📋 AWS Transit Gateway Cheat Sheet

Quick-reference for Transit Gateway architecture, route tables, attachments, peering, inspection, and multi-region patterns.

Core Concepts

  • Regional resource — one TGW per region, inter-region peering for cross-region
  • Attachments: VPC, VPN, Direct Connect Gateway, peering, Connect
  • Route tables: associate attachments, propagate routes, static routes
  • Default: all attachments share one route table (full mesh)

Route Table Isolation

  • Create separate route tables for segmentation (prod/dev/shared)
  • Associate attachment to one route table (determines outbound routing)
  • Propagate: attachment advertises its routes to specified route tables
  • Blackhole routes: drop traffic to specific CIDRs

Inspection Architecture

  • Centralized inspection VPC with Network Firewall or 3rd-party appliance
  • Spoke route tables: default route (0.0.0.0/0) → inspection VPC attachment
  • Inspection route table: routes to spoke VPCs
  • Appliance mode: ensures symmetric routing through inspection ENIs

Inter-Region Peering

  • TGW peering between regions (not transitive between peered TGWs)
  • Static routes required (no route propagation over peering)
  • Bandwidth: up to 50 Gbps per peering attachment
  • Use for multi-region hub-and-spoke architectures

Practice Transit Gateway Questions

Put your knowledge to the test with practice questions.

Transit Gateway Questions →Full ANS-C01 Quiz

More ANS-C01 Cheat Sheets

📋AWS VPC Design Cheat Sheet📋AWS Direct Connect Cheat Sheet📋Route 53 & Hybrid DNS Cheat Sheet📋Network Security Cheat Sheet📋Network Performance Optimization Cheat Sheet
← ANS-C01 Study HubFree Mock Exam7-Day Study Plan