main concepts
Transit Gateway is a centralized network transmission hub that allows easy and flexible connections between multiple Virtual Private Clouds (VPCs) and on-premises networks. It supports multi-AZ functionality, a key technology that improves the fault tolerance and availability of applications, enabling disaster recovery (DR) and increasing the overall system availability.
Attachment
An attachment refers to the packet source/destination of a Transit Gateway. You can select subnets within availability zones in the VPC to configure multi-AZ high availability, improving system resilience. By creating a Transit Gateway attachment and associating it with a routing table, you can centrally control the traffic flow.
Route table
The Transit Gateway has its own independent route table, where you can control the traffic flow of resources by connecting VPCs, VPNs, and Direct Connect. Routing tables can be centrally configured or simplified for large-scale networks such as isolated VPCs, streamlining various architectures.
IAM-based role management
The role management of the Transit Gateway service follows IAM-based role-based access control (RBAC).
Transit Gateway access permissions
Project members (Member) and Project Readers do not have access to the Transit Gateway list, and only Project Admin can access and control it.
| Field | Project Admin | Project Member | Project Reader |
|---|---|---|---|
| Create Transit Gateway | ✓ | ||
| View Transit Gateway | ✓ | ||
| Modify Transit Gateway | ✓ | ||
| Delete Transit Gateway | ✓ |
Attachment access permissions
Project members (Member) and Project Readers do not have access to the Attachment list, and only Project Admin can access and control it.
| Field | Project Admin | Project Member | Project Reader |
|---|---|---|---|
| Create Attachment | ✓ | ||
| View Attachment | ✓ | ||
| Modify Attachment | ✓ | ||
| Approve Attachment | ✓ | ||
| Delete Attachment | ✓ |
Route table access permissions
Project members (Member) and Project Readers do not have access to the route table list, and only Project Admin can access and control it.
| Field | Project Admin | Project Member | Project Reader |
|---|---|---|---|
| Create Route Table | ✓ | ||
| View Route Table | ✓ | ||
| Modify Route Table | ✓ | ||
| Delete Route Table | ✓ |