This repository contains Terraform code examples for deploying AWS network architectures for testing and learning purposes.
This lab deploys a single-region transit gateway hub and spoke topology. The lab demonstrates traffic routing patterns, hybrid DNS resolution, and PrivateLink access to IaaS and PaaS services.
The Virtual Private Cloud (VPC) network, hub1 is a central hub network that hosts shared services for all spokes in the region. Shared services include private DNS, firewall, tooling and other resources. hub1 connects to a transit gateway, tgw1 which provides transit connectivity for on-premises and cross-region traffic.
Spoke1 and spoke2 connect to tgw1 using transit gateway VPC attachments. Spoke3 is not connected to the transit gateway but is reachable via a PrivateLink endpoint in the hub.
Branch1 is an on-premises network simulated using a VPC. A multi-NIC Linux NVA appliance connects to the transit gateway using IPsec VPN connections with dynamic (BGP) routing. The branches connect to each other via inter-regional transit gateway peering.
This lab deploys a dual-region transit gateway hub and spoke topology. The lab demonstrates multi-region traffic routing patterns, hybrid DNS resolution, and PrivateLink access to IaaS and PaaS services.
The Virtual Private Cloud (VPC) networks, hub1 and hub2, are central hub networks that host shared services for all spokes in a region. Shared services include private DNS, firewall, tooling and other resources. hub1 and hub2 connect to their respective transit gateways, tgw1 and tgw2.
Spoke1 and spoke2 connect to tgw1 using transit gateway VPC attachments. Similarly, Spoke4 and spoke5 connect to tgw2 using attachments. Spoke3 and spoke6 are not connected to the transit gateways but are reachable via PrivateLink endpoints in the hubs.
Branch1 and branch3 are on-premises networks simulated using VPCs. Multi-NIC Linux NVA appliances connect to the transit gateways using IPsec VPN connections with dynamic (BGP) routing. The branches connect to each other via inter-regional transit gateway peering.