AWS Transit Gateway Network Manager

Overview

In last post, we discussed AWS transit gateway and service-linked role. In this article, I plan to explore more about AWS network manager.

System Diagram

We will skip the steps for setting up VPC and transit gateway, you may refer to my last post for more detail.

Install Lab Environment

CloudWatch

Amazon VPC publishes data points to Amazon CloudWatch for your transit gateways and transit gateway attachments. CloudWatch enables you to retrieve statistics about those data points as an ordered set of time series data, known as metrics.

Work with Network Manager

Validation

Create Amazon Linux EC2 instances in both regions, install and start nginx. In case you want to customize index page, go to /usr/share/nginx/html to update index page.

sudo amazon-linux-extras install nginx1
sudo systemctl start nginx
curl http://172.31.42.15

Interpret Flow Log

I created flow log using default format, now let’s inspect the log entry.

2 <aws account #> eni-045091a4de2812c32 172.31.36.202 172.31.42.15 46358 80 6 6 396 1625867134 1625867135 ACCEPT OK
  • version 2 log
  • source IP is 172.31.36.202, source port is 46358
  • destination is 172.31.42.15 (IP address for our US West 2 region EC2), source port is 80
  • protocol is TCP (number 6 stands for TCP)
  • 6 — packets, 396 — bytes
  • Start — Unix seconds 1625867134, end — Unix seconds 1625867135

Conclusion

To simplify network operations and administration, AWS Transit Gateway Network Manager provides a centralized and consistent user experience.

  • Topology changes
  • Routing updates
  • Status updates

References

Transit gateway design best practices — Amazon Virtual Private Cloud

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Cloud Journey

Cloud Journey

All blogs are strictly personal and do not reflect the views of my employer, focus on cloud networking, cloud security and API security.