Key Concepts
Transit Gateway is a centralized network hub that allows easy and flexible connection of multiple Virtual Private Clouds (VPCs) and on-premises networks. It supports Multi-AZ (Multiple Availability Zones), a key technology that improves the fault tolerance and availability of applications, enabling disaster recovery and enhancing the overall system availability.
Transit gateway attachment
An attachment refers to the origin/destination of packets in the transit gateway, allowing the selection of Subnets per AZ within a VPC to configure the system's Multi-AZ high availability. Create a transit gateway attachment and connect it to the route table (Association) to centrally control traffic.
Route table
You can control the flow of traffic for resources by connecting VPCs, VPNs, and Direct Connect through the independent route table of the transit gateway. Route Tables can be centrally organized or configured in a simplified manner for various architectures of large-scale networks, such as isolated VPCs.
IAM-based role management
The role management of the transit gateway service follows IAM role-based access control (RBAC).
Access permissions
Project Members and Project Readers cannot access the transit gateway list, and only Project Admin has access and control capabilities.
| Category | Project Admin | Project Member | Project Reader |
|---|---|---|---|
| Create transit gateway | ✓ | ||
| View transit gateway | ✓ | ||
| Configure transit gateway | ✓ | ||
| Delete transit gateway | ✓ |
Attachment access permissions
Project Members and Project Readers cannot access the attachment list, and only Project Admin has access and control capabilities.
| Category | Project Admin | Project Member | Project Reader |
|---|---|---|---|
| Create attachment | ✓ | ||
| View attachment | ✓ | ||
| Configure attachment | ✓ | ||
| Approve attachment | ✓ | ||
| Delete attachment | ✓ |
Route table access permissions
Project Members and Project Readers cannot access the route table list, and only Project Admin has access and control capabilities.
| Category | Project Admin | Project Member | Project Reader |
|---|---|---|---|
| Create route table | ✓ | ||
| View route table | ✓ | ||
| Configure route table | ✓ | ||
| Delete route table | ✓ |