AWS Virtual Private Cloud (VPC) is the fundamental component of your AWS network that provides logical isolation to your AWS resources. Multiple VPCs can be connected with each other across Availability Zones, Regions and even different AWS accounts.
VPC peering
AWS allows you to connect two VPCs to be able to access private subnets of both VPC with each other. For inter-region connectivity, AWS leverages its global backbone so that the traffic does not flow over the public internet. As the number of VPCs grows, it becomes a complex solution as VPC peering only allows a connection between two VPCs at once and does not support transitive peering relationships, for example, you will require 6 AWS VPC peering connections to connect 4 VPCs with each other.
AWS Transit Gateway
AWS Transit Gateway is a regional network hub that supports multiple attachment types like AWS VPC, VPN, Direct connect, etc. Each attachment can access resources behind all other connections in the same gateway.
VPN
AWS supports multiple types of VPN connectivity options, as follows:
- Software Site-to-Site VPN – You can deploy software appliance VPN instances at both ends and manage the VPN connectivity entirely by yourself including HA solutions.
- Software VPN-to-AWS Managed VPN – You can deploy a software appliance VPN instance at one end and manage the HA solution for it, while AWS manages the other end.
- AWS Managed VPN – Fully managed VPN solution by AWS.
AWS PrivateLink
AWS allows you to create interface endpoints using private IP addresses inside your subnet. The endpoints can be used to connect to a few AWS services like S3, DynamoDB. They can also be used to connect to services hosted by other AWS accounts.
Subnet sharing
AWS Resource Access Manager service allows you to share your AWS resources across different AWS accounts. You can connect multiple AWS accounts owned by you using AWS Organizations service. You can create an AWS VPC with multiple subnets in the parent account and share the subnets with other accounts you own. You can then create and manage AWS resources like EC2 instances, Load Balancer, Databases, etc in these subnets.
Conclusion
AWS Transit Gateway is an excellent way to connect multiple VPCs and on-premise networks. You can manage your entire network plan under a centralized service thus reducing your operational overhead. You could also use Subnet sharing to segregate network management responsibility in a single AWS account.