# "Building a Scalable AWS Network Architecture with Transit Gateway" > 🚀 In this blog, we’ll walk through how to connect multiple Amazon VPCs using **AWS Transit Gateway**, allowing EC2 instances in different VPCs to communicate with each other. This is useful in scenarios where you need scalable, centralized connectivity across multiple VPCs. ## 📌 Task Breakdown > Here's what we are going to do: 1. Create 3 different VPCs in the same region 2. Launch 1 EC2 instance in each VPC 3. Create a Transit Gateway 4. Attach all 3 VPCs to the Transit Gateway 5. Update route tables and security groups 6. Test connectivity between EC2 instances ## 🛠️ Step 1: Create 3 VPCs in the Same Region We’ll create 3 VPCs with non-overlapping CIDR ranges. ### Actions: * Go to **VPC Dashboard > Create VPC** * Select **VPC only** option * Create VPCs with following CIDRs: * VPC-1: `10.1.0.0/16` * VPC-2: `10.2.0.0/16` * VPC-3: `10.3.0.0/16` * Enable DNS Hostnames Repeat the above step for all 3 VPCs. ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1752745813950/c3f03ac4-2192-4ee3-b01b-75db2780e48b.png align="center") ## 🧱 Step 2 : - Create Subnets for Each VPC ### 🔹 Subnet Creation for VPC-1 1. Go to: **VPC Dashboard > Subnets > Create Subnet** 2. Fill the details: * **Name tag**: `Sub1` * **VPC**: Select `VPC-1` * **Availability Zone**: e.g., `ap-south-1a` * **IPv4 CIDR block**: `10.1.0.0/24` 3. Click **Create Subnet** Repeat same for: ### 🔹 VPC-2: * Name tag: `Sub2` * VPC: `VPC-2` * AZ: `ap-south-1a` * CIDR: `10.1.2.0/24` ### 🔹 VPC-3: * Name tag: `Sub3` * VPC: `VPC-3` * AZ: `ap-south-1a` * CIDR: `0.1.3.0/24` ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1752746154859/e95aa3b5-9129-4399-a224-8fbb165ab2fc.png align="center") ## 🚀 Step 3: Launch EC2 Instances and Configure Subnets In this step, I launched **three EC2 instances** and mapped them according to the subnets we created earlier. ### 🔹 Instance Configuration Summary: | Instance | Subnet Type | Public IP Auto-Assign | Purpose | | --- | --- | --- | --- | | EC2-1 | Public Subnet | Enabled | Acts as Public Server | | EC2-2 | Private Subnet 1 | Disabled | Backend/Private | | EC2-3 | Private Subnet 2 | Disabled | Backend/Private | ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1752746516626/1e72f510-d869-4b07-8cf6-3439b938ca4f.png align="center") ## 🚏 Step 4: Create and Attach Transit Gateway To enable communication between multiple VPCs, I created a **Transit Gateway (TGW)** and attached it to all three VPCs. ### 🔧 Steps Performed: 1. **Created a Transit Gateway** from the VPC Dashboard. 2. Attached the **Transit Gateway** to the following VPCs: * **VPC-1** (contains the public EC2 instance) * **VPC-2** (contains private EC2 instance) * **VPC-3** (contains another private EC2 instance) 3. This setup allows **centralized routing** and enables communication between all EC2 instances across VPCs via the Transit Gateway. > I used this method to avoid the complexity of VPC Peering and simplify inter-VPC networking. ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1752746692135/463b7306-06c4-4f62-8468-cf7005749279.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1752746742899/2d656905-cb85-46d9-8729-3b49cbeb89db.png align="center") ## 🌐 Step 5: Making VPC-1 Public using Internet Gateway To allow internet access for the EC2 instance in **VPC-1**, I made one of its subnets public by attaching an **Internet Gateway** (IGW). ### 🔧 Steps Performed: 1. Created an **Internet Gateway (IGW)**. 2. Attached the **IGW** to **VPC-1**. 3. In the route table of VPC-1, associated **only Subnet-1** (which contains the public EC2 instance). 4. Added a route in the route table with: * **Destination:** `0.0.0.0/0` * **Target:** Internet Gateway > With this setup, only Subnet-11 has internet access, keeping other subnets private. ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1752746847514/0602bc89-6bda-489e-bd03-a22965a551d9.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1752746878423/c5ba6ab4-36d6-4f27-b23c-373478960df7.