect, and VPCs together.

  • Isolated VPCs - Your transit gateway can be set up as several separate, independent routers. Like employing numerous transit gateways, this offers greater flexibility if the attachments and routes alter.

  • Isolated VPCs with shared service - Your transit gateway can be set up as several separate, separated routers that share a service. Like employing numerous transit gateways, this offers greater flexibility if the attachments and routes alter.

Transit Gateway Limitations

awslearner.hashnode.dev/amazon-web-services-via-category

AWSAWSBeginnervpcVpc basics