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1752746936834/c31485a1-d646-4373-88a7-66363c9dc8c2.png align="center") ## 🔁 Step 6: Configuring Route Tables for Inter-VPC Communication via Transit Gateway To enable communication between the three VPCs using the Transit Gateway (TGW), I updated each VPC’s route table as follows: ### 🛣️ VPC-1 Route Table: * **Destination:** CIDR of VPC-2 → **Target:** Transit Gateway * **Destination:** CIDR of VPC-3 → **Target:** Transit Gateway ### 🛣️ VPC-2 Route Table: * **Destination:** CIDR of VPC-1 → **Target:** Transit Gateway * **Destination:** CIDR of VPC-3 → **Target:** Transit Gateway ### 🛣️ VPC-3 Route Table: * **Destination:** CIDR of VPC-1 → **Target:** Transit Gateway * **Destination:** CIDR of VPC-2 → **Target:** Transit Gateway > 📌 *Note:* I used each VPC’s CIDR block (e.g., `10.1.0.0/16`, `10.2.0.0/16`, `10.3.0.0/16`) as the destination in the respective route tables. ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1752747119593/f82f1f5e-4a0b-4eb9-8c5d-903bd5d974db.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1752747128847/1316f1af-c588-409b-9cf4-8b48a041e3d2.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1752747138476/bbfb603e-8d4c-4502-bb5b-6f1d45cbd9c1.png align="center") ## 🔒 Step 7: Updating Security Groups to Allow All Traffic (For Testing Only) To ensure temporary connectivity between EC2 instances across VPC-1, VPC-2, and VPC-3 during Transit Gateway testing, I updated the **Security Groups (SGs)** as follows: * **Inbound Rules:** * Type: **All Traffic** * Protocol: All * Port Range: All * Source: `0.0.0.0/0` or respective VPC CIDR blocks * **Outbound Rules:** * Type: **All Traffic** * Protocol: All * Port Range: All * Destination: `0.0.0.0/0` or respective VPC CIDR blocks > ⚠️ **Note:** > Allowing **All Traffic** (0.0.0.0/0) is **not recommended for production environments**. > This is done here **only for understanding and testing purposes**. > In real-world setups, always apply **principle of least privilege** for better security. ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1752747258897/99ef6b29-8830-44bb-a322-8b90f9e0268f.png align="center") ### ✅ Final Step: Ping Test for Verification * Finally, I logged into **EC2-1 (Public Server in VPC-1)** and pinged the **private IPs** of **EC2-2 (Private Server in VPC-2)** and **EC2-3 (Private Server in VPC-3)**. * The **ping was successful**, which confirms that communication between all VPCs is properly set up through the **Transit Gateway**. ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1752747440374/4a8802e0-06f7-406e-a2b4-9dc85bb118f8.png align="center") > 🔒 **Note:** > Allowing *All Traffic* in the Security Group was done **only for testing and learning purposes**. > This is **not a recommended practice** in production. Always apply **least privilege** security rules. ## ✅ Final Wrap-Up: Transit Gateway Task In this quick networking task, I configured **3 separate VPCs** and successfully connected them using a **single Transit Gateway**. Key highlights: * **VPC-1** was made public via an **Internet Gateway** and a public subnet. * Proper **route tables** were updated in all VPCs to route traffic through the **Transit Gateway**. * **Security Groups** were temporarily set to allow **all traffic** for testing (⚠️ Not recommended for production). * Finally, from the **public EC2 in VPC-1**, I was able to **ping the private EC2 instances** in VPC-2 and VPC-3. ✔️ **Result:** Smooth inter-VPC communication confirmed via Transit Gateway setup. ## **👨‍💻 About the Author** ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1751797710818/123a7231-3dca-4273-ad68-7bd026f69b95.png?auto=compress,format&format=webp&auto=compress,format&format=webp align="left") This series isn't just about using AWS; it's about **mastering the core services that power modern cloud infrastructure**. --- ### 📬 Let's Stay Connected * 📧 **Email**: [**gujjarapurv181@gmail.com**](mailto:gujjarapurv181@gmail.com) * 🐙 **GitHub**: [**github.com/ApurvGujjar07**](http://github.com/ApurvGujjar07) * 💼 **LinkedIn**: [**linkedin.com/in/apurv-gujjar**](http://linkedin.com/in/apurv-gujjar